And if you pin it, then when you inevitably get a CVE for an old version, the upgrade path is harder and more time consuming. And that's when the security teams come knocking to pass their audit.

We've been building an enterprise AppSec platform for over a year. As part of that we built a vulnerability database - aggregating 160+ upstream vuln databases, plus external enrichment like EPSS scores and exploit data, plus our own enrichment on top. We also index malware and end-of-life data alongside vulnerabilities in the same data model.

The issue with how companies use vulnerability data is that it's always been a checkpoint after you've already written code. And AI agents make this worse. We wanted to see if we could get this into the development loop within Claude Code - so a human gets immediate feedback, but even better, an agent off doing a task gets feedback before it even gets back to the human.

The plugin checks dependencies the moment a manifest changes. Async, never blocks, no source code leaves your machine. Rather than sending your code out to a scanner to figure out reachability, we feed the right data to the agent so it can determine how a vulnerability affects the codebase itself.

The free tier gives you access to all 160+ aggregated sources without needing to build your own data pipeline or service layer. Paid tiers add our enrichment and proprietary data.

Install: /plugin marketplace add Vulnetix/claude-code-plugin then /plugin install vulnetix@vulnetix-plugins

Plugin docs: https://claude-docs.vdb.vulnetix.com/

There's also a CLI and API access. More details on these at vulnetix.com/vdb