VDB Command Reference

The vdb subcommand provides access to the Vulnetix Vulnerability Database (VDB) API, offering comprehensive vulnerability intelligence from multiple authoritative sources.

Table of Contents

• Overview
• Authentication
• Supported Identifier Formats
• CLI Commands
  • vdb vuln
  • vdb ecosystems
  • vdb product
  • vdb vulns
  • vdb spec
  • vdb exploits
  • vdb exploits search
  • vdb exploits sources
  • vdb exploits types
  • vdb fixes
  • vdb fixes distributions
  • vdb timeline
  • vdb versions
  • vdb gcve
  • vdb gcve issuances
  • vdb purl
  • vdb ids
  • vdb search
  • vdb sources
  • vdb metrics
  • vdb metrics types
  • vdb status
  • vdb summary
  • vdb packages search
  • vdb ecosystem package
  • vdb ecosystem group
  • vdb eol product
  • vdb eol package
  • vdb kev list
  • vdb kev get
  • vdb kev download
  • vdb kev reasons
  • vdb attack-techniques get
  • vdb attack-techniques list
  • vdb snort-rules get
  • vdb snort-rules list
  • vdb yara-rules get
  • vdb yara-rules list
  • vdb exploits archived
  • vdb exploits poc
  • vdb exploits download
  • vdb iocs get
  • vdb iocs list
  • vdb sightings
  • vdb vex get
  • vdb vex list
  • vdb triage
  • vdb raw sources
  • vdb raw get
  • vdb nuclei get
  • vdb kev sources
  • vdb msrc patch-tuesdays
  • vdb msrc patch-tuesday
  • vdb vendor-trends
  • vdb exploit-trends
  • vdb ai-discoveries
  • vdb ai-assisted-exploits
  • vdb ai-in-wild
  • vdb ai-malware
• V2 Commands
• Output Management
  • Output Formats
  • JSON Formatting Options
  • Saving Output to a File
  • Separating Output and Logs
• Examples
• Rate Limiting

Overview

Migration note — API v2 is now the default. Previous releases of the CLI defaulted to -V v1; current releases default to v2 (the richer surface that includes timelines, scorecards, KEV merging, fixes-in-parallel, and the tree-sitter reachability queries). Pass -V v1 only if you specifically need the legacy surface — v1 is retained for backwards compatibility and will be removed in a future release. Examples in this document that still show -V v2 are correct but redundant; the flag can be omitted.

The VDB API aggregates vulnerability data from:

• Primary Sources: MITRE CVE, NIST NVD, CISA KEV
• Enhanced Intelligence: VulnCheck KEV/NVD++/XDB, CrowdSec
• Ecosystem Sources: GitHub Security Advisories, OSV, EUVD
• Risk Scoring: FIRST EPSS, Coalition CESS

Authentication

Recommended: vulnetix auth login

vulnetix auth login    # interactive setup — saves to ~/.vulnetix/credentials.json

Environment Variables

Direct API Key (recommended):

export VULNETIX_ORG_ID="your-organization-uuid"
export VULNETIX_API_KEY="your-api-key-hex"

SigV4:

export VVD_ORG="your-organization-uuid"
export VVD_SECRET="your-secret-key"

Configuration File

Create ~/.vulnetix/credentials.json:

{
  "org_id": "your-organization-uuid",
  "api_key": "your-api-key-hex",
  "method": "apikey"
}

Command-Line Flags

# Direct API Key
vulnetix vdb ecosystems --org-id "your-uuid" --api-key "your-key"

# SigV4
vulnetix vdb ecosystems --org-id "your-uuid" --secret "your-secret"

Credential Precedence

1. Command-line flags (--org-id + --api-key or --secret)
2. Environment variables: VULNETIX_API_KEY + VULNETIX_ORG_ID
3. Environment variables: VVD_ORG + VVD_SECRET
4. Project file: .vulnetix/credentials.json
5. Home file: ~/.vulnetix/credentials.json

Obtaining Credentials

1. Via Demo Request: Visit https://www.vulnetix.com and complete the demo request form
2. Via Email: Send a request to sales@vulnetix.com with subject “VDB API Access Request”

Supported Identifier Formats

The VDB accepts 78+ vulnerability identifier formats. You are not limited to CVE — any command that takes a <vuln-id> accepts any of these:

Core & Ecosystem

Vendor & Research

Linux Distribution Advisories

See vulnetix vdb spec for the complete OpenAPI specification and the full list of accepted identifier patterns.

CLI Commands

vdb vuln

Retrieve detailed information about a specific vulnerability.

Usage:

vulnetix vdb vuln <vuln-id> [flags]

Flags:

• -o, --output string: Output format: json, yaml, pretty (default “pretty”)
• --reachability {direct|transitive|both|off}: Tree-sitter reachability analysis mode (default both). Direct scans the installed package folder; transitive scans the rest of the project tree. off skips the analysis and the additional /vuln/{id}/tree-sitter request entirely. See the Reachability Analysis section for full details.
• -V, --api-version {v2|v1}: VDB API version. v2 is the default; pass -V v1 only when the legacy surface is required (reachability is not produced on v1).

Examples:

# CVE (MITRE / NVD) — reachability runs automatically when v2 (default)
vulnetix vdb vuln CVE-2021-44228

# GitHub Security Advisory
vulnetix vdb vuln GHSA-jfh8-3a1q-hjz9

# PyPI vulnerability
vulnetix vdb vuln PYSEC-2024-123

# Red Hat advisory
vulnetix vdb vuln RHSA-2025:1730

# JSON output
vulnetix vdb vuln CVE-2021-44228 --output json

# Save to file
vulnetix vdb vuln CVE-2021-44228 -o json > log4shell.json

# Skip reachability for a strictly offline / non-source-aware lookup
vulnetix vdb vuln CVE-2021-44228 --reachability=off

# Direct-only (faster in CI; only scans node_modules/<pkg>)
vulnetix vdb vuln CVE-2021-23337 --reachability=direct

Response includes:

• Vulnerability identifier and aliases
• Description
• Published and modified dates
• CVSS scores (v2, v3, v4 where available)
• References and advisories
• Affected products and versions
• EPSS probability scores
• KEV (Known Exploited Vulnerabilities) status
• Reachability (x_reachability) — direct + transitive tree-sitter matches with file paths and line ranges; see the Reachability Analysis section.

vdb ecosystems

List all available package ecosystems in the VDB.

Usage:

vulnetix vdb ecosystems [flags]

Flags:

• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

Examples:

# List ecosystems
vulnetix vdb ecosystems

# Get ecosystems as JSON
vulnetix vdb ecosystems --output json

Typical ecosystems include:

• npm (JavaScript/Node.js)
• PyPI (Python)
• Maven (Java)
• Go
• RubyGems
• NuGet (.NET)
• crates.io (Rust)
• And many more…

vdb product

Get version information for a specific product or package.

