query_cves
ActiveTool of Fillin
Daily snapshot of CVE / supply-chain advisories from NVD, GitHub Security Advisories, and OSV. Use before merging dependency updates, when triaging an alert, or when a user asks "is package X compromised". Each result row carries a structured `affected` list (one entry per affected package: ecosystem, name, vulnerable_range, patched_range) and a numeric `severity_score` (CVSS baseScore, nullable on OSV-only rows). A buyer can act on the returned row — pin to `patched_range` — without a second hop to NVD or GHSA.
Parameters schema
{
"type": "object",
"title": "query_cvesArguments",
"required": [
"query",
"cutoff"
],
"properties": {
"k": {
"type": "integer",
"title": "K",
"default": 5,
"maximum": 20,
"minimum": 1,
"description": "1-20"
},
"query": {
"type": "string",
"title": "Query",
"maxLength": 512,
"minLength": 1,
"description": "Vulnerability / supply-chain query."
},
"cutoff": {
"type": "string",
"title": "Cutoff",
"pattern": "^\\d{4}-\\d{2}-\\d{2}(T.*)?$",
"description": "Training cutoff as ISO-8601 date."
},
"min_severity": {
"anyOf": [
{
"type": "number",
"maximum": 10,
"minimum": 0
},
{
"type": "null"
}
],
"title": "Min Severity",
"default": null,
"description": "Optional CVSS baseScore floor (0.0-10.0). When set, rows with a populated severity_score below this value are dropped, and rows whose severity is unknown are skipped. Use 7.0 for high+critical only, 9.0 for critical only."
}
}
}No endpoints wrapped at confidence ≥ 0.70.
Parent server
Fillin
1/7 registries