---
name: CVE/CWE Database Skill
description: CVE and CWE database querying and management
allowed-tools:
  - Bash
  - Read
  - Write
  - Edit
  - Glob
  - Grep
  - WebFetch
---

# CVE/CWE Database Skill

## Overview

This skill provides CVE and CWE database querying, CVSS scoring, and vulnerability management capabilities.

## Capabilities

- Query NVD for CVE details
- Search CWE database for weaknesses
- Calculate CVSS scores (v2, v3.1, v4)
- Generate CVE request templates
- Track CVE assignment status
- Map vulnerabilities to CWE
- Generate vulnerability advisories
- Support CPE matching

## Target Processes

- vulnerability-root-cause-analysis.js
- responsible-disclosure.js
- security-advisory-writing.js
- variant-analysis.js

## Dependencies

- NVD API access
- CWE database (local or API)
- cvss library (Python)
- Python 3.x

## Usage Context

This skill is essential for:
- Vulnerability classification
- CVSS score calculation
- CVE request preparation
- Advisory writing
- Vulnerability tracking

## Integration Notes

- Supports NVD API v2
- Can cache CVE data locally
- Integrates with vulnerability management systems
- Supports CPE-based vulnerability matching
- Can generate machine-readable advisories (CSAF)