Usage:

vulnetix vdb product <product-name> [version] [ecosystem] [flags]

Flags:

• --limit int: Maximum number of results to return (default 100)
• --offset int: Number of results to skip (default 0)
• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

Examples:

# List all versions of a product
vulnetix vdb product express

# Get specific version information
vulnetix vdb product express 4.17.1

# Get specific version scoped to ecosystem
vulnetix vdb product express 4.17.1 npm

# List with pagination
vulnetix vdb product express --limit 50 --offset 100

# Get all versions as JSON
vulnetix vdb product lodash --output json

List response includes:

• Package/product name
• Total number of versions
• Array of version records, each with:
  • version — version string
  • ecosystem — package ecosystem (e.g. npm, PyPI)
  • sources — contributing data sources
• Pagination information (hasMore, limit, offset)

Specific version response includes:

• Detailed version metadata
• Dependencies
• Known vulnerabilities
• Release date
• Maintainer information

vdb vulns

Retrieve all known vulnerabilities for a specific package.

Usage:

vulnetix vdb vulns <package-name> [flags]

Flags:

• --limit int: Maximum number of results to return (default 100)
• --offset int: Number of results to skip (default 0)
• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

Examples:

# Get vulnerabilities for a package
vulnetix vdb vulns express

# Get vulnerabilities with pagination
vulnetix vdb vulns lodash --limit 20

# Get vulnerabilities as JSON
vulnetix vdb vulns moment --output json

# Get next page of results
vulnetix vdb vulns react --offset 100

Response includes:

• Total vulnerability count
• Array of vulnerabilities with:
  • Vulnerability identifiers (CVE, GHSA, and other formats)
  • Severity levels
  • CVSS scores
  • Affected version ranges
  • Fixed versions
  • Descriptions
  • References
• Pagination information

vdb spec

Retrieve the OpenAPI specification for the VDB API.

Usage:

vulnetix vdb spec [flags]

Flags:

• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

Examples:

# View the API specification
vulnetix vdb spec

# Save specification to file
vulnetix vdb spec --output json > vdb-openapi-spec.json

# Use with other tools
vulnetix vdb spec -o json | jq '.paths'

vdb exploits

Retrieve exploit intelligence for a specific vulnerability.

Usage:

vulnetix vdb exploits <vuln-id> [flags]

Flags:

• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

Examples:

# CVE
vulnetix vdb exploits CVE-2021-44228

# GitHub Security Advisory
vulnetix vdb exploits GHSA-jfh8-3a1q-hjz9

# JSON output
vulnetix vdb exploits CVE-2021-44228 --output json

Sources include: ExploitDB, Metasploit modules, Nuclei templates, VulnCheck, CrowdSec, and GitHub proof-of-concept repositories.

vdb exploits search

Search for exploits across all vulnerabilities with filtering.

Usage:

vulnetix vdb exploits search [flags]

Flags:

Examples:

# Search for npm exploits
vulnetix vdb exploits search --ecosystem npm

# High-severity exploits in CISA KEV
vulnetix vdb exploits search --in-kev --severity critical

# Exploits with high EPSS scores
vulnetix vdb exploits search --min-epss 0.9 --limit 20

# Free-text search
vulnetix vdb exploits search -q "remote code execution" -o json

vdb exploits sources

List all exploit intelligence sources tracked by the VDB (e.g. ExploitDB, Metasploit, VulnCheck, Nuclei).

Alias: vdb exploit-sources still works as a hidden alias.

Usage:

vulnetix vdb exploits sources [flags]

Flags:

• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

Examples:

# List all exploit intelligence sources
vulnetix vdb exploits sources

# As JSON
vulnetix vdb exploits sources --output json

vdb exploits types

List all exploit type classifications tracked by the VDB.

Alias: vdb exploit-types still works as a hidden alias.

Usage:

vulnetix vdb exploits types [flags]

Flags:

• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

Examples:

# List all exploit type classifications
vulnetix vdb exploits types

# As JSON
vulnetix vdb exploits types --output json

vdb fixes

Retrieve comprehensive fix data for a specific vulnerability.

Usage:

vulnetix vdb fixes <vuln-id> [flags]

Flags:

• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

V2 note: When using API v2 (-V v2), fix data is fetched in parallel with other enrichment endpoints for faster response times.

Examples:

# CVE
vulnetix vdb fixes CVE-2021-44228

# GitHub Security Advisory
vulnetix vdb fixes GHSA-jfh8-3a1q-hjz9

# JSON output
vulnetix vdb fixes CVE-2021-44228 --output json

Response includes: Patches, advisories, workarounds, KEV required actions, AI-generated analysis, and exploitation maturity assessment.

Registry fix objects now include computed display fields:

Top-level exploitationMaturity object:

{
  "exploitationMaturity": {
    "score": 42,
    "level": "WEAPONIZED",
    "confidence": "MEDIUM",
    "reasoning": "2 public exploits available",
    "factors": {
      "epss": 0.12,
      "cess": 0.08,
      "kevPresence": false,
      "exploitDbCount": 2,
      "crowdSecSightings": 0
    }
  }
}

Levels: NONE (0–14) · POC (15–34) · WEAPONIZED (35–54) · ACTIVE (55–74) · WIDESPREAD (75+)

vdb fixes distributions

List all supported Linux distributions for which fix advisory data is available in the VDB.

Alias: vdb fix-distributions still works as a hidden alias.

Usage:

vulnetix vdb fixes distributions [flags]

Flags:

• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

Examples:

# List supported distributions
vulnetix vdb fixes distributions

# As JSON
vulnetix vdb fixes distributions --output json

vdb timeline

Retrieve the vulnerability lifecycle timeline — CVE dates, exploits, scoring history, patches, and advisories.

Works without -V v2 (v1 default). With -V v2, also returns sources{} providing raw source transparency data.

Usage:

vulnetix vdb timeline <vuln-id> [flags]

Flags:

Event types:

Examples:

# Full timeline (v1, no sources{})
vulnetix vdb timeline CVE-2021-44228

# With source transparency (v2)
vulnetix vdb timeline CVE-2021-44228 -V v2

# Only exploit events
vulnetix vdb timeline CVE-2021-44228 --include exploit

# All except score-change, limit scores
vulnetix vdb timeline CVE-2021-44228 --exclude score-change

# Restrict CVE dates to published only, limit score history
vulnetix vdb timeline CVE-2021-44228 --dates published --scores-limit 10

# JSON output with v2 source transparency
vulnetix vdb timeline CVE-2021-44228 -V v2 --include exploit --output json

Response (v1):

{
  "identifier": "CVE-2021-44228",
  "events": [
    { "time": 1638316800000, "type": "source", "label": "CVE Published", "sourceRef": "cve", ... },
    { "time": 1638403200000, "type": "exploit", "label": "CISA KEV Added", "kevCisa": true, ... },
    { "time": 1638230400000, "type": "score-change", "label": "EPSS Score", "epssScore": 0.97, ... }
  ],
  "meta": {
    "currentAgeDays": 1500, "lifecycleStage": "LEGACY",
    "publicationToKevDays": 1, "publicationToFirstExploitDays": 0,
    "insights": ["Exploit published on same day as disclosure (0-day)", "..."]
  }
}

v2 adds a sources{} section with raw data from each source (kev.cisa, kev.eu, epss, cess, vulncheck, crowdsec, scorecard, advisories, adp).

vdb versions

List all known versions for a package across ecosystems.

Usage:

vulnetix vdb versions <package-name> [flags]

Flags:

• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

Examples:

# Get all versions of a package
vulnetix vdb versions express

# Get versions as JSON
vulnetix vdb versions express --output json

vdb gcve

Retrieve a paginated list of vulnerabilities published within a date range, with enrichment data.

Usage:

vulnetix vdb gcve --start <YYYY-MM-DD> --end <YYYY-MM-DD> [flags]

Flags:

• --start string: Start date (YYYY-MM-DD) [required]
• --end string: End date (YYYY-MM-DD) [required]
• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

Examples:

# Get vulnerabilities published in January 2024
vulnetix vdb gcve --start 2024-01-01 --end 2024-01-31

# Get all 2024 vulnerabilities as JSON
vulnetix vdb gcve --start 2024-01-01 --end 2024-12-31 --output json

# Save to file
vulnetix vdb gcve --start 2024-01-01 --end 2024-01-31 -o json > jan-2024-vulns.json

vdb gcve issuances

List GCVE issuance identifiers (GCVE-VVD-YYYY-NNNN) published in a given calendar month.

Alias: vdb gcve-issuances still works as a hidden alias.

Usage:

vulnetix vdb gcve issuances --year <YYYY> --month <M> [flags]

Flags:

Examples:

# List GCVE issuances for March 2025
vulnetix vdb gcve issuances --year 2025 --month 3

# As JSON
vulnetix vdb gcve issuances --year 2025 --month 3 --output json

# Paginate
vulnetix vdb gcve issuances --year 2025 --month 3 --limit 50 --offset 100

vdb purl

Query the VDB using a standard Package URL (PURL) string. The PURL is parsed automatically and the appropriate VDB endpoint is called based on the dispatch logic below.

Usage:

vulnetix vdb purl <purl-string> [flags]

Dispatch logic:

Flags:

• --vulns: Show vulnerabilities instead of versions (only effective when PURL has no version)
• --limit int: Maximum number of results (default 100)
• --offset int: Number of results to skip (default 0)
• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

Examples:

# Version + known ecosystem → product version+ecosystem lookup
vulnetix vdb purl "pkg:npm/express@4.17.1"

# Version in Maven ecosystem (with namespace)
vulnetix vdb purl "pkg:maven/org.apache.commons/commons-lang3@3.12.0"

# No version + --vulns → package vulnerabilities
vulnetix vdb purl "pkg:pypi/requests" --vulns

# Version + JSON output
vulnetix vdb purl "pkg:golang/github.com/go-chi/chi/v5@5.0.8" -o json

# No version (default) → list product versions
vulnetix vdb purl "pkg:npm/lodash"

vdb ids

List distinct CVE identifiers published in a given calendar month.

Usage:

vulnetix vdb ids <year> <month> [flags]

Positional arguments:

Flags:

• --limit int: Maximum results (default 100, max 500)
• --offset int: Results to skip (for pagination, default 0)
• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

Examples:

# List CVE IDs for March 2024
vulnetix vdb ids 2024 3

# With pagination
vulnetix vdb ids 2024 3 --limit 50

# As JSON
vulnetix vdb ids 2024 3 --output json

vdb search

Search CVE identifiers by prefix (case-insensitive). The prefix must be between 3 and 50 characters.

Usage:

vulnetix vdb search <prefix> [flags]

Flags:

• --limit int: Maximum results (default 100, max 500)
• --offset int: Results to skip (for pagination, default 0)
• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

Examples:

# Search for CVE IDs starting with CVE-2024-1
vulnetix vdb search CVE-2024-1

# With pagination and JSON output
vulnetix vdb search CVE-2024-1 --limit 50 --output json

# Next page
vulnetix vdb search CVE-2024-1 --limit 100 --offset 100

vdb sources

List all vulnerability data sources tracked by the VDB.

Usage:

vulnetix vdb sources [flags]

Flags:

• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

Examples:

# List all data sources
vulnetix vdb sources

# As JSON
vulnetix vdb sources --output json

vdb metrics

Vulnerability metric intelligence.

Usage:

vulnetix vdb metrics <vuln-id> [flags]

Flags:

• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

vdb metrics types

List all vulnerability metric and scoring types tracked by the VDB (e.g. CVSS v2, CVSS v3.1, CVSS v4, EPSS).

Alias: vdb metric-types still works as a hidden alias.

Usage:

vulnetix vdb metrics types [flags]

Flags:

• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

Examples:

# List all metric types
vulnetix vdb metrics types

# As JSON
vulnetix vdb metrics types --output json

vdb status

Check API health and display CLI/auth metadata.

Usage:

vulnetix vdb status [flags]

Flags:

• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

vdb summary

Retrieve all-time global statistics for the entire Vulnetix Vulnerability Database. Shows database coverage, severity distribution, enrichment rates, exploit and malware counts, and the top 10 CWEs and vendors by CVE volume.

Usage:

vulnetix vdb summary [flags]

Flags:

• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

Response sections:

Examples:

# Human-readable summary
vulnetix vdb summary

# Full JSON response
vulnetix vdb summary --output json

vdb packages search

Full-text search across packages in the VDB. Searches across multiple data sources including SBOM dependencies, package registries, CVE affected products, GitHub repositories, CISA/VulnCheck KEV entries, end-of-life databases, and CycloneDX metadata.

Usage:

vulnetix vdb packages search <query> [flags]

Flags:

Response Fields:

Each package in the response includes:

Examples:

# Search for packages matching "express"
vulnetix vdb packages search express

# Search within npm ecosystem
vulnetix vdb packages search express --ecosystem npm

# JSON output with pagination
vulnetix vdb packages search log4j --limit 20 -o json

vdb ecosystem package

Get package information within a specific ecosystem.

Usage:

vulnetix vdb ecosystem package <ecosystem> <package-name> [flags]

Flags:

Examples:

# Get package info
vulnetix vdb ecosystem package npm express

# Get version information
vulnetix vdb ecosystem package npm express --versions

# JSON output
vulnetix vdb ecosystem package pypi requests -o json

vdb ecosystem group

Get group/artifact information using Maven-style coordinates.

Usage:

vulnetix vdb ecosystem group <ecosystem> <group> <artifact> [flags]

Flags:

• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

Examples:

# Look up a Maven artifact
vulnetix vdb ecosystem group maven org.apache.commons commons-lang3

# JSON output
vulnetix vdb ecosystem group maven org.springframework spring-core -o json

vdb eol product

Retrieve end-of-life lifecycle data for a product (runtime, framework, etc.).

