A Python client for the Global CVE Allocation System.
Project description
A Python client for the Global CVE Allocation System
The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entities.
This client can be integrated into software such as
Vulnerability-Lookup
to provide core GCVE functionalities by adhering to the
Best Current Practices.
It can also be used as a standalone command-line tool.
Examples of usage
As a command line tool
First install the gcve client:
$ python -m pip install --user pipx
$ python -m pipx ensurepath
$ pipx install gcve
installed package gcve 0.11.0, installed using Python 3.13.0
These apps are now globally available
- gcve
done! ✨ 🌟 ✨
Pulling the registry locally
$ gcve registry --pull
Pulling from registry…
Downloaded updated https://gcve.eu/dist/key/public.pem to .gcve/registry/public.pem
Downloaded updated https://gcve.eu/dist/gcve.json.sigsha512 to .gcve/registry/gcve.json.sigsha512
Downloaded updated https://gcve.eu/dist/gcve.json to .gcve/registry/gcve.json
Integrity check passed successfully.
Retrieving a GNA
Note: This operation is case sensitive.
$ gcve registry --get CIRCL
{
"id": 1,
"short_name": "CIRCL",
"cpe_vendor_name": "circl",
"full_name": "Computer Incident Response Center Luxembourg",
"gcve_url": "https://vulnerability.circl.lu/",
"gcve_api": "https://vulnerability.circl.lu/api/",
"gcve_dump": "https://vulnerability.circl.lu/dumps/",
"gcve_allocation": "https://vulnerability.circl.lu/",
"gcve_pull_api": "https://vulnerability.circl.lu/"
}
$ gcve registry --get CIRCL | jq .id
1
Searching the Registry
Note: Search operations are case insensitive.
$ gcve registry --find cert
[
{
"id": 106,
"full_name": "National Cyber Security Centre SK-CERT",
"short_name": "SK-CERT",
"gcve_url": "https://www.sk-cert.sk/"
},
{
"id": 680,
"short_name": "DFN-CERT",
"full_name": "DFN-CERT Services GmbH",
"gcve_url": "https://adv-archiv.dfn-cert.de/"
}
]
Pulling the references file
$ gcve references --pull
Pulling references…
Downloaded updated https://gcve.eu/dist/references.json to .gcve/references/references.json
References downloaded successfully.
Listing references
$ gcve references --list
{
"kev": [
{
"uuid": "405284c2-e461-4670-8979-7fd2c9755a60",
"short_name": "CISA KEV"
},
{
"uuid": "1a89b78e-f703-45f3-bb86-59eb712668bd",
"short_name": "CIRCL",
"gcve_gna_id": 1
},
{
"uuid": "cce329bf-df49-4c6e-a027-80be2e6483bd",
"short_name": "EUVD KEV",
"gcve_gna_id": 2
}
]
}
As a library
Verifying the integrity of your local GNA directory copy
Python 3.13.0 (main, Oct 10 2024, 07:28:38) [GCC 12.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from typing import List
... from gcve.gna import GNAEntry
... from gcve.registry import (
... update_registry_public_key,
... update_registry_signature,
... update_registry,
... verify_registry_integrity,
... load_registry,
... )
...
>>> update_registry_public_key()
No changes — using cached .gcve/registry/public.pem.
False
>>> update_registry_signature()
No changes — using cached .gcve/registry/gcve.json.sigsha512.
False
>>> update_registry()
No changes — using cached .gcve/registry/gcve.json.
False
>>> if verify_registry_integrity():
... gcve_data: List[GNAEntry] = load_registry()
...
