cve-guard 1.0.0

Scan projects for CVEs in AI-generated dependencies. Zero API calls. Works offline.

CVE-Guard

Stop AI from writing vulnerable code.

One command. Zero API calls. Works offline.

$ cve-guard scan ./my-project

Built by NOUMENON — AI agents that debate, evolve, and build. Want AI that thinks before it codes? noumenon.ai

Why This Exists

AI-generated code has 1.7x more vulnerabilities than human code. Copilot, Cursor, and Claude don't check if the packages they suggest have known CVEs. cve-guard does.

Run it before you commit. Run it in CI. Sleep better.

Install

pip install cve-guard

Usage

# Scan a project directory
cve-guard scan ./my-project

# Only show critical and high severity
cve-guard scan --severity critical

# Check a single package
cve-guard check react 18.2.0

# JSON output for CI/CD
cve-guard scan --format json

# Show fix commands
cve-guard scan --fix

# View the full CVE database
cve-guard db

Output

  CVE-GUARD — Vulnerability Scanner v1.0.0

  Scanning: ./my-nextjs-app/package.json
  Found: 24 dependencies

  CRITICAL VULNERABILITIES
  Package  CVE              CVSS  Installed  Fix
  next     CVE-2025-66478   10.0  14.2.5     >= 15.1.4
  next     CVE-2025-29927    9.1  14.2.5     >= 15.1.4
  react    CVE-2025-55182   10.0  18.2.0     >= 19.0.0

  HIGH VULNERABILITIES
  Package  CVE              CVSS  Installed  Fix
  axios    CVE-2023-45857    7.0  1.4.0      >= 1.6.0

  PLATFORM WARNINGS
  Package   Warning
  supabase  Verify RLS enabled on ALL tables
  stripe    Verify webhook signature verification

  Summary: 3 critical | 1 high | 2 warnings

  Fix commands:
    npm install next@15.1.4 react@19.0.0 axios@1.6.0

CVEs Currently Detected

Package	CVE	CVSS	Severity	Fix
react	CVE-2025-55182	10.0	CRITICAL	>= 19.0.0
next	CVE-2025-66478	10.0	CRITICAL	>= 15.1.4
next	CVE-2025-29927	9.1	CRITICAL	>= 15.1.4
node	CVE-2026-NODE-JAN	8.0	HIGH	>= 22.13.1
django	CVE-2024-45231	8.1	HIGH	>= 5.1.1
pillow	CVE-2024-28219	8.1	HIGH	>= 10.3.0
jsonwebtoken	CVE-2022-23529	7.6	HIGH	>= 9.0.0
react-router	CVE-2025-59057	7.5	HIGH	>= 7.0.0
flask	CVE-2023-30861	7.5	HIGH	>= 2.3.2
cryptography	CVE-2024-26130	7.5	HIGH	>= 42.0.4
lodash	CVE-2021-23337	7.2	HIGH	>= 4.17.21
axios	CVE-2023-45857	7.0	HIGH	>= 1.6.0
express	CVE-2024-29041	6.1	MEDIUM	>= 4.19.2
requests	CVE-2024-35195	5.6	MEDIUM	>= 2.32.0
supabase	GHSA-v36f	8.5	HIGH	Enable RLS
stripe	ACTIVE-CAMPAIGN-2026	8.0	HIGH	Verify webhooks

Supported Languages

• JavaScript/Node.js — package.json
• Python — requirements.txt, pyproject.toml
• Ruby — Gemfile
• Go — go.mod
• Rust — Cargo.toml

CI/CD Integration

GitHub Action

name: CVE Guard
on: [push, pull_request]
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: pip install cve-guard
      - run: cve-guard scan . --format json --severity high

Pre-commit Hook

repos:
  - repo: https://github.com/noumenon-ai/cve-guard
    rev: v1.0.0
    hooks:
      - id: cve-guard
        name: CVE Guard
        entry: cve-guard scan
        language: python
        pass_filenames: false

Contributing

Found a new CVE? Open a PR to add it to database.py.

License

MIT

---

Part of the NOUMENON ecosystem. NOUMENON is a multi-agent AI build system where agents debate the best approach before writing a single line of code.