Usage:

vulnetix vdb eol product <product> [flags]

Flags:

• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

Examples:

# Check Node.js EOL lifecycle
vulnetix vdb eol product nodejs

# Check Python release lifecycle
vulnetix vdb eol product python

vdb eol package

Retrieve end-of-life lifecycle data for a specific package version. Returns lifecycle fields including isEol, eolFrom, isMaintained, and latest version info.

Endpoint: GET /v1/eol/packages/{ecosystem}/{package}/versions/{version}

When the package or version is not yet tracked in the VDB EOL database, the API returns a 404. The CLI treats this as “not end-of-life” and raises no breach — this is the graceful degradation behaviour that allows --block-eol to work today while package coverage grows over time.

Usage:

vulnetix vdb eol package <ecosystem> <package> <version> [flags]

Flags:

• -o, --output string: Output format: json, yaml, pretty (default “pretty”)

Response fields:

Examples:

# Check if a specific npm package version is EOL
vulnetix vdb eol package npm express 3.0.0

# JSON output for CI integration
vulnetix vdb eol package pypi django 2.2 -o json

vdb kev list

Description: List the full Vulnetix KEV catalogue — the independent, evidence-driven Known-Exploited-Vulnerabilities list derived from multiple honeypot sources (CrowdSec, MISP, Shadowserver) and weaponisation signals (Snort rules, Nuclei templates, Metasploit modules), for CVEs that are not already in CISA KEV or VulnCheck KEV.

The catalogue is refreshed daily by the vulnetix-kev-processor and cached at the edge for 1 hour.

Aliases: — (use vulnetix vdb kev download for the CSV shorthand)

Usage:

vulnetix vdb kev list [flags]

Flags:

• --format json|csv — output format (default: json)
• --source <name> — KEV catalogue source (repeatable; see vdb kev sources). Valid values: CISA, vulnetix, enisa, vulncheck. JSON listings merge all four sources by default; pin a single source with --source CISA (etc.). The --source flag is JSON-only — --format csv always uses the vulnetix qualifying-reason export and ignores --source.
• --reason <enum> — filter by qualifying reason (repeatable; vulnetix-source only — silently ignored on other sources). See vdb kev reasons.
• --all — require every --reason to be present (AND). Default is any (OR).
• --limit <n> — max items (JSON only; CSV streams the full set)
• --offset <n> — pagination offset (JSON only)
• --no-references — omit the per-entry references bucket (JSON only; references are included by default)
• -o, --output <file> — write the response to a file instead of stdout

Behaviour change (v2.6+): vdb kev list (JSON) now merges all four KEV sources by default — CISA, vulnetix, enisa, and vulncheck — via the unified /v2/kev endpoint. To restore the previous vulnetix-only behaviour pass --source vulnetix (or use --reason … / --format csv, both of which still resolve to the vulnetix-only export).

JSON response shape (abbreviated):

{
  "generatedAt": 1714910400,
  "total": 312,
  "count": 312,
  "items": [
    {
      "cveId": "CVE-2024-12847",
      "vendorProject": "netgear",
      "product": "dgn1000",
      "vulnerabilityName": "NETGEAR DGN1000 Authentication Bypass",
      "shortDescription": "…",
      "requiredAction": "Deploy the available Snort/Suricata IDS rule and isolate exposed instances until a vendor patch is released.",
      "dateAdded": "2026-04-23",
      "dueDate": "2026-04-25",
      "overdue": false,
      "daysUntilDue": 2,
      "knownRansomwareCampaignUse": null,
      "reasons": ["crowdsec_sighting", "shadowserver_sighting", "multi_source_sighting", "snort_rule"],
      "lastEvaluatedAt": "2026-04-23T10:30:00Z",
      "references": {
        "snort":      ["emergingthreats:2023456", "…"],
        "nuclei":     ["cves/2024/CVE-2024-12847.yaml"],
        "metasploit": ["https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/…"]
      }
    }
  ]
}

Examples:

# Full catalogue as JSON
vulnetix vdb kev list

# Just the CVEs flagged for ransomware use
vulnetix vdb kev list --reason known_ransomware

# CVEs matching any Snort or Metasploit tag (OR)
vulnetix vdb kev list --reason snort_rule --reason metasploit_module

# Critical-CVSS ransomware CVEs (AND)
vulnetix vdb kev list --reason known_ransomware --reason critical_cvss --all

# CSV export, saved to disk
vulnetix vdb kev list --format csv -o vulnetix-kev.csv

# Stream JSON to jq for ad-hoc analysis
vulnetix vdb kev list --no-references | jq '.items[] | select(.overdue) | .cveId'

vdb kev get

Description: Fetch a single Vulnetix KEV entry by CVE ID. Returns the same item shape as vdb kev list, always with references included. Exits with an error if the CVE is not in the catalogue.

Usage:

vulnetix vdb kev get <CVE-ID> [flags]

Flags:

• -o, --output <file> — write the entry JSON to a file instead of stdout

Example:

vulnetix vdb kev get CVE-2024-12847
vulnetix vdb kev get CVE-2024-12847 -o CVE-2024-12847.json

vdb kev download

Description: Download the full Vulnetix KEV catalogue as CSV. Shorthand for vdb kev list --format csv. Writes to vulnetix-kev.csv in the current directory if --output is not given.

Usage:

vulnetix vdb kev download [flags]

Flags: same as vdb kev list — --reason, --all, -o/--output are the most useful.

Examples:

vulnetix vdb kev download                             # writes ./vulnetix-kev.csv
vulnetix vdb kev download -o /tmp/kev.csv
vulnetix vdb kev download --reason known_ransomware -o ransomware-kev.csv

vdb kev reasons

Description: Print the valid enum values for the --reason flag. These are the qualifying-path labels the processor attaches to every catalogue entry.

Usage:

vulnetix vdb kev reasons

Output:

crowdsec_sighting
misp_sighting
shadowserver_sighting
shadowserver_surge
multi_source_sighting
snort_rule
nuclei_template
metasploit_module
known_ransomware
critical_cvss

See the Vulnetix KEV design doc for what each reason means and which qualifying path triggers a CVE’s inclusion.

vdb exploits archived

Description: Per-CVE list of Exploit table rows, ranked by datePublished DESC. Each row carries hasArchive: true when the PoC payload is archived in object storage; the response includes a pocUrl that maps to vdb exploits poc.

Usage:

vulnetix vdb exploits archived <CVE-ID> [flags]

Flags:

• -o, --output <file> — write JSON to a file

Example:

vulnetix vdb exploits archived CVE-2021-44228

vdb exploits poc

Description: Stream the raw PoC bytes for a single Exploit UUID. Used for fix verification: download the PoC, run it against your patched system, confirm the fix holds. Sets Content-Disposition: attachment; filename="<original>" and X-Vulnetix-Sha256 for chain-of-custody. The CLI verifies the body sha256 against the header before writing the file.

