Skip to main content

Package for interacting with cve-search

Project description

The CveXplore package aims to provide an object related way to interact with the data collected or hosted by a cve-search instance. It provides an ambiguous way to interact with either the cve-search mongodb or the cve-search API.

From version 0.2.5 onwards CveXplore has the possibility to initialize and update the database without the need of any of the cve-search binaries and thus providing the same functionality as cve-search but without the GUI components.

A click command line functionality is being build but for now still in progress…

All the data provided by this interaction is converted into objects before being returned. And thus providing a way to interact with objects rather then with raw data.


As stated you will need to have one of two things; in order to fully use this package you need access to:

  • A cve-search mongodb instance


  • A cve-search API instance (will be retired in the 0.4 release)

Both of them can be easily created on a physical machine or via a docker instance of cve-search; please check cve-search or CVE-Search-Docker for further details.


Package is hosted on pypi, so to install the minimal core just run:

pip install CveXplore

This command will install the core logic of CveXplore and, by default, installs the mongodb module also.

CveXplore is setup in a modular way and therefor has multiple modules which can be installed separately by specifying them as an extra requirement. To install the mysql module only, specify:

pip install CveXplore[mysql]

Or for multiple modules:

pip install CveXplore[mysql, redis]

Or simple install all modules:

pip install CveXplore[all]


Check github pages documentation



CveXplore automatically creates a config folder in ‘~/.cvexplore’. CveXplore stores several configuration files in here such as the .env for general configuration and the .sources.ini for data sources configuration.


CveXplore stores all logs in the ‘~/.cvexplore/log’ folder:

  • update_populate.log; logging produced during database updates and database initialization.

Local Database populate / update

As of version 0.2.5 CveXplore can populate and update a local mongodb instance from either the command line:

$ cvexplore database initialize
$ cvexplore database update

Check the CLI Documentation for more information.

Or via the the CveXplore object:

>>> from CveXplore import CveXplore
>>> cvx = CveXplore()
>>> cvx.database.populate()
>>> cvx.database.update()

You can add your NIST API Key in the environment variable NVD_NIST_API_KEY (e.g., in the ~/.cvexplore/.env file). You can populate CveXplore without an API key, but it will limit the amount of parallel requests made to the NIST API.

For the NVD API, the update starts from the last modified document in the database. In case of missing CPEs or CVEs caused by failures during the regular updates you can manually update entries for 1–120 days. (If the period is longer than 120 days you would need to re-populate the entire database.) Example:

>>> cvx.database.update(manual_days=7)

Package usage


CveXplore can be instantiated with different parameters, depending to which data source you’re going to connect to. If no parameters are given it is assumed that you’re going to connect to a mongodb database running on localhost with default port and security settings (Cve Search default parameters).

>>> from CveXplore import CveXplore
>>> cvx = CveXplore()
>>> cvx.version

To let CveXplore connect to an mongodb with specific parameters:

>>> from CveXplore import CveXplore
>>> cvx = CveXplore(datasource_type="mongodb", datasource_connection_details={"host": "mongodb://"})
>>> cvx.version

And to let CveXplore talk to an Cve Search API (only query POST endpoint needed):

>>> from CveXplore import CveXplore
>>> cvx = CveXplore(datasource_type="api", datasource_connection_details={"address": ("", 443), "api_path": "api"})
>>> cvx.version

For More options please check the package documentation

Command line usage

CveXplore has a ‘Python Click’ (Documentation) command line interpreter available. Click provides an extensive help function to guide you through the different options; also check the full documentation for examples and usage instructions

$ cvexplore --help
Usage: cvexplore [OPTIONS] COMMAND [ARGS]...

  -v, --version  Show the current version and exit
  --help         Show this message and exit.

  capec     Query for capec specific data
  cpe       Query for cpe specific data
  cve       Query for cve specific data
  cwe       Query for cwe specific data
  database  Database update / populate commands
  find      Perform find queries on a single collection
  stats     Show datasource statistics
  tasks     Perform task related operations.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cvexplore-0.3.35.tar.gz (105.1 kB view hashes)

Uploaded Source

Built Distribution

CveXplore-0.3.35-py3-none-any.whl (131.4 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page