Paste a dependency list — a package.json, requirements.txt, go.mod, or one package per line — and check it against the CVE corpus in one shot. Matches are ranked by depth, with the fixed version where we have it.
Package matching is sourced from the GitHub Advisory Database, so ecosystem packages (npm, PyPI, Go, Maven, Composer, RubyGems, NuGet, Cargo) resolve best. Anonymous checks match the latest public CVEs; sign in for full-corpus matching, or automate it with the API (POST /api/sbom) and the triage_sbom MCP tool.