purl-inspect

Inspect PURL for matching CVEs and vulnerabilities

Synopsis

Look up a specific package version in the DevGuard vulnerability database and display all known CVEs, their CVSS scores, EPSS exploit probability, and whether a fix is available.

A PURL (Package URL) is a standard way to identify a software package across ecosystems. The format is: pkg://@

For example: pkg:npm/lodash@4.17.20 (npm package) pkg:deb/debian/libc6@2.31-1 (Debian package) pkg:pypi/requests@2.25.0 (Python package)

The output also shows alias deduplication — when two CVE IDs refer to the same underlying vulnerability, DevGuard keeps only the canonical one and tells you which were removed.

Examples

Options

Options inherited from parent commands

Have feedback? We want to hear from you!

Fields marked with * are required