Metadata-Version: 2.4
Name: cve-guard
Version: 1.0.0
Summary: Scan projects for CVEs in AI-generated dependencies. Zero API calls. Works offline.
Author-email: NOUMENON <hello@noumenon.ai>
License: MIT
Project-URL: Homepage, https://github.com/noumenon-ai/cve-guard
Project-URL: Repository, https://github.com/noumenon-ai/cve-guard
Project-URL: Issues, https://github.com/noumenon-ai/cve-guard/issues
Keywords: cve,security,vulnerability,scanner,cli
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Quality Assurance
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: typer>=0.9.0
Requires-Dist: rich>=13.0.0
Dynamic: license-file
Dynamic: requires-python

# CVE-Guard

**Stop AI from writing vulnerable code.**

One command. Zero API calls. Works offline.

```
$ cve-guard scan ./my-project
```

> Built by NOUMENON — AI agents that debate, evolve, and build.
> Want AI that thinks before it codes? noumenon.ai

![PyPI](https://img.shields.io/pypi/v/cve-guard)
![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)
![Python 3.10+](https://img.shields.io/badge/python-3.10+-blue.svg)

## Why This Exists

AI-generated code has 1.7x more vulnerabilities than human code.
Copilot, Cursor, and Claude don't check if the packages they suggest
have known CVEs. cve-guard does.

Run it before you commit. Run it in CI. Sleep better.

## Install

```bash
pip install cve-guard
```

## Usage

```bash
# Scan a project directory
cve-guard scan ./my-project

# Only show critical and high severity
cve-guard scan --severity critical

# Check a single package
cve-guard check react 18.2.0

# JSON output for CI/CD
cve-guard scan --format json

# Show fix commands
cve-guard scan --fix

# View the full CVE database
cve-guard db
```

## Output

```
  CVE-GUARD — Vulnerability Scanner v1.0.0

  Scanning: ./my-nextjs-app/package.json
  Found: 24 dependencies

  CRITICAL VULNERABILITIES
  Package  CVE              CVSS  Installed  Fix
  next     CVE-2025-66478   10.0  14.2.5     >= 15.1.4
  next     CVE-2025-29927    9.1  14.2.5     >= 15.1.4
  react    CVE-2025-55182   10.0  18.2.0     >= 19.0.0

  HIGH VULNERABILITIES
  Package  CVE              CVSS  Installed  Fix
  axios    CVE-2023-45857    7.0  1.4.0      >= 1.6.0

  PLATFORM WARNINGS
  Package   Warning
  supabase  Verify RLS enabled on ALL tables
  stripe    Verify webhook signature verification

  Summary: 3 critical | 1 high | 2 warnings

  Fix commands:
    npm install next@15.1.4 react@19.0.0 axios@1.6.0
```

## CVEs Currently Detected

| Package | CVE | CVSS | Severity | Fix |
|---------|-----|------|----------|-----|
| react | CVE-2025-55182 | 10.0 | CRITICAL | >= 19.0.0 |
| next | CVE-2025-66478 | 10.0 | CRITICAL | >= 15.1.4 |
| next | CVE-2025-29927 | 9.1 | CRITICAL | >= 15.1.4 |
| node | CVE-2026-NODE-JAN | 8.0 | HIGH | >= 22.13.1 |
| django | CVE-2024-45231 | 8.1 | HIGH | >= 5.1.1 |
| pillow | CVE-2024-28219 | 8.1 | HIGH | >= 10.3.0 |
| jsonwebtoken | CVE-2022-23529 | 7.6 | HIGH | >= 9.0.0 |
| react-router | CVE-2025-59057 | 7.5 | HIGH | >= 7.0.0 |
| flask | CVE-2023-30861 | 7.5 | HIGH | >= 2.3.2 |
| cryptography | CVE-2024-26130 | 7.5 | HIGH | >= 42.0.4 |
| lodash | CVE-2021-23337 | 7.2 | HIGH | >= 4.17.21 |
| axios | CVE-2023-45857 | 7.0 | HIGH | >= 1.6.0 |
| express | CVE-2024-29041 | 6.1 | MEDIUM | >= 4.19.2 |
| requests | CVE-2024-35195 | 5.6 | MEDIUM | >= 2.32.0 |
| supabase | GHSA-v36f | 8.5 | HIGH | Enable RLS |
| stripe | ACTIVE-CAMPAIGN-2026 | 8.0 | HIGH | Verify webhooks |

## Supported Languages

- **JavaScript/Node.js** — package.json
- **Python** — requirements.txt, pyproject.toml
- **Ruby** — Gemfile
- **Go** — go.mod
- **Rust** — Cargo.toml

## CI/CD Integration

### GitHub Action

```yaml
name: CVE Guard
on: [push, pull_request]
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: pip install cve-guard
      - run: cve-guard scan . --format json --severity high
```

### Pre-commit Hook

```yaml
repos:
  - repo: https://github.com/noumenon-ai/cve-guard
    rev: v1.0.0
    hooks:
      - id: cve-guard
        name: CVE Guard
        entry: cve-guard scan
        language: python
        pass_filenames: false
```

## Contributing

Found a new CVE? Open a PR to add it to `database.py`.

## License

MIT

---

Part of the NOUMENON ecosystem.
NOUMENON is a multi-agent AI build system where agents debate
the best approach before writing a single line of code.
