National Vulnerability Database CPE/CVE API Library
Simple NIST NVD API wrapper library
NVDlib is a Python library that allows you to interface with the NIST National Vulnerability Database (NVD), pull vulnerabilities (CVEs), and Common Platform Enumeration (CPEs) into easily accessible objects.
- Search the NVD for CVEs using all parameters allowed by the NVD API. Including search criteria such as CVE publish and modification date, keywords, severity, score, or CPE name.
- Search CPE names by keywords, CPE match strings, or modification dates. Then pull the CVE ID's that are relevant to those CPEs.
- Retrieve details on individual CVEs, their relevant CPE names, and more.
- Built in rate limiting according to NIST NVD recommendations.
Get an API key (https://nvd.nist.gov/developers/request-an-api-key) to allow for 0.6 seconds between requests. Otherwise it is 6 seconds between requests.
$ pip install nvdlib
>>> import nvdlib >>> r = nvdlib.getCVE('CVE-2021-26855') >>> print(r.v3severity + ' - ' + str(r.v3score)) CRITICAL - 9.8 >>> print(r.cve.description.description_data.value) Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. >>> print(r.v3vector) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Run the tests with
$ pip install -e '.[dev]' $ pytest
This is my first attempt at creating a library while utilizing all my Python experience from classes to functions.
For more information on the NIST NVD API for CPE and CVEs, see the documentation here: https://nvd.nist.gov/General/News/New-NVD-CVE-CPE-API-and-SOAP-Retirement
Release history Release notifications | RSS feed
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.