Documentation

Commands

Deterministic CLI wrappers that run vulnetix vdb subcommands directly with no LLM analysis.

Commands are thin, deterministic wrappers around vulnetix vdb subcommands. Unlike skills or agents, commands involve no LLM analysis – they execute the CLI, capture the JSON output, and display it in a structured format.

Use commands when you want raw VDB data without interpretation, or when you need to pipe exact output into another workflow.

Command Reference

VDB lookups

CommandWrapsPurpose
vdb-vulnvulnetix vdb vulnLook up a vulnerability by ID
vdb-vulnsvulnetix vdb vulnsList vulnerabilities for a package
vdb-affectedvulnetix vdb affected -V v2Affected products/packages
vdb-advisoriesvulnetix vdb advisories -V v2Advisory data
vdb-fixesvulnetix vdb fixesFix data (patches, advisories, distro)
vdb-workaroundsvulnetix vdb workarounds -V v2Workaround intelligence
vdb-remediationvulnetix vdb remediation plan -V v2Context-aware remediation plan
vdb-scorecardvulnetix vdb scorecard -V v2Vulnerability scorecard
vdb-cwevulnetix vdb cwe -V v2CWE intelligence
vdb-metricsvulnetix vdb metricsCVSS/EPSS metrics
vdb-vexvulnetix vdb vexVEX statements
vdb-purlvulnetix vdb purlLookup by Package URL
vdb-versionsvulnetix vdb versionsAll versions across ecosystems
vdb-productvulnetix vdb productProduct version info
vdb-ecosystemvulnetix vdb ecosystemEcosystem-scoped lookups
vdb-packagesvulnetix vdb packages searchPackage search

Exploit + threat intel

CommandWrapsPurpose
vdb-exploits-searchvulnetix vdb exploits searchSearch exploited vulns
vdb-ai-discoveriesvulnetix vdb ai-discoveriesAI-discovered vulns
vdb-ai-in-wildvulnetix vdb ai-in-wildAI-discovered in-the-wild observations
vdb-ai-malwarevulnetix vdb ai-malwareAI malware family intelligence
vdb-ai-assisted-exploitsvulnetix vdb ai-assisted-exploitsAI-assisted exploit demos
vdb-iocsvulnetix vdb iocsIOC pivots (CrowdSec + Shadowserver)
vdb-sightingsvulnetix vdb sightingsMerged in-the-wild timeline
vdb-attack-techniquesvulnetix vdb attack-techniquesMITRE ATT&CK mappings
vdb-kevvulnetix vdb kevKEV catalogue
vdb-triagevulnetix vdb triageScore-driven triage feed
vdb-exploit-trendsvulnetix vdb exploit-trendsSeverity-tier signal counts
vdb-vendor-trendsvulnetix vdb vendor-trendsVendor monthly/yearly breakdown
vdb-timelinevulnetix vdb timelineVuln lifecycle timeline

Detection + reporting

CommandWrapsPurpose
vdb-snort-rulesvulnetix vdb snort-rulesSnort detection rules
vdb-yara-rulesvulnetix vdb yara-rulesYARA static-analysis rules
vdb-nucleivulnetix vdb nucleiNuclei templates
vdb-traffic-filtersvulnetix vdb traffic-filtersIDS/IPS traffic filter rules
vdb-msrcvulnetix vdb msrcMicrosoft Patch Tuesday rollups
vdb-cloud-locatorsvulnetix vdb cloud-locators -V v2Cloud resource locators
vdb-summaryvulnetix vdb summaryGlobal VDB stats
vdb-sourcesvulnetix vdb sourcesVuln data sources
vdb-idsvulnetix vdb idsCVE IDs published in a calendar month
vdb-searchvulnetix vdb searchSearch CVE IDs by prefix
vdb-gcvevulnetix vdb gcveCVEs by date range
vdb-rawvulnetix vdb rawReplay raw archived advisory bytes
vdb-specvulnetix vdb specOpenAPI specification
vdb-statusvulnetix vdb statusAPI health + CLI metadata
vdb-cachevulnetix vdb cacheManage local response cache

Local scanners

CommandWrapsPurpose
scanvulnetix scanFull scan (configurable across SCA/SAST/secrets/license/container/IaC)
sastvulnetix sastSAST only
scavulnetix scaSCA only
secretsvulnetix secretsSecret detection only
containersvulnetix containersContainer/Dockerfile analysis
iacvulnetix iacTerraform/OpenTofu/Nix
licensevulnetix licenseLicense conflicts
triagevulnetix triageTriage from GitHub or Vulnetix VDB

Artifact upload + auth + meta

CommandWrapsPurpose
uploadvulnetix uploadUpload SBOM / SARIF / VEX / SPDX / CSAF
gha-uploadvulnetix gha uploadBatch upload from GitHub Actions
gha-statusvulnetix gha statusPoll GitHub Actions artifact status
auth-loginvulnetix auth loginInteractive auth
auth-statusvulnetix auth statusAuth status
envvulnetix envCurrent environment context
versionvulnetix versionCLI version

Invocation

All commands use the colon syntax:

/vulnetix:<command-name> <arguments>

For example:

/vulnetix:vdb-vuln CVE-2021-44228

Commands are marked disable-model-invocation: true, meaning your coding agent will never call them autonomously – they only run when you invoke them explicitly.