Usage:

vulnetix vdb exploits poc <exploit-uuid> [flags]

Flags:

• -o, --output <file> — write to this path (default: filename from Content-Disposition)
• --print — write to stdout instead of disk

Example:

vulnetix vdb exploits poc 1c9f4a4b-… -o /tmp/log4shell.py

vdb exploits download

Description: Bulk download every archived PoC for a CVE into a directory plus a manifest.csv with sha256 + originalUrl per file (chain-of-custody). External-only rows (no archive on file) are listed in the manifest as external-only with the upstream URL.

Usage:

vulnetix vdb exploits download <CVE-ID> [flags]

Flags:

• --all — pull every archived PoC (default behaviour)
• --dir <path> — output directory (default: ./exploits-<CVE>/)

Example:

vulnetix vdb exploits download CVE-2024-12847 --all
ls exploits-CVE-2024-12847/
cat exploits-CVE-2024-12847/manifest.csv

vdb iocs get

Description: IOC pivots for a CVE — CrowdSecSighting rows (per-IP attribution: AS, geo, behaviors, ATT&CK techniques, last-seen) + a Shadowserver summary block (count1d / count7dAvg / count30dAvg / count90dAvg + top countries).

Usage:

vulnetix vdb iocs get <CVE-ID> [flags]

Flags:

• -o, --output <file> — write JSON to a file

Example:

vulnetix vdb iocs get CVE-2024-12847

vdb iocs list

Description: Cross-CVE IOC search across CrowdSec sightings. Supports --format stix for STIX 2.1 bundle output that any commercial SOAR (Splunk, Sentinel, Cortex, Tines) ingests directly. Each indicator is rendered as a STIX indicator SDO with a [ipv4-addr:value = '...'] pattern, sighted against a vulnerability SDO for the CVE.

Usage:

vulnetix vdb iocs list [flags]

Filter flags:

• --cve-id <CVE> — repeatable
• --country <CC> — ISO-2; repeatable; AND
• --asn <int> — repeatable; AND
• --behavior <text> — substring of CrowdSec behaviorsCsv (ILIKE)
• --reputation <name> — exact match (e.g. malicious, suspicious)
• --since <RFC3339> — only sightings with lastSeen >=
• --limit <n> (default 100, max 500), --offset <n>

Output flags:

• --format <name> — json (default) | csv | stix
• -o, --output <file> — write to a file

Examples:

# Threat-hunt for sightings of a CVE in Australia
vulnetix vdb iocs list --cve-id CVE-2024-12847 --country AU

# STIX 2.1 bundle for SOAR ingest
vulnetix vdb iocs list --cve-id CVE-2024-12847 --format stix > log4shell-iocs.stix.json

# CSV for offline analysis
vulnetix vdb iocs list --behavior "http-scanning" --format csv -o scanners.csv

vdb sightings

Description: Merged in-the-wild observation timeline across ShadowserverTimeSeries, VulnCheckReportedExploitation, and CVEAiInWildExploitation. Returns firstObservation, lastObservation, daysSinceLastSeen headlines plus an events[] lane chart suitable for direct rendering.

Usage:

vulnetix vdb sightings <CVE-ID> [flags]

Flags:

• -o, --output <file> — write JSON to a file

Example:

vulnetix vdb sightings CVE-2021-44228

vdb vex get

Description: Returns OpenVexStatement rows for the CVE that belong to the authenticated org’s uploaded VEX documents. Used during triage to deprioritise findings the vendor has marked not_affected.

Usage:

vulnetix vdb vex get <CVE-ID> [flags]

Flags:

• -o, --output <file> — write JSON to a file

Example:

vulnetix vdb vex get CVE-2024-12847

vdb vex list

Description: Search VEX statements declared by your org. Filter by status, supplier, since.

Usage:

vulnetix vdb vex list [flags]

Filter flags:

• --cve-id <CVE> — repeatable
• --status <name> — not_affected | fixed | under_investigation | affected
• --supplier <text> — ILIKE substring
• --since <RFC3339> — only statements with timestamp >=
• --limit <n> (default 50, max 200), --offset <n>
• -o, --output <file> — write JSON to a file

Examples:

# All not_affected statements from any supplier
vulnetix vdb vex list --status not_affected --limit 100

# Red Hat's fixed statements in the last 30 days
vulnetix vdb vex list --status fixed --supplier "Red Hat" --since 2026-04-01T00:00:00Z

vdb triage

Description: The daily SOC pull. Combined filter across EPSS, CESS, CVSS, severity, KEV membership (across all four sources), CWE, vendor / product, and publication date. Returns rows ordered by best CVSS by default; sort by cess, epss (with floor), published, or kev-due.

Hard limit on --sort epss: requires --min-epss (or --min-epss-percentile) to be set, and --min-epss >= 0.3. The query plan is backed by a partial index on EPSS score >= 0.3; without that floor the planner has to sort hundreds of millions of time-series rows. Below 0.3 is below SOC triage relevance — if you need to scan there, use --sort cvss or --sort published. The CLI surfaces a 400 with the constraint message when this is violated.

Usage:

vulnetix vdb triage [flags]

Filter flags:

• --min-epss <0..1> — EPSS score floor
• --min-epss-percentile <0..100> — EPSS percentile floor
• --min-cess <0..10> — Coalition CESS score floor
• --min-cvss <0..10> — best CVSS base score floor
• --severity <name> — critical | high | medium | low
• --in-kev <true|false> — limit to / exclude KEV-listed CVEs
• --kev-source <name> — CISA | vulnetix | enisa | vulncheck (repeat for OR)
• --cwe <id> — repeat for OR (e.g. CWE-79)
• --vendor <text>, --product <text> — ILIKE
• -d, --days <N> — look-back window in days (1..30). Convenience for --since now-Nd. Default 0 = no implicit window.
• --since <RFC3339> — datePublished >=. Overrides --days when both are supplied.
• --sort <name> — cvss (default) | cess | epss (requires --min-epss >= 0.3) | published | kev-due
• --limit <n> (default 50, max 200), --offset <n>

Output flags:

• --format <name> — json (default) | csv
• -o, --output <file> — write to a file

Examples:

# Daily 'EPSS > 0.7 + KEV + critical/high' sweep (last 24h is the sensible default)
vulnetix vdb triage --min-epss 0.7 --in-kev --severity high --days 1 --limit 50

# Last week's published criticals without KEV (potential 'gets KEV'd next' shortlist)
vulnetix vdb triage --min-cvss 9.0 --in-kev false -d 7 --sort published

# Last 30 days, KEV due-date sweep — what's overdue per CISA?
vulnetix vdb triage --in-kev --kev-source CISA --days 30 --sort kev-due

# Explicit timestamp (overrides --days when both set)
vulnetix vdb triage --min-cvss 9.0 --in-kev false --since 2026-05-01T00:00:00Z --sort published

# CSV for ticket import
vulnetix vdb triage --min-epss 0.5 --severity high -d 7 --format csv -o triage.csv

vdb raw sources

Description: Enumerate the upstream advisory sources whose raw payloads are archived in object storage. Each entry says whether per-CVE retrieval is supported (perCVE) and how many rows are archived.

Usage:

vulnetix vdb raw sources [flags]

Example:

vulnetix vdb raw sources

vdb raw get

Description: Fetch a CVE’s raw upstream advisory bytes (the original JSON / XML the processor saw). Used for forensic / chain-of-custody work — proves what the upstream said at ingest time. The CLI verifies the body sha256 against the X-Vulnetix-Sha256 response header and writes the bytes to disk with the original content-type.

Usage:

vulnetix vdb raw get --source <slug> <CVE-ID> [flags]

Flags:

• --source <slug> — required. Run vdb raw sources for the catalogue (mitre-cve, ghsa, osv, euvd, …).
• -o, --output <file> — write to this path (default: <source>-<CVE>.bin)

Example:

vulnetix vdb raw get --source mitre-cve CVE-2021-44228 -o log4shell-mitre.json

vdb nuclei get

Description: Look up ProjectDiscovery Nuclei template paths attached to a CVE. With --format yaml --first the handler proxies the first template body inline so callers can pipe straight into nuclei -t - for a fix-verification run.

Usage:

vulnetix vdb nuclei get <CVE-ID> [flags]

Flags:

• --format <name> — json (default) | yaml
• --first — (yaml only) return only the first template body
• -o, --output <file> — write to a file

Examples:

# JSON listing of every template path
vulnetix vdb nuclei get CVE-2021-44228

# Fetch + run loop
vulnetix vdb nuclei get CVE-2021-44228 --format yaml --first | nuclei -t - -u https://your-target.example

vdb kev sources

Description: Print the four KEV catalogue sources surfaced by vdb kev list. Lets you discover the valid --source values (also accepted on vdb triage --kev-source).

Usage:

vulnetix vdb kev sources

Output:

CISA
vulnetix
enisa
vulncheck

The vdb kev list flag --source <name> accepts any of these (repeatable). When omitted, JSON listings merge all four. The CSV export path (--format csv) remains vulnetix-only because the CSV schema is anchored on the qualifying-reason model that’s specific to that source.

vdb msrc patch-tuesdays

Description: List Microsoft Patch Tuesday months with on-file rollup data.

Usage:

vulnetix vdb msrc patch-tuesdays [flags]

Flags:

• -o, --output <file> — write JSON to a file

Example:

vulnetix vdb msrc patch-tuesdays

vdb msrc patch-tuesday

Description: Get a specific Patch Tuesday rollup by ISO month.

Usage:

vulnetix vdb msrc patch-tuesday <YYYY-MM> [flags]

Example:

vulnetix vdb msrc patch-tuesday 2026-04

vdb vendor-trends

Description: Vendor-level trend data (monthly / yearly CVE+GHSA breakdown).

Usage:

vulnetix vdb vendor-trends [--vendor <name>] [--year <YYYY>]

Example:

vulnetix vdb vendor-trends --vendor microsoft --year 2026

vdb exploit-trends

Description: Severity-tier rollup of exploit signal counts (mention → bounty → sighting → theoretical → weaponised → known → predicted).

Usage:

vulnetix vdb exploit-trends

vdb ai-discoveries

Description: AI-discovered vulnerabilities (researcher leaderboard + per-CVE detail).

Usage:

vulnetix vdb ai-discoveries [--cve <CVE-ID>] [--limit <n>]

vdb ai-assisted-exploits

Description: Researcher AI-assisted exploit demonstrations (academic / red-team artefacts).

Usage:

vulnetix vdb ai-assisted-exploits [--cve <CVE-ID>] [--limit <n>]

vdb ai-in-wild

Description: AI-discovered in-the-wild exploitation observations.

Usage:

vulnetix vdb ai-in-wild [--cve <CVE-ID>] [--since <RFC3339>] [--limit <n>]

vdb ai-malware

Description: AI-authored / AI-runtime malware family intelligence.

Usage:

vulnetix vdb ai-malware [--cve <CVE-ID>] [--limit <n>]

V2 Commands

The following commands are available when using API v2 (-V v2). They provide additional vulnerability enrichment data.

vulnetix vdb workarounds <vuln-id> -V v2 [flags]

vulnetix vdb workarounds CVE-2021-44228 -V v2
vulnetix vdb workarounds CVE-2021-44228 -V v2 -o json

vulnetix vdb advisories <vuln-id> -V v2 [flags]

vulnetix vdb advisories CVE-2021-44228 -V v2
vulnetix vdb advisories GHSA-jfh8-3a1q-hjz9 -V v2 -o json

vulnetix vdb cwe guidance <vuln-id> -V v2 [flags]

vulnetix vdb cwe guidance CVE-2021-44228 -V v2
vulnetix vdb cwe guidance CVE-2021-44228 -V v2 -o json

vulnetix vdb kev <vuln-id> -V v2 [flags]

vulnetix vdb kev CVE-2021-44228 -V v2
vulnetix vdb kev CVE-2021-44228 -V v2 -o json

vulnetix vdb attack-techniques get <CVE-ID> [flags]

{
  "identifier": "CVE-2021-44228",
  "count": 2,
  "total": 2,
  "attackTechniques": [
    {
      "id": "T1190",
      "name": "Exploit Public-Facing Application",
      "url": "https://attack.mitre.org/techniques/T1190",
      "domain": "Enterprise",
      "subtechnique": false,
      "tactics": ["initial-access"],
      "capecId": "CAPEC-312",
      "derivedBy": "vulnetix",
      "_sources": ["nist-nvd", "mitre-cve"],
      "mitigations": [
        {"id": "M1051", "url": "https://attack.mitre.org/mitigations/M1051", "description": "Update software regularly…"}
      ],
      "detections": [
        {"id": "DS0029", "datasource": "Network Traffic", "detects": "Use deep packet inspection to look for known payloads…"}
      ],
      "d3fend": [
        {"mitigationId": "M1051", "id": "D3-SU", "url": "https://d3fend.mitre.org/technique/d3f:SoftwareUpdate"}
      ]
    }
  ]
}

vulnetix vdb attack-techniques get CVE-2021-44228
vulnetix vdb attack-techniques get CVE-2026-31709 -o attack.json

vulnetix vdb attack-techniques list [flags]

# Every CVE mapped to T1190 (Exploit Public-Facing Application)
vulnetix vdb attack-techniques list --technique T1190

# Initial-access OR lateral-movement, AI-derived rows only
vulnetix vdb attack-techniques list --tactic initial-access --derived-by vulnetix

# CVEs whose mapping cleanly aligns with CAPEC-242
vulnetix vdb attack-techniques list --capec CAPEC-242 --domain Enterprise

# Free-text against technique names
vulnetix vdb attack-techniques list --q "remote code"

vulnetix vdb snort-rules get <CVE-ID> [flags]

vulnetix vdb snort-rules get CVE-2021-44228
vulnetix vdb snort-rules get CVE-2021-44228 --format rules > log4shell.rules

vulnetix vdb snort-rules list [flags]

