CIRCL CVE Search Logo


The CIRCL CVE Search plugin adds the ability to call portions of the cve-search REST API defined at https://cve.circl.lu/api/.


The Security Flow CIRCL CVE Search plugin provides the ability to

  • search for CVEs
  • retrieve the list of all vendors in the database
  • retrieve the list of all products for a vendor
  • retrieve the list CVEs associated with a vendor’s product
  • retrieve a CVE
  • retrieve a list of the latest CVEs

Flow Node

This node exposes CIRCL CVE search capabilities provided by the CIRCL CVE Search REST API.


The display name of the node within the flows.


Configuration option determining the type of operation to perform:

  • Find CVEs: Retrieves a list of CVEs matching the specified filter criteria.
  • Get Vendors: Retrieves the entire list of vendors with any CVEs.
  • Get Vendor Products: Retrieves the entire list of Vendor products with CVEs.
  • Get Vendor Product CVEs: Retrieves the entire list of CVEs associated with the Vendor and Product.
  • Get a CVE: Retrieves the CVE identified by the CVE ID.
  • Get Latest CVEs: Retrieves a list of the most recent CVEs added to the system.

Successful results for an action are placed in msg.payload.cvesearch.response.


The Rejected option defines if the query results should include rejected CVEs (show) or exclude rejected CVEs (hide). If the Rejected value does not evaluate to show or hide, it is excluded from the search criteria resulting in the default value of show being assumed by the API.

CVSS Score

The CVSS Score options defines the comparison operation and the CVSS score to test against. If the CVSS Score operation option does not evaluate to one of above, equals, or below, it defaults to above. If the CVSS Score value option is set to Not Specified, the CVSS Score is not included in the filter criteria. If the CVSS Score value is not in the range of [0,10], an error is thrown.


The Dates option defines the date filtering criteria as follows. If the Dates value is set to Not Specified, no date filtering is performed. Otherwise, date filtering is performed.

Date Field

The Date Field determines the date field to filter on. If the Date Field value does not evaluate to Modified, Published, or last-modified, it defaults to Modified.

Start / End

The Start and End display based on the selected value of the Dates option. Both the Start and End options use variable substitution from the incoming message using a mustache format. Both options should use the toDDMMYYYY formatter to ensure the date string is formatted correctly. A mustache is a set of double curly braces surrounding a variable, i.e. {{ variable }}. For example, {{payload.data}} would substitute in the value of payload.data found in the incoming message. Visit the Template Engine and Formatters page to learn more.


The name of a vendor found in any of the CVEs.


The name of a product found in any of the CVEs.


The ID of a CVE. The format is CVE-YYYY-####, where YYYY is a year and #### is a number with 4 or more digits.

Size Limit

The maximum number of returned CVEs is limited to the selected Size Limit.

Nevelex Labs, Main Office

Metro Office Park
2950 Metro Drive, Suite 104
Bloomington, MN 55425
Phone: +1 952-500-8921

©Nevelex Labs, LLC. 2018-2024, All Rights Reserved.