Output

Every command appends -o json to the underlying CLI call and parses the JSON response into a human-readable summary. The raw JSON is always available in the command output if you need it for scripting or further processing.

vdb-vuln
Look up a single vulnerability by ID from the Vulnetix VDB, supporting 78+ identifier formats.
vdb-vulns
List all known vulnerabilities for a specific package from the Vulnetix VDB with pagination support.
vdb-exploits-search
Search for exploited vulnerabilities across all packages in the Vulnetix VDB with filtering and sorting.
vdb-remediation
Get a context-aware remediation plan for a vulnerability from the Vulnetix VDB V2 API.
auth-login
Authenticate with Vulnetix (interactive)
auth-status
Display current Vulnetix authentication status
containers
Analyze Dockerfile / Containerfile / compose
env
Display the current Vulnetix environment context
gha-status
GitHub Actions artifact status polling
gha-upload
GitHub Actions artifact batch upload
iac
Analyze Terraform / OpenTofu / Nix infrastructure-as-code
license
Analyze package licenses for conflicts and policy compliance
sast
Run Vulnetix SAST analysis only
sca
Run Vulnetix software composition analysis only
scan
Run a full Vulnetix scan (configurable across SCA + SAST + secrets + license + container + IaC)
secrets
Run Vulnetix secret detection only
triage
Triage vulnerabilities from GitHub alerts or Vulnetix VDB
upload
Upload artifact files (SBOM, SARIF, VEX, SPDX, CSAF) to Vulnetix
vdb-advisories
Get advisory data for a vulnerability (V2)
vdb-affected
Get affected products and packages for a vulnerability (V2)
vdb-ai-assisted-exploits
Researcher AI-assisted exploit demonstrations
vdb-ai-discoveries
AI-discovered vulnerabilities (researcher leaderboard + per-CVE)
vdb-ai-in-wild
AI-discovered in-the-wild exploitation observations
vdb-ai-malware
AI-authored / AI-runtime malware family intelligence
vdb-attack-techniques
Look up MITRE ATT&CK technique mappings for CVEs
vdb-cache
Manage the local VDB response cache
vdb-cloud-locators
Get cloud resource locator templates for a vendor/product (V2)
vdb-cwe
Look up CWE-related vulnerability intelligence (V2)
vdb-ecosystem
Ecosystem-scoped package and group lookups
vdb-exploit-trends
Severity-tier rollup of exploit signal counts
vdb-fixes
Get fix data (patches, advisories, distro patches) for a vulnerability
vdb-gcve
Get CVEs by date range
vdb-ids
List CVE identifiers published in a calendar month
vdb-iocs
IOC pivots from CrowdSec sightings + Shadowserver counts
vdb-kev
Access the Vulnetix KEV (Known Exploited Vulnerabilities) catalogue
vdb-metrics
Vulnerability metric intelligence
vdb-msrc
Microsoft Security Response Center patch-Tuesday rollups
vdb-nuclei
Get Nuclei templates referencing a CVE
vdb-packages
Search for packages and assess security risk
vdb-product
Get product version information
vdb-purl
Query VDB using a Package URL (PURL)
vdb-raw
Replay raw archived advisory bytes from object storage
vdb-scorecard
Get vulnerability scorecard (V2)
vdb-search
Search CVE identifiers by prefix
vdb-sightings
Merged in-the-wild observation timeline for a CVE
vdb-snort-rules
Look up Snort detection rules with rich filters
vdb-sources
List vulnerability data sources
vdb-spec
Get the OpenAPI specification
vdb-status
Check API health and display CLI metadata
vdb-summary
Get global VDB database statistics
vdb-timeline
Get vulnerability lifecycle timeline
vdb-traffic-filters
Get IDS/IPS traffic filter rules (Snort) for a vulnerability
vdb-triage
Score-driven triage feed (the daily SOC pull)
vdb-vendor-trends
Vendor trend data — monthly/yearly CVE+GHSA breakdown
vdb-versions
Get all known versions of a package across ecosystems
vdb-vex
Retrieve VEX statements
vdb-workarounds
Get workaround information for a vulnerability (V2)
vdb-yara-rules
Look up YARA static-analysis rules with rich filters
version
Print Vulnetix CLI version