# All rules tagged with the Exploit-Public-Facing-Application technique
vulnetix vdb snort-rules list --technique T1190

# High-severity web-app rules from Emerging Threats
vulnetix vdb snort-rules list \
    --source emergingthreats \
    --classtype web-application-attack \
    --severity high

# Rules whose payload mentions log4j on $HTTP_PORTS
vulnetix vdb snort-rules list \
    --dst-port '$HTTP_PORTS' \
    --match-content "log4j"

# Build a Suricata rules pack of recent Vulnetix-derived rules
vulnetix vdb snort-rules list \
    --source vulnetix \
    --since 2026-01-01T00:00:00Z \
    --format rules \
    -o vulnetix-recent.rules

vulnetix vdb yara-rules get <CVE-ID> [flags]

vulnetix vdb yara-rules get CVE-2021-44228
vulnetix vdb yara-rules get CVE-2024-12847 --format rules > pack.yar

vulnetix vdb yara-rules list [flags]

# Every rule named like apt-something
vulnetix vdb yara-rules list --rule-name apt

# Rules authored by Florian Roth that import the PE module
vulnetix vdb yara-rules list --author "Florian Roth" --imports pe

# Rules whose strings reference log4j with severity=high in meta
vulnetix vdb yara-rules list \
    --match-string "log4j" \
    --match-meta "severity=high"

# Build a YARA pack from Vulnetix-derived ransomware rules
vulnetix vdb yara-rules list \
    --source vulnetix \
    --tag ransomware \
    --format rules \
    -o vulnetix-ransomware.yar

vulnetix vdb timeline <vuln-id> -V v2 [flags]

vulnetix vdb timeline CVE-2021-44228 -V v2
vulnetix vdb timeline CVE-2021-44228 -V v2 -o json

vulnetix vdb affected <vuln-id> -V v2 [flags]

vulnetix vdb affected CVE-2021-44228 -V v2
vulnetix vdb affected CVE-2021-44228 -V v2 --ecosystem maven
vulnetix vdb affected CVE-2021-44228 -V v2 --ecosystem maven --package-name log4j-core -o json

vulnetix vdb scorecard <vuln-id> -V v2 [flags]

vulnetix vdb scorecard CVE-2021-44228 -V v2
vulnetix vdb scorecard CVE-2021-44228 -V v2 -o json

vulnetix vdb scorecard search <query> -V v2 [flags]

vulnetix vdb scorecard search openssl -V v2
vulnetix vdb scorecard search github.com/openssl/openssl -V v2 -o json

vulnetix vdb remediation plan <vuln-id> -V v2 [flags]

# Basic remediation plan
vulnetix vdb remediation plan CVE-2021-44228 -V v2

# With package context
vulnetix vdb remediation plan CVE-2021-44228 -V v2 \
  --ecosystem maven --package-name log4j-core --current-version 2.14.1

# Using PURL
vulnetix vdb remediation plan CVE-2021-44228 -V v2 \
  --purl "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1"

# With full context and guidance
vulnetix vdb remediation plan CVE-2021-44228 -V v2 \
  --ecosystem maven --package-name log4j-core \
  --current-version 2.14.1 --package-manager maven \
  --include-guidance --include-verification-steps -o json

vulnetix vdb cloud-locators -V v2 [flags]

# AWS S3 (regional service)
vulnetix vdb cloud-locators --vendor amazon --product s3 -V v2

# AWS CloudFront (global-only, region=us-east-1)
vulnetix vdb cloud-locators --vendor amazon --product cloudfront -V v2

# Azure Storage
vulnetix vdb cloud-locators --vendor microsoft --product storage -V v2

# GCP Compute Engine
vulnetix vdb cloud-locators --vendor google --product compute -V v2

# Cloudflare Workers
vulnetix vdb cloud-locators --vendor cloudflare --product workers -V v2

# Oracle Compute
vulnetix vdb cloud-locators --vendor oracle --product compute -V v2

# JSON output for automation
vulnetix vdb cloud-locators --vendor amazon --product lambda -V v2 -o json

Output Management

The --output (-o) flag controls the format of command output. Additional flags provide fine-grained control over JSON formatting and syntax highlighting.

Output Formats

# Default pretty output
vulnetix vdb vuln CVE-2021-44228

# JSON output
vulnetix vdb vuln CVE-2021-44228 -o json

# YAML output
vulnetix vdb vuln CVE-2021-44228 -o yaml

JSON Formatting Options

These flags are only valid with --output json. Using them with other output formats produces an error.

Indent Presets

Three mutually exclusive indent presets control JSON indentation depth. Only one can be used at a time.

# Default 4-space indent
vulnetix vdb vuln CVE-2021-44228 -o json

# Compact 2-space indent
vulnetix vdb vuln CVE-2021-44228 -o json --compact

# Sparse 8-space indent
vulnetix vdb vuln CVE-2021-44228 -o json --sparse

Syntax Highlighting

The --highlight flag adds terminal color highlighting to JSON output. Available themes:

# Highlighted JSON for dark terminals
vulnetix vdb vuln CVE-2021-44228 -o json --highlight dark

# Highlighted JSON for light terminals
vulnetix vdb vuln CVE-2021-44228 -o json --highlight light

Pipe safety: Syntax highlighting is automatically disabled when stdout is not a terminal (e.g., when piping to another command or redirecting to a file). This ensures that ANSI escape codes never corrupt file output or downstream tools, even if --highlight is explicitly set.

# Highlighting is active (stdout is terminal)
vulnetix vdb vuln CVE-2021-44228 -o json --highlight dark

# Highlighting is auto-disabled (stdout is piped)
vulnetix vdb vuln CVE-2021-44228 -o json --highlight dark | jq .

# Highlighting is auto-disabled (stdout is redirected)
vulnetix vdb vuln CVE-2021-44228 -o json --highlight dark > output.json

Saving Output to a File

Use shell redirection (>) to write command output to a file. The data stream (stdout) contains only the formatted output, making it safe for direct file capture.

# Save JSON to a file
vulnetix vdb vuln CVE-2021-44228 -o json > vuln.json

# Save compact JSON
vulnetix vdb vuln CVE-2021-44228 -o json --compact > vuln.json

# Save YAML to a file
vulnetix vdb vuln CVE-2021-44228 -o yaml > vuln.yaml

# Append to an existing file
vulnetix vdb vuln CVE-2021-44228 -o json >> all-vulns.json

Separating Output and Logs

The CLI writes data output to stdout and diagnostic messages (progress, warnings, rate limit info) to stderr. This separation allows you to capture clean data output while still seeing — or independently capturing — log messages.

