Site Tools



The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning a list of installed software and matching results with the CVE database. This is not a bullet-proof method and you will have many false positives (ie: vulnerability is fixed with a revision-release, but the tool isn't able to detect the revision itself), yet it is still better than nothing, especially if you are running a distribution with little security coverage.


Clone the git repository

git clone git://
cd cvechecker

The following packages are needed:

apt-get install sqlite3 libconfig-dev libsqlite3-dev autoconf xsltproc libbsd-dev

Install CVEChecker

autoreconf --force --install 
#select sqlite3 or mysql
./configure --enable-sqlite3 --enable-mysql
make install
make postinstall

Initialize the sqlite3 database

cvechecker -i

Update the CVE feed

pullcves pull

Installguide for other OS:


You can find configs at the following path





Gather installed software (exclude non software paths like logfiles or windows mounts...)

find / -path /var/spool/icinga2/perfdata -prune -o -path /backup -prune -o -path /marktplatz -prune -o -path /mnt -prune -o -path /media -prune -o -type f -perm -o+x > scanlist.txt
echo "/proc/version" >> scanlist.txt

Import installed software into CVEChecker

cvechecker -b scanlist.txt

Match software with CVEs

cvechecker -r -C > CVEs.csv

linux/ubuntu/cvechecker.txt · Last modified: 2021/05/31 12:52 by lunetikk