Try Claude
Vulnerability DatabaseSearch CVEs & track new advisories
AI Tools for Test Engineers
AI tools that help test engineers write test plans, research testing standards, find vulnerabilities in software under test, track defect trends, and generate test documentation faster.
Get started for free
Works in Chat, Cowork and Code
Cve IDComponentCvss
CVE-2024-21490Node.js 20.x9.1 Critical
CVE-2024-27983Node.js HTTP/28.9 High
CVE-2024-28849Follow-redirects (React dep)7.5 High
3 relevant CVEs found · 1 critical · 2 high · all have patches available
Security vulnerability scanning
Identify known CVEs in all software dependencies, OS versions, and frameworks before releasing a product or system. Build a pre-release security checklist that catches public vulnerabilities before attackers do.
Check all critical CVEs for our tech stack: Python 3.11, Django 4.2, PostgreSQL 15, Redis 7.0, and nginx 1.25. Flag anything with CVSS ≥ 9.0.
Scanned 5 components. Found 3 critical CVEs: CVE-2024-24680 (Django ReDoS in IntegerField, CVSS 9.2 — patch in 4.2.11), CVE-2023-44487 (HTTP/2 Rapid Reset in nginx, CVSS 9.1 — patch in 1.25.3), CVE-2024-31449 (Redis Lua scripting stack overflow, CVSS 9.4 — patch in 7.0.15). Python 3.11 and PostgreSQL 15 are clean at current patch levels.
ToolRouter search_vulnerabilities
Cve IDComponentCvss
CVE-2024-24680Django 4.29.2 Critical
CVE-2023-44487nginx 1.25 (HTTP/2)9.1 Critical
CVE-2024-31449Redis 7.09.4 Critical
3 critical CVEs found · Python 3.11 and PostgreSQL 15 are clean · patch Django, nginx, Redis immediately
Web application penetration testing
Run automated black-box penetration tests against web applications in staging or QA environments. Identify OWASP Top 10 vulnerabilities, exposed endpoints, and security misconfigurations before go-live.
Run a full penetration test on our staging environment at staging.myapp.io. Include OWASP Top 10 coverage, exposed admin interfaces, and any SQL injection or XSS vulnerabilities.
Pentest complete. Critical findings: 1) SQL injection in /api/users?filter= parameter (unauthenticated). 2) Admin interface exposed at /admin without IP restriction. High: 3) CORS wildcard policy allows cross-origin credential theft. Medium: 4) Missing security headers (CSP, HSTS). Low: 5) Verbose error messages exposing stack traces. Full report with reproduction steps attached.
ToolRouter scan_web
SeverityFindingLocation
CriticalSQL injection — unauthenticated/api/users?filter=
CriticalAdmin panel exposed — no IP restriction/admin
HighCORS wildcard — credential theft vectorAll origins
MediumMissing CSP + HSTS headersAll responses
5 findings · 2 critical · 1 high · 1 medium · 1 low · full report with steps attached
Test plan and documentation generation
Generate comprehensive test plans, test case specifications, and test summary reports following IEEE 829, ISO 29119, or internal templates. Reduce time spent on documentation so more time can go to actual testing.
Create an IEEE 829-compliant test plan document for testing a firmware OTA update mechanism on an IoT gateway device, covering functionality, security, and rollback failure scenarios.
Generated 22-page test plan. Sections: 1.0 Scope, 2.0 References, 3.0 Test items (firmware v2.4 OTA module), 4.0 Features to be tested (happy path, network interruption, authentication failure, rollback), 5.0 Features not tested, 6.0 Approach, 7.0 Pass/fail criteria, 8.0 Suspension criteria, 9.0 Test deliverables, 10.0 Environmental needs, 11.0 Schedule.
ToolRouter create_document
Document
22 pages generated · full IEEE 829-2008 section structure
Test Items
Firmware v2.4 OTA module · happy path, network interruption, auth failure, rollback
Pass/Fail Criteria
Defined for all 4 test scenarios including rollback recovery
Environmental Needs
Target board spec, test harness, network simulation tools documented
Schedule
Sprint-based test schedule aligned to firmware release milestones
Testing standards and methodology research
Research applicable testing standards, certifications, and best practices for your domain — from DO-178C for avionics to IEC 62443 for industrial cybersecurity. Stay current on evolving methodologies like mutation testing and property-based testing.
What are the key software verification and test requirements for Level C software under DO-178C for an avionics control system? How many test cases are required, and what coverage criteria apply?
DO-178C Level C requires: structural coverage to decision coverage (DC), modified condition/decision coverage (MC/DC) is not required at Level C. Test objectives include 52 of the 71 objectives in Table A-7. Independence required for test case review but not separate test team. Decision coverage means every boolean sub-expression exercised as both true and false.
ToolRouter research
Coverage Required
Decision Coverage (DC) required · MC/DC not required at Level C
Test Objectives
52 of 71 objectives in Table A-7 apply to Level C software
Independence
Independent review of test cases required · separate test team not mandated
DC Definition
Every boolean sub-expression exercised as both true and false
Key Distinction
Level A requires MC/DC · Level C is less stringent · plan accordingly
Test architecture and flow visualization
Generate test architecture diagrams, state machine diagrams, and test flow charts to document your test strategy and communicate it clearly to development teams and stakeholders.
Create a state machine diagram for testing a vending machine controller with states: Idle, ItemSelected, PaymentPending, Dispensing, and ChangeReturning. Show all valid state transitions.
