CVE Lookup

Shows known CVEs for the company behind the site you are visiting.

CVE Lookup automatically surfaces known security vulnerabilities for any website you visit. No searching, no copy-pasting, just open the extension and see what is publicly known to be broken or actively exploited in the services you use every day. When you visit a website, CVE Lookup identifies the company behind it and pulls relevant CVEs from three official government sources: - CISA KEV (Known Exploited Vulnerabilities): Actively exploited vulnerabilities flagged in red. These are confirmed to be used by attackers right now. - NVD (National Vulnerability Database): Full CVE history with CVSS severity scores, sorted by risk. Results are ranked by severity — actively exploited vulnerabilities always surface first. PRIVACY FIRST No backend. No server. No account required. All data is fetched directly from official US government APIs (CISA and NIST) and cached locally in your browser. Nothing you browse is ever transmitted to any third party. BUILT FOR - Developers checking the security posture of services they depend on - Security researchers doing quick vendor lookups - Anyone who wants to know what is broken before trusting a service with their data FEATURES - Automatic vendor detection from the current domain - CISA KEV entries flagged separately as actively exploited - CVSS severity scores color coded by risk level - Local caching so repeat visits are instant - Optional NVD API key for higher rate limits - Clear cache button to force a fresh lookup - No ads. No tracking. No telemetry.