Get Started
← All tools

Security & Vuln Intel

CVE Lookup

Query the NIST NVD CVE 2.0 database.

cve_lookup
View on GitHub

Overview

Checks the worldwide database of known software vulnerabilities. Drop in a CVE ID or a keyword and it returns what the vulnerability is, how severe it is, and which products it affects — essential for security reviews.

How it works

Calls the NIST NVD 2.0 API with either a specific CVE ID or a free-text keyword. Returns the CVE ID, description, severity classification, CVSS v3 score, and the list of affected products (CPE matches). Results come straight from the authoritative database — no third-party enrichment.

Example

When a user asks:

What do you know about CVE-2021-44228?

the agent calls the tool: 

cve_lookup(id="CVE-2021-44228")

and gets back: description of the Log4Shell vulnerability, CVSS 10.0, affected Log4j versions, and references.

Use it in a workflow

Wire this tool into a SwarmAI crew. Use the YAML DSL for declarative workflows, or the Java builder API when you want full programmatic control.

YAML DSL

# security-triage.yaml
name: security-triage-crew
process: SEQUENTIAL

agents:
  - id: auditor
    role: Security Auditor
    goal: Assess the severity of known vulnerabilities
    tools:
      - cve_lookup

tasks:
  - id: security-triage-task
    agent: auditor
    description: Look up CVE-2021-44228 and summarize the impact, CVSS score, and affected versions.

Java

import ai.intelliswarm.swarmai.agent.Agent;
import ai.intelliswarm.swarmai.task.Task;
import ai.intelliswarm.swarmai.swarm.Swarm;
import ai.intelliswarm.swarmai.swarm.SwarmOutput;
import ai.intelliswarm.swarmai.process.ProcessType;
import ai.intelliswarm.swarmai.tool.security.CVELookupTool;
import org.springframework.ai.chat.client.ChatClient;
import org.springframework.beans.factory.annotation.Autowired;

@Autowired ChatClient chatClient;
@Autowired CVELookupTool cVELookupTool;

Agent auditor = Agent.builder()
    .role("Security Auditor")
    .goal("Assess the severity of known vulnerabilities")
    .chatClient(chatClient)
    .tool(cVELookupTool)
    .build();

Task auditorTask = Task.builder()
    .description("Look up CVE-2021-44228 and summarize the impact, CVSS score, and affected versions.")
    .agent(auditor)
    .build();

SwarmOutput result = Swarm.builder()
    .agent(auditor)
    .task(auditorTask)
    .process(ProcessType.SEQUENTIAL)
    .build()
    .kickoff();

What it's good for

Real scenarios where agents put this tool to work.

Security-audit crews reviewing dependencies
CVE-ID triage (e.g. CVE-2021-44228 Log4Shell)
Risk reports for SOC/appsec demos
Keyword scan for emerging vulnerabilities

Source

Implementation lives at swarmai-tools/src/main/java/ai/intelliswarm/swarmai/tool/security/CVELookupTool.java in the swarm-ai repository.

Open cve_lookup on GitHub →

← Back to all tools