Generated state machine with 5 states and 9 transitions. Key transitions: Idle → ItemSelected (item button pressed), ItemSelected → PaymentPending (confirm selection), PaymentPending → Dispensing (payment accepted), PaymentPending → ItemSelected (payment rejected — retry), Dispensing → ChangeReturning (item dispensed), ChangeReturning → Idle (change returned). Cancel transitions also modeled from ItemSelected and PaymentPending.
ToolRouter render_diagram
Vending Machine State Machine · 5 States · 9 Transitions
Idle → ItemSelected → PaymentPending → Dispensing → ChangeReturning
Job market and skills research
Track demand for test engineering skills across hardware, software, and security testing domains. Find roles that match your toolchain experience and identify certifications like ISTQB that improve your market value.
Find SDET and test automation engineer roles at fintech or healthcare companies requiring Selenium, Playwright, or Cypress experience. Show roles paying over $130K with remote options.
Found 84 matching positions. Median salary: $145,000. Top stacks in demand: Playwright (mentioned in 61% of listings, overtaking Selenium), Cypress (48%), and API testing with Postman/Newman (72%). Healthcare roles tend to require CSTE or ISTQB certifications. 67% offer fully remote or hybrid work.
ToolRouter search_jobs
CompanyRoleStack
StripeSDETPlaywright, Ruby, Python
PlaidSenior Test EngineerCypress, Postman/Newman
Epic SystemsQA Automation EngineerSelenium, Java, CSTE preferred
Evolent HealthSDETPlaywright, Python, Jenkins
84 matching positions · median $145K · 67% remote or hybrid · Playwright in 61%
Ready-to-use prompts
Dependency CVE scan
Scan for known CVEs in our application dependencies: Spring Boot 3.2, Hibernate 6.3, Apache Tomcat 10.1, and Jackson 2.16. Focus on remote code execution and authentication bypass vulnerabilities with CVSS ≥ 8.0.
Penetration test
Run a black-box security assessment of https://staging.myapp.com. Test for OWASP Top 10 vulnerabilities including injection, broken authentication, XSS, CSRF, and insecure direct object references. Provide severity rating and reproduction steps for each finding.
Test plan generation
Create a software test plan document following ISO/IEC 29119-3 for testing a mobile banking app. Include scope, test approach, entry/exit criteria, risk-based test priorities, environments, schedule, and resource requirements.
Testing standards research
Explain the key differences between black-box, white-box, and grey-box testing approaches. When should each be used, what are their strengths and weaknesses, and which testing certifications (ISTQB, CSTE) cover each approach?
State machine diagram
Draw a state machine diagram for an order management system with states: Draft, Submitted, Processing, Shipped, Delivered, and Cancelled. Include all valid transitions, guard conditions, and error paths.
Job search
Find principal or staff test engineer positions at electric vehicle companies or battery manufacturers requiring experience with Hardware-in-the-Loop (HIL) testing, CAN bus, and automotive safety standards. Include US and Germany.
Literature review
Search for recent peer-reviewed papers on mutation testing effectiveness for safety-critical software. What mutation operators are most effective for finding real bugs, and how does mutation score correlate with test suite quality?
Security standards research
Summarize the key test and verification requirements from IEC 62443-4-1 (Secure Product Development Lifecycle) for software and firmware in industrial automation and control systems. Which requirements apply to test engineers?
Tools to power your best work
Academic ResearchSearch papers, authors, citations
Penetration TestingAI-powered black-box pen testing
Deep ResearchAI research reports with citations
Diagram GeneratorRender Mermaid, PlantUML & more
Job SearchJobs & salary data worldwide
Word DocumentsCreate, read & modify Word docs
165+ tools.
One conversation.
Everything test engineers need from AI, connected to the assistant you already use. No extra apps, no switching tabs.
Pre-release security test sprint
Run a complete security testing pass before a product release: scan dependencies, pentest the application, and generate a security summary report.
New product test strategy setup
When starting on a new product, research applicable testing standards, design the test architecture, and produce the master test plan.
Test engineer career development
Identify in-demand skills and certifications, find target roles, and build a learning plan to advance in the test engineering career track.
Frequently Asked Questions
What types of vulnerabilities does the penetration testing tool find?
Pentest performs black-box web application testing covering OWASP Top 10 categories: injection (SQL, command, LDAP), broken authentication, XSS, CSRF, security misconfiguration, vulnerable components, insecure direct object references, and sensitive data exposure. It crawls the attack surface automatically from any URL.
Can vulnerability database scan container images or npm package lock files?
Vulnerability Database searches by product name and version, so you can query CVEs for any package, OS, or framework version individually. For automated scanning of full package lock files or SBOM documents, dedicated tools like Snyk or OWASP Dependency-Check complement this research capability.
Can these tools help me prepare for ISTQB certification?
Deep Research and Academic Research can explain any ISTQB syllabus topic, help you understand testing techniques, and locate study resources. Ask about specific exam topics like equivalence partitioning, boundary value analysis, or test management concepts from the Foundation or Advanced syllabi.
How does the docx tool handle technical tables and matrices like traceability matrices?
Docx Tools can create documents with formatted tables, which are suitable for requirements-to-test traceability matrices, defect severity tables, and test coverage summaries. Specify the column structure, and the tool generates the table with content from your inputs.
Is the penetration test tool safe to run against production environments?
Pentest is designed for testing environments and should only be used against systems you own or have explicit written authorization to test. Never run it against production systems without a formal change management approval and rollback plan. Always use staging or dedicated test environments.
Give your AI superpowers.
Get started for free
Works in Chat, Cowork and Code