cve-check-tool, as its name suggests, is a tool for checking known (public) CVEs. The tool will identify potentially vunlnerable software packages within Linux distributions through version matching. Where possible it will also seek to determine (through a distribution implemention) if a vulnerability has been addressed by way of a patch.

https://github.com/clearlinux/cve-check-tool

Clone the git repository

git clone https://github.com/clearlinux/cve-check-tool.git
cd cve-check-tool

Execute autogen.sh

./autogen.sh

You might need some additional packages

configure: error: Package requirements (
                  glib-2.0 >= 2.36.0,
                  gio-2.0 >= 2.36.0,
                  libxml-2.0 >= 2.9.1,
                  libcurl >= 7.29.0,
                  gobject-2.0 >= 2.0,
                  sqlite3,
                  openssl >= 1.0.0

If you see the following message “No package 'sqlite3' found” but have sqlite3 installed, also install the following devel package

apt-get install libsqlite3-dev

Install CVE-Check-Tool

./autogen.sh
make
make install

Update the CVE feed

cve-check-update

There is no need to configure anything, but just in case, the files are at the following locations

/usr/lib/cve-check-tool/
/usr/share/cve-check-tool/
/usr/bin/cve-check-tool
/usr/bin/cve-check-update