Yet another CVE database
Project description
CVEdb
CVEdb is yet another Python CVE database library and utility. There are lots already available. Why create another? Most existing libraries rely on a third party API like cve.circl.lu, which can and do throttle usage, require registration, and/or demand an internet connection. Some libraries are bloated, including web interfaces for search.
CVEdb Features:
- Can be used either as a library or a command line utility
- Simple API
- Download directly from the National Vulnerability Database
- Automatically, incrementally update as necessary
CVEdb Anti-Features:
- Does not require many dependencies
- Does not have a web server
- Does not require Internet connectivity (after the first sync)
Installation
$ pip3 install cvedb
Command Line Usage
$ cvedb --help
Python Examples
from cvedb.db import CVEdb
with CVEdb.open() as db:
for cve in db:
print(cve)
By default, the CVEs downloaded from NIST are saved to a sqlite database stored in cvedb.db.DEFAULT_DB_PATH, which is
set to ~/.config/cvedb/cvedb.sqlite. This can be customized by passing the db_path argument to CVEdb.open.
The db.data() function returns an instance of a cvedb.feed.Data object, which has
numerous methods to query CVEs.
For example:
with CVEdb.open() as db:
for cve in db.data().search("search term"):
print(cve)
In addition to accepting strings, the data().search(...) function will accept any
cvedb.search.SearchQuery object.
License and Acknowledgements
CVEdb was created by Trail of Bits. It is licensed under the GNU Lesser General Public License v3.0. Contact us if you're looking for an exception to the terms. © 2021, Trail of Bits.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
