suse-add-cves utility takes a series of patches either as arguments or
one per line on stdin with --from_stdin (-f) option and updates CVE
number metadata in the patches. It needs upstream vulnerability repo
that can be cloned with: suse-add-cves -i -v /path. Existing repo is
accessed via via -v option or better via VULNS_GIT environment
variable. The vulnerability repo is kept up-to-date automatically and
is never older than 15 minutes.

suse-get-maintainers utility takes either a kernel path, an upstream
commmit hash, a unified patch produced by git or a CVE number and
produces contacts for SUSE maintainers responsible for the relevant
code. It can also work in a batch mode where the input is provided on
the standard input one item per a line and the results are presented
in CSV or JSON formats on stdout. For advanced functionality
(upstream hashs, CVE numbers) it requires access to a git kernel tree
and git kernel vulnerability database.