--- title: CVE Lookup Tool emoji: 🔍 colorFrom: red colorTo: yellow sdk: gradio sdk_version: 5.50.0 python_version: '3.10' app_file: app.py pinned: false license: apache-2.0 tags: - cybersecurity - cve - vulnerabilities - security-tools - pentest - SOC - threat-intelligence datasets: - AYI-NEDJIMI/cve-top100-fr - AYI-NEDJIMI/cve-top100-en --- # CVE Lookup Tool A practical, daily-use CVE lookup tool designed for security professionals, ethical hackers, and security operations teams. ## Features ### Search Capabilities - **CVE ID Search**: Quickly find specific vulnerabilities by CVE ID (e.g., CVE-2021-44228) - **Keyword Search**: Search by vulnerability name or affected product (e.g., "log4j", "apache") - **Built-in Database**: 50 most critical CVEs embedded for instant results - **NVD API Integration**: Real-time data from the National Vulnerability Database ### Display Features - **CVSS Score with Color Coding**: - Red (9.0-10.0): Critical - Orange (7.0-8.9): High - Yellow (4.0-6.9): Medium - Green (0-3.9): Low - **Severity Badges**: Visual indicators for vulnerability severity - **Detailed Information**: CVE ID, description, CVSS score, severity, affected products, publication date - **Multi-language Support**: English and French interface ### Three Main Tabs 1. **Search CVE Tab** - Real-time search against NVD API and built-in database - Comprehensive result display with all vulnerability details - Sources indicated (NVD API or Built-in Database) 2. **Top CVEs Tab** - Sortable table of 50 most critical vulnerabilities - Color-coded CVSS scores for quick visual assessment - Includes famous CVEs: Log4Shell, EternalBlue, ProxyLogon, Spring4Shell, etc. 3. **Statistics Tab** - CVEs grouped by publication year - CVEs grouped by severity level - Summary statistics (total, critical, high, medium, low counts) - Interactive charts powered by Plotly ## Built-in CVE Database The tool includes a curated database of 50 most critical CVEs including: - **Log4Shell** (CVE-2021-44228) - CVSS 10.0 - **EternalBlue** (CVE-2017-5645) - CVSS 9.8 - **ProxyLogon** (CVE-2021-27065) - CVSS 9.8 - **ProxyShell** (CVE-2021-34473) - CVSS 9.8 - **PrintNightmare** (CVE-2021-1732) - CVSS 8.8 - **Heartbleed** (CVE-2014-0160) - CVSS 7.5 - **Shellshock** (CVE-2014-6271) - CVSS 9.8 - **ZeroLogon** (CVE-2020-1938) - CVSS 10.0 - **Spring4Shell** (CVE-2022-22965) - CVSS 9.8 - **Citrix Bleed** (CVE-2021-44207) - CVSS 9.8 - And 40+ more critical vulnerabilities ## Use Cases - **SOC Teams**: Quick vulnerability identification and prioritization - **Penetration Testers**: Research vulnerability details before testing - **Security Analysts**: Monitor and track critical CVE releases - **Risk Managers**: Assess organizational exposure to known vulnerabilities - **DevOps/IT**: Check affected products and versions in infrastructure ## Technical Details ### Technologies Used - **Gradio**: Interactive web interface - **Pandas**: Data manipulation and table display - **Plotly**: Interactive charts and statistics - **Requests**: NVD API integration - **Python**: Backend logic ### API Integration - **NVD API**: https://services.nvd.nist.gov/rest/json/cves/2.0 - Real-time vulnerability data from NIST - Automatic fallback to built-in database if API is unavailable ## Disclaimer This tool is intended for authorized security professionals, ethical hackers, and legitimate security research. Users must ensure compliance with applicable laws and regulations when using this tool for vulnerability research and testing. ## Author Created by **ayinedjimi-consultants.fr** - Your trusted cybersecurity partner ## License Apache License 2.0 --- **For more security tools and resources**, visit [ayinedjimi-consultants.fr](https://ayinedjimi-consultants.fr)