Last updated: December 2024
By accessing or using wtfisthiscve.com ("the Service"), you agree to be bound by these Terms of Service.
wtfisthiscve.com provides plain English explanations of CVE (Common Vulnerabilities and Exposures) security vulnerabilities. The service includes:
- A public website with CVE explanations
- An authenticated API for programmatic access
- A command-line interface (CLI) tool
You may use the Service to:
- Look up and understand CVE information
- Integrate CVE data into your security workflows
- Share links to CVE pages
You may NOT:
- Attempt to overwhelm the service with excessive requests
- Scrape the website without permission
- Use the API without a valid API key
- Resell or redistribute the data commercially without permission
- Attempt to reverse-engineer the LLM explanations
CVE explanations are generated using AI (large language models) based on data from the National Vulnerability Database (NVD). While we strive for accuracy:
- Explanations may contain errors or oversimplifications
- Always verify critical security decisions with official sources
- We are not liable for actions taken based on our explanations
Original CVE data comes from NIST's National Vulnerability Database. We do not guarantee the accuracy or completeness of NVD data.
THE SERVICE IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND. WE ARE NOT LIABLE FOR:
- Security incidents resulting from reliance on our explanations
- Service downtime or data loss
- Inaccurate or incomplete CVE information
- Any indirect, incidental, or consequential damages
We may terminate or suspend your access to the Service at any time, without prior notice, for conduct that we believe violates these Terms or is harmful to other users or the Service.
We reserve the right to modify these terms at any time. Continued use of the Service after changes constitutes acceptance of the new terms.
These Terms are governed by the laws of the United Kingdom.
For questions about these Terms, contact us at legal@wtfisthiscve.com.