CVE Database
boring.tools maintains a local mirror of the Open Source Vulnerabilities (OSV) database, synchronized every 10 minutes. The CVE Database interface provides powerful search and filtering capabilities across all ecosystems.
Search interface
The CVE Database search page offers real-time filtering across multiple dimensions:


Available filters
| Filter | Description |
|---|---|
| Search | Free-text search across CVE/GHSA IDs, package names, and summaries |
| Ecosystem | Filter by package ecosystem (npm, PyPI, Maven, etc.) |
| Severity | Filter by severity level (Critical, High, Medium, Low) |
| Min CVSS | Set minimum CVSS score threshold (0–10) |
All filters are applied in real-time with debounced input to reduce server load.
Search results
Results are displayed in a paginated table with key vulnerability metadata:


Each row shows:
- Severity badge — Color-coded severity indicator with left border accent
- ID — CVE or GHSA identifier (clickable link to detail page)
- CVSS Score — Numeric score from 0 to 10
- Summary — Brief description of the vulnerability
- Ecosystems — Affected package ecosystems as badges
- Modified — Last modification date
Severity filtering
Use the severity filter to focus on critical issues:


Vulnerability details
Click any vulnerability ID to view the full detail page:


The detail page includes:
- Complete vulnerability summary and description
- CVSS score and vector string
- Affected packages with version ranges
- References and external links
- Database source information
Loading more results
The search returns 25 results per page. If more matches are available, a Load more button appears at the bottom. Click to fetch the next page without losing your current results.
Database synchronization
The OSV mirror syncs automatically every 10 minutes. The Live indicator on the search page confirms the database is actively maintained. No manual refresh required.