>>>
Loading references
>>> from gcve.registry import update_references, load_references
>>>
>>> update_references()
Downloaded updated https://gcve.eu/dist/references.json to .gcve/references/references.json
True
>>> references = load_references()
>>> references['kev'][0]
{'uuid': '405284c2-e461-4670-8979-7fd2c9755a60', 'short_name': 'CISA KEV'}
Generating new GCVE entries
Example with GCVE-1 entries (CIRCL namespace):
from typing import List
from gcve.gna import GNAEntry
from gcve import gcve_generator, get_gna_id_by_short_name, to_gcve_id
from gcve.gna import GNAEntry
from gcve.registry import update_registry, load_registry
# Retrieve the JSON Directory file available at GCVE.eu if it has changed
update_registry()
# Initializes the GNA entries
gcve_data = load_registry()
# If "CIRCL" found in the registry
if CIRCL_GNA_ID := get_gna_id_by_short_name("CIRCL", gcve_data):
# Existing GCVE-O
existing_gcves = {to_gcve_id(cve) for cve in vulnerabilitylookup.get_all_ids()}
generator = gcve_generator(existing_gcves, CIRCL_GNA_ID)
for _ in range(5):
print(next(generator))
License
GCVE is licensed under GNU General Public License version 3.
- Copyright (c) 2025-2026 Computer Incident Response Center Luxembourg (CIRCL)
- Copyright (c) 2025-2026 Cédric Bonhomme - https://github.com/cedricbonhomme
Contact
Att: GCVE.EU
CIRCL - Computer Incident Response Center Luxembourg
c/o "Luxembourg House of Cybersecurity" g.i.e.
122, rue Adolphe Fischer
L-1521 Luxembourg
Grand-Duchy of Luxembourg
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
gcve-0.12.0.tar.gz
(20.6 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
gcve-0.12.0-py3-none-any.whl
(22.0 kB
view details)
File details
Details for the file gcve-0.12.0.tar.gz.
File metadata
- Download URL: gcve-0.12.0.tar.gz
- Upload date:
- Size: 20.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ec4fee05f0edeb7f970210018a8edec7689e4d6a5f01ff30e3aaa73eca80ad72
|
|
| MD5 |
5e26b7eeeab0aba9dbaffce655230b93
|
|
| BLAKE2b-256 |
86f82b8e8c5ee142d22f88ae7990c659ce9813e0ffae1aa8fdfd8b963bcc9ff4
|
Provenance
The following attestation bundles were made for gcve-0.12.0.tar.gz:
Publisher:
release.yml on gcve-eu/gcve
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
gcve-0.12.0.tar.gz -
Subject digest:
ec4fee05f0edeb7f970210018a8edec7689e4d6a5f01ff30e3aaa73eca80ad72 - Sigstore transparency entry: 886409279
- Sigstore integration time:
-
Permalink:
gcve-eu/gcve@1bacb6be734011e7831033cf9a3226548d2742d5 -
Branch / Tag:
refs/tags/v0.12.0 - Owner: https://github.com/gcve-eu
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@1bacb6be734011e7831033cf9a3226548d2742d5 -
Trigger Event:
release
-
Statement type:
File details
Details for the file gcve-0.12.0-py3-none-any.whl.
File metadata
- Download URL: gcve-0.12.0-py3-none-any.whl
- Upload date:
- Size: 22.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5fe2a7432036cb3cd9837761c2e775bdeb9b15556908053a20d450a28f2fc876
|
|
| MD5 |
7a61cf411d0c7a49f80d5a3a745de56c
|
|
| BLAKE2b-256 |
e947c95a037bedbc7eed8907c50bac6950ca4b6ccb01d386c9f2492fd6bede82
|
Provenance
The following attestation bundles were made for gcve-0.12.0-py3-none-any.whl:
Publisher:
release.yml on gcve-eu/gcve
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
gcve-0.12.0-py3-none-any.whl -
Subject digest:
5fe2a7432036cb3cd9837761c2e775bdeb9b15556908053a20d450a28f2fc876 - Sigstore transparency entry: 886409335
- Sigstore integration time:
-
Permalink:
gcve-eu/gcve@1bacb6be734011e7831033cf9a3226548d2742d5 -
Branch / Tag:
refs/tags/v0.12.0 - Owner: https://github.com/gcve-eu
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@1bacb6be734011e7831033cf9a3226548d2742d5 -
Trigger Event:
release
-
Statement type:
