CVE Lookup

About

CVE Lookup automatically surfaces known security vulnerabilities 
for any website you visit. No searching, no copy-pasting, just 
open the extension and see what is publicly known to be broken 
or actively exploited in the services you use every day.

When you visit a website, CVE Lookup identifies the company 
behind it and pulls relevant CVEs from three official government 
sources:

- CISA KEV (Known Exploited Vulnerabilities): Actively exploited 
vulnerabilities flagged in red. These are confirmed to be used 
by attackers right now.

- NVD (National Vulnerability Database): Full CVE history with 
CVSS severity scores, sorted by risk.

Results are ranked by severity — actively exploited 
vulnerabilities always surface first.

PRIVACY FIRST
No backend. No server. No account required. All data is fetched 
directly from official US government APIs (CISA and NIST) and 
cached locally in your browser. Nothing you browse is ever 
transmitted to any third party.

BUILT FOR
- Developers checking the security posture of services they 
  depend on
- Security researchers doing quick vendor lookups
- Anyone who wants to know what is broken before trusting a 
  service with their data

FEATURES
- Automatic vendor detection from the current domain
- CISA KEV entries flagged separately as actively exploited
- CVSS severity scores color coded by risk level
- Local caching so repeat visits are instant
- Optional NVD API key for higher rate limits
- Clear cache button to force a fresh lookup
- No ads. No tracking. No telemetry.