# Save data to file, logs print to terminal
vulnetix vdb vuln CVE-2021-44228 -o json > vuln.json

# Save data to file, logs to separate file
vulnetix vdb vuln CVE-2021-44228 -o json > vuln.json 2> vuln.log

# Save data to file, suppress logs entirely
vulnetix vdb vuln CVE-2021-44228 -o json > vuln.json 2>/dev/null

# Save both data and logs to the same file
vulnetix vdb vuln CVE-2021-44228 -o json > vuln.json 2>&1

# View logs only, discard data
vulnetix vdb vuln CVE-2021-44228 -o json > /dev/null

Examples

Look Up a Vulnerability by Any Identifier

# MITRE CVE (Log4Shell)
vulnetix vdb vuln CVE-2021-44228

# GitHub Security Advisory (same vulnerability)
vulnetix vdb vuln GHSA-jfh8-3a1q-hjz9

# PyPI vulnerability
vulnetix vdb vuln PYSEC-2024-123

# Rust vulnerability
vulnetix vdb vuln RUSTSEC-2024-1234

# Red Hat advisory
vulnetix vdb vuln RHSA-2025:1730

# Debian security advisory
vulnetix vdb vuln DSA-4741-1

# Ubuntu security notice
vulnetix vdb vuln USN-7040-1

Investigate Exploits and Fixes

# Check exploit intelligence
vulnetix vdb exploits CVE-2021-44228
vulnetix vdb exploits GHSA-jfh8-3a1q-hjz9

# Get available fixes
vulnetix vdb fixes CVE-2021-44228
vulnetix vdb fixes GHSA-jfh8-3a1q-hjz9

# Search exploits across all vulnerabilities
vulnetix vdb exploits search --ecosystem npm --in-kev

Audit Package Vulnerabilities

# Check if Express.js has vulnerabilities
vulnetix vdb vulns express

# Check specific version
vulnetix vdb product express 4.16.0

# Check specific version in npm ecosystem
vulnetix vdb product express 4.16.0 npm

# Search for packages
vulnetix vdb packages search express --ecosystem npm

# Get ecosystem-scoped package info
vulnetix vdb ecosystem package npm express --versions

Explore Available Data

# List all ecosystems
vulnetix vdb ecosystems

# Find all versions of a package
vulnetix vdb product react --limit 500

# List all package versions across ecosystems
vulnetix vdb versions react

Export Data for Analysis

# Export vulnerability data (any identifier format)
vulnetix vdb vuln CVE-2021-44228 -o json > analysis/log4shell-cve.json
vulnetix vdb vuln GHSA-jfh8-3a1q-hjz9 -o json > analysis/log4shell-ghsa.json

# Export all vulnerabilities for a package
vulnetix vdb vulns webpack -o json > reports/webpack-vulns.json

# Export API specification
vulnetix vdb spec -o json > docs/vdb-api-spec.json

# Export vulnerabilities for a date range
vulnetix vdb gcve --start 2024-01-01 --end 2024-01-31 -o json > jan-2024-vulns.json

Combine with Other Tools

# Filter vulnerability data with jq
vulnetix vdb vuln CVE-2021-44228 -o json | jq '.[0].containers.cna.title'

# Count vulnerabilities
vulnetix vdb vulns lodash -o json | jq '.total'

# Extract severity levels
vulnetix vdb vulns express -o json | jq '.vulnerabilities[].severity' | sort | uniq -c

Rate Limiting

The VDB API implements rate limiting to ensure fair usage:

Per-Minute Rate Limit

• Default: 60 requests per minute
• Exceeded requests receive HTTP 429 status

Weekly Quota

• Default: 1000 requests per week (configurable per organization)
• Resets every Sunday at 00:00 UTC
• Contact sales@vulnetix.com for higher quotas

Rate Limit Headers

All responses include rate limit information:

RateLimit-MinuteLimit: 60
RateLimit-Remaining: 45
RateLimit-Reset: 28
RateLimit-WeekLimit: 10000
RateLimit-WeekRemaining: 8543
RateLimit-WeekReset: 172800

Handling Rate Limits

The CLI automatically handles token expiration (15-minute JWT tokens).

For rate limit errors, the API returns:

{
  "success": false,
  "error": "Rate limit exceeded",
  "details": "Too many requests. Limit: 60 requests per minute. Try again in 42 seconds."
}

Best Practices:

• Cache responses when possible
• Use pagination parameters to reduce request count
• Implement exponential backoff for retries
• Monitor rate limit headers
• Contact Vulnetix for production usage quotas

Global Flags

All vdb commands support these global flags:

• --org-id string: Organization UUID (overrides env vars)
• --api-key string: Direct API key (overrides VULNETIX_API_KEY env var)
• --secret string: SigV4 secret key (overrides VVD_SECRET env var)
• --method string: Auth method: apikey or sigv4 (auto-detected from flags if omitted)
• --base-url string: VDB API base URL (default “https://api.vdb.vulnetix.com”)
• -V, --api-version string: API version path (default “v1”; e.g. “v2”)
• -o, --output string: Output format: json, yaml, pretty (default “pretty”)
• --compact: 2-space JSON indent (--output json only)
• --comfortable: 4-space JSON indent, the default (--output json only)
• --sparse: 8-space JSON indent (--output json only)
• --highlight string: Syntax highlighting: dark, light, none (--output json only, default “none”)

Security Notes

1. Never commit credentials to version control
2. Use environment variables or secure configuration files
3. Rotate secrets regularly for production use
4. Store secrets securely using secrets managers in CI/CD
5. Limit access to credentials on shared systems

Troubleshooting

Authentication Errors

# Quickest fix — run interactive login
vulnetix auth login

# Check all credential sources
vulnetix auth status

# Or set environment variables (Direct API Key)
export VULNETIX_ORG_ID="your-uuid"
export VULNETIX_API_KEY="your-key"

# Or set environment variables (SigV4)
export VVD_ORG="your-uuid"
export VVD_SECRET="your-secret"

# Or create config file
mkdir -p ~/.vulnetix
cat > ~/.vulnetix/credentials.json << EOF
{
  "org_id": "your-uuid",
  "api_key": "your-key",
  "method": "apikey"
}
EOF

Token Expiration

JWT tokens automatically expire after 15 minutes. The CLI handles token refresh automatically. If you encounter token errors, try:

# The CLI will automatically request a new token
vulnetix vdb ecosystems

Rate Limiting

If you exceed rate limits:

1. Wait for the reset time indicated in the error message
2. Consider implementing caching
3. Use pagination to reduce request frequency
4. Contact Vulnetix for higher quotas

Network Issues

# Test connectivity
curl -I https://api.vdb.vulnetix.com/v1/spec

# Use custom base URL if needed
vulnetix vdb ecosystems --base-url https://custom-endpoint.example.com

# Target a different API version
vulnetix vdb ecosystems --api-version v2

API Documentation

For complete API documentation, visit:

• OpenAPI Spec: https://api.vdb.vulnetix.com/v1/spec
• Interactive Docs: https://redocly.github.io/redoc/?url=https://api.vdb.vulnetix.com/v1/spec
• User Guide: Contact sales@vulnetix.com

Support

For assistance:

• Email: sales@vulnetix.com
• Website: https://www.vulnetix.com
• GitHub Issues: https://github.com/vulnetix/cli/v3/issues