CVEFinder.io

CVEFinder.io

Scan a website to find vulnerable technologies, dependencies & CVEs

No login required · Technology & dependency detection
💡 Previously scanned URLs don't count toward your daily limit
Or search the CVE database →

👀 Example Scan Results

See what you'll discover: technologies, dependencies, and vulnerabilities

📦 Detected Technologies

Technology Version Confidence
Nginx 1.14.0 95%
Node.js 14.17.0 88%
Express 4.17.1 75%
React 17.0.2 100%

📦 npm Dependency Analysis NEW

We analyze package.json files to identify vulnerable npm packages in your application

npm Package Version CVEs
lodash 4.17.15 3 CVEs
minimist 1.2.0 1 CVE
react 17.0.2 0 CVEs
💡 Pro Tip: Dependency scanning works automatically when we detect a package.json file on your site!

⛔ Found CVEs

CVE ID Severity Summary
CVE-2025-55182 🔴 CRITICAL React Server Components RCE vulnerability via unsafe deserialization of HTTP requests
CVE-2017-20005 🔴 CRITICAL Nginx <1.13.6 buffer overflow for years exceeding four digits in autoindex module
CVE-2014-7192 🔴 CRITICAL Eval injection vulnerability in syntax-error package for Node.js allows remote code execution
CVE-2021-44906 🔴 CRITICAL Minimist ≤1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey()
CVE-2019-10744 🔴 CRITICAL Lodash <4.17.12 vulnerable to Prototype Pollution via defaultsDeep function
CVE-2020-8203 ⚠️ HIGH Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20
CVE-2021-23337 ⚠️ HIGH Lodash <4.17.21 vulnerable to Command Injection via the template function

Start scanning now to discover vulnerabilities and risky dependencies in your websites

Scan Your Website
🔍
Deep Scanning

Analyzes headers, HTML, JavaScript & dependencies to detect technologies

📦
Dependency Analysis

Scans package.json files to identify vulnerable npm packages

🔄
Always Updated

CVE database synced daily with latest vulnerabilities