Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE lookup that shows the actual fix (KB / package version / Apple train), plus a no-key API. Built partly because NVD's API keeps flaking out

0
Medium
Security-newscybersecurityreddit
Published: 07/17/2026 (07/17/2026, 16:14:31 UTC)
Source: Reddit Cybersecurity

Description

This is an informational post about a CVE lookup tool that provides actual fix information (such as KB articles, package versions, or Apple update trains) and a no-key API. It was created to address issues with the NVD API's unreliability and lack of fix details. The tool aggregates remediation data from multiple authoritative sources and offers a cached read layer to improve availability and usability for security professionals.

Reddit Discussion

r/cybersecurity·posted by u/Ad3t0
00

Disclosure up front: I work on a patch-management product (TridentStack Control), and this is a free, standalone spin-off of the remediation data we already maintain. No account, nothing gated on the tool or the API. Putting it here rather than at the bottom because it should come before the pitch, not after.

tridentstack.com/cve

Two things send me to NVD constantly, and both have gotten painful. First, the REST API has been flaky for weeks (there was a whole r/cybersecurity thread on it), which is rough if you script against it. Second, NVD tells you a CVE exists but not how to actually fix it.

So the tool focuses on those two. For each CVE it shows the sourced remediation when one exists: the KB for Windows and Office, the fixed version for a package (npm, PyPI, Go, apt, and so on), or the Apple update train, each with a link back to the vendor advisory. When there is no published fix, it says so instead of guessing. It never fabricates a version or KB, which given how many "AI CVE" tools hallucinate fixes felt like the whole point.

There is also a public API, no key and no signup (60 requests/min, no key required):

  • GET /api/v1/cve/CVE-2021-44228 (single CVE with remediation)
  • GET /api/v1/cve?kev=true&fix=true&severity=critical (filtered list)
  • bulk.jsonl for the whole catalog, an OSV export per CVE, and an OpenAPI 3.1 spec

Quick try: curl https://tridentstack.com/api/v1/cve/CVE-2021-44228

It is a cached read layer over NVD plus CISA KEV plus EPSS plus curated remediation sources, so it stays queryable on the days NVD's own API is having issues. That caching is also the point: freshness is bounded by our sync cadence, so it is not real-time, and I am not claiming it is fresher or more complete than NVD. The underlying data is derived from NVD.

For context on why I leaned on a cached layer: since NIST's April notice about record CVE growth, roughly 80% of new CVEs now land without full CVSS/CWE/CPE enrichment, and separately about 29,000 older backlogged CVEs were reclassified as won't-be-enriched. Leaning on a single live source felt fragile.

Sources are public-domain or CC and attributed on the /cve/about page. Sharing it because the "CVE exists, ok but what is the fix" gap and the NVD API flakiness are things I figure a lot of you hit too. Feedback and missing-fix reports welcome.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/18/2026, 08:53:57 UTC

Technical Analysis

The reported item is not a vulnerability or threat but a security news post describing a CVE lookup service that enhances remediation visibility by showing actual fixes linked to vendor advisories. It also offers a public API without authentication to query CVE remediation data, addressing known shortcomings of the NVD API, including flakiness and lack of fix details. The service aggregates data from NVD, CISA KEV, EPSS, and curated remediation sources, providing a cached layer for improved reliability. It does not fabricate fix information and openly discloses its data sources and limitations.

Potential Impact

There is no direct security impact or vulnerability associated with this content. It is a tool/service announcement aimed at improving CVE remediation data accessibility for security practitioners.

Mitigation Recommendations

Not applicable. This content does not describe a vulnerability or threat requiring mitigation.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Source Type
reddit
Subreddit
cybersecurity
Reddit Score
0
Discussion Level
minimal
Content Source
reddit_link_post
Post Type
link
Domain
null
Newsworthiness Assessment
{"score":35,"reasons":["external_link","established_author","recent_news"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
Has External Source
true
Trusted Domain
false

Threat ID: 6a5b3f1734329bf928c5184b

Added to database: 07/18/2026, 08:53:43 UTC

Last enriched: 07/18/2026, 08:53:57 UTC

Last updated: 07/18/2026, 11:06:30 UTC

Views: 6

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses