Scan projects for CVEs in AI-generated dependencies. Zero API calls. Works offline.
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
CVE-Guard
Stop AI from writing vulnerable code.
One command. Zero API calls. Works offline.
$ cve-guard scan ./my-project
Built by NOUMENON — AI agents that debate, evolve, and build. Want AI that thinks before it codes? noumenon.ai
Why This Exists
AI-generated code has 1.7x more vulnerabilities than human code. Copilot, Cursor, and Claude don't check if the packages they suggest have known CVEs. cve-guard does.
Run it before you commit. Run it in CI. Sleep better.
Install
pip install cve-guard
Usage
# Scan a project directory
cve-guard scan ./my-project
# Only show critical and high severity
cve-guard scan --severity critical
# Check a single package
cve-guard check react 18.2.0
# JSON output for CI/CD
cve-guard scan --format json
# Show fix commands
cve-guard scan --fix
# View the full CVE database
cve-guard db
Output
CVE-GUARD — Vulnerability Scanner v1.0.1
Scanning: ./my-nextjs-app/package.json
Found: 24 dependencies
CRITICAL VULNERABILITIES
Package CVE CVSS Installed Fix
next CVE-2025-29927 9.1 15.1.4 >= 15.2.3
react-server-dom-webpack CVE-2025-55182 10.0 19.2.0 >= 19.2.1
MEDIUM VULNERABILITIES
Package CVE CVSS Installed Fix
axios CVE-2023-45857 6.5 1.4.0 >= 1.6.0
Summary: 2 critical | 1 medium
Fix commands:
npm install next@15.2.3 react-server-dom-webpack@19.2.1 axios@1.6.0
CVEs Currently Detected
Every entry is verified against MITRE and/or the GitHub Advisory Database.
| Package | CVE / Advisory | CVSS | Severity | Fixed in |
|---|---|---|---|---|
| react-server-dom-webpack / -turbopack / -parcel | CVE-2025-55182 | 10.0 | CRITICAL | 19.0.1 / 19.1.2 / 19.2.1 |
| next | CVE-2025-29927 | 9.1 | CRITICAL | 15.2.3 / 14.2.25 / 13.5.9 / 12.3.5 |
| golang.org/x/crypto | CVE-2024-45337 | 9.1 | CRITICAL | 0.31.0 |
| react-router | CVE-2025-59057 | 7.6 | HIGH | 7.9.0 |
| flask | CVE-2023-30861 | 7.5 | HIGH | 2.3.2 / 2.2.5 |
| cryptography | CVE-2024-26130 | 7.5 | HIGH | 42.0.4 |
| rack | CVE-2026-34829 | 7.5 | HIGH | 3.2.6 / 3.1.21 / 2.2.23 |
| nokogiri | GHSA-c4rq-3m3g-8wgx | 7.5 | HIGH | 1.19.3 |
| rustls | CVE-2024-32650 | 7.5 | HIGH | 0.23.5 / 0.22.4 / 0.21.11 |
| lodash | CVE-2021-23337 | 7.2 | HIGH | 4.17.21 |
| pillow | CVE-2024-28219 | 6.7 | HIGH | 10.3.0 |
| axios | CVE-2023-45857 | 6.5 | MEDIUM | 1.6.0 / 0.28.0 |
| jsonwebtoken | CVE-2022-23540 | 6.4 | MEDIUM | 9.0.0 |
| express | CVE-2024-29041 | 6.1 | MEDIUM | 4.19.2 |
| requests | CVE-2024-35195 | 5.6 | MEDIUM | 2.32.0 |
| django | CVE-2024-45231 | 3.7 | MEDIUM | 5.1.1 / 5.0.9 / 4.2.16 |
Supported Languages
- JavaScript/Node.js — package.json
- Python — requirements.txt, pyproject.toml
- Ruby — Gemfile
- Go — go.mod
- Rust — Cargo.toml
All five manifest formats are parsed. The bundled database currently has the deepest coverage for JavaScript and Python, plus verified entries for Ruby (rack, nokogiri), Go (golang.org/x/crypto), and Rust (rustls).
CI/CD Integration
GitHub Action
name: CVE Guard
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: pip install cve-guard
- run: cve-guard scan . --format json --severity high
Pre-commit Hook
repos:
- repo: https://github.com/noumenon-ai/cve-guard
rev: v1.0.0
hooks:
- id: cve-guard
name: CVE Guard
entry: cve-guard scan
language: python
pass_filenames: false
Contributing
Found a new CVE? Open a PR to add it to database.py.
License
MIT
Part of the NOUMENON ecosystem. NOUMENON is a multi-agent AI build system where agents debate the best approach before writing a single line of code.
Built by Noumenon
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cve_guard-1.0.1.tar.gz.
File metadata
- Download URL: cve_guard-1.0.1.tar.gz
- Upload date:
- Size: 18.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d1de6b06e291371b59e3b1d89fe82f709b5fadbeab76138b0bcdb60c2d2b7712
|
|
| MD5 |
53f9f79e2749ec6be68eeda2c8caf538
|
|
| BLAKE2b-256 |
12fb728532a32504f901e5ef46f1c849e6c7643334fc2dff30e53b2e67c5abde
|
Provenance
The following attestation bundles were made for cve_guard-1.0.1.tar.gz:
Publisher:
publish.yml on Noumenon-ai/cve-guard
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
cve_guard-1.0.1.tar.gz -
Subject digest:
d1de6b06e291371b59e3b1d89fe82f709b5fadbeab76138b0bcdb60c2d2b7712 - Sigstore transparency entry: 1796948213
- Sigstore integration time:
-
Permalink:
Noumenon-ai/cve-guard@5a895f640d98aff41a3645dc35fcb82f2c3c3cf5 -
Branch / Tag:
refs/tags/v1.0.1 - Owner: https://github.com/Noumenon-ai
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@5a895f640d98aff41a3645dc35fcb82f2c3c3cf5 -
Trigger Event:
push
-
Statement type:
File details
Details for the file cve_guard-1.0.1-py3-none-any.whl.
File metadata
- Download URL: cve_guard-1.0.1-py3-none-any.whl
- Upload date:
- Size: 18.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c7aedbf498390c63f740c30e77d79fdcf396f9f1f4219679fe888a12d7cdca4d
|
|
| MD5 |
898bf6eec0d1a43d6f42e8591d56252e
|
|
| BLAKE2b-256 |
daf8a374d672ac3d4e0c4d88b27072effc254f0b2509e19e074f3e5a32fdc463
|
Provenance
The following attestation bundles were made for cve_guard-1.0.1-py3-none-any.whl:
Publisher:
publish.yml on Noumenon-ai/cve-guard
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
cve_guard-1.0.1-py3-none-any.whl -
Subject digest:
c7aedbf498390c63f740c30e77d79fdcf396f9f1f4219679fe888a12d7cdca4d - Sigstore transparency entry: 1796948616
- Sigstore integration time:
-
Permalink:
Noumenon-ai/cve-guard@5a895f640d98aff41a3645dc35fcb82f2c3c3cf5 -
Branch / Tag:
refs/tags/v1.0.1 - Owner: https://github.com/Noumenon-ai
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@5a895f640d98aff41a3645dc35fcb82f2c3c3cf5 -
Trigger Event:
push
-
Statement type:
