{"id":18614080,"url":"https://github.com/enthought/cve-search","last_synced_at":"2025-11-03T03:30:21.495Z","repository":{"id":66039650,"uuid":"107391039","full_name":"enthought/cve-search","owner":"enthought","description":"Default Repo description from terraform module","archived":false,"fork":false,"pushed_at":"2017-10-12T11:19:16.000Z","size":2652,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-12-27T02:43:08.351Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/enthought.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-10-18T10:09:11.000Z","updated_at":"2021-06-01T16:11:48.000Z","dependencies_parsed_at":null,"dependency_job_id":"33ce16d8-bb8d-4f2a-b05c-732d08815045","html_url":"https://github.com/enthought/cve-search","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enthought%2Fcve-search","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enthought%2Fcve-search/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enthought%2Fcve-search/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/enthought%2Fcve-search/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/enthought","download_url":"https://codeload.github.com/enthought/cve-search/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239406445,"owners_count":19633024,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T03:25:02.494Z","updated_at":"2025-11-03T03:30:21.380Z","avatar_url":"https://github.com/enthought.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"cve-search\n==========\n\n[![Join the chat at https://gitter.im/cve-search/cve-search](https://badges.gitter.im/cve-search/cve-search.svg)](https://gitter.im/cve-search/cve-search?utm_source=badge\u0026utm_medium=badge\u0026utm_campaign=pr-badge\u0026utm_content=badge)\n\n![cve-search logo](https://avatars3.githubusercontent.com/u/15033728?v=3\u0026s=200)\n\n[![Build Status](https://travis-ci.org/cve-search/cve-search.svg?branch=master)](https://travis-ci.org/cve-search/cve-search)\n\ncve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and\nCPE (Common Platform Enumeration) into a MongoDB to facilitate search\nand processing of CVEs.\n\nThe main objective of the software is to avoid doing direct and public lookup\ninto the public CVE databases. This is usually faster to do local lookups and\nlimits your sensitive queries via the Internet.\n\ncve-search includes a back-end to store vulnerabilities and related information,\nan intuitive web interface for search and managing vulnerabilities,\na series of tools to query the system and a web API interface.\n\ncve-search is used by many organizations including the [public CVE services of CIRCL](https://cve.circl.lu/).\n\nRequirements\n------------\n\n* Python3.3 or later\n* MongoDB 2.2 or later\n* redis server\n* Pip3\n  * PyMongo\n  * Flask\n  * Flask-PyMongo\n  * Flask-Login\n  * Tornado\n  * Whoosh\n  * Redis\n  * Python-dateutil\n  * passlib\n  * feedformater (for RSS and Atom dump_last) http://code.google.com/p/feedformatter/\n  * Whoosh http://packages.python.org/Whoosh/ (If you're planning to use the Full-text indexer)\n  * irc\n  * sleekxmpp\n  * Werkzeug\n  * Jinja2\n  * itsdangerous\n  * click\n\nThe requirements can be installed with pip:\n\n    sudo pip3 install -r requirements.txt\n\nInstallation of MongoDB\n-----------------------\n\nFirst, you'll need to have a Python 3 installation (3.3 or higher).\nThen you need to install MongoDB (2.2) from source (this should also work\nwith any standard packages from your favorite distribution). Don't forget\nto install the headers for development while installing MongoDB.\nYou can go to http://docs.mongodb.org/manual/installation/ for to get the\npackages for your distribution, or http://www.mongodb.org/downloads for\nthe source code.\n\n\nPopulating the database\n-----------------------\n\nFor the initial run, you need to populate the CVE database by running:\n\n    ./sbin/db_mgmt.py -p\n    ./sbin/db_mgmt_cpe_dictionary.py\n    ./sbin/db_updater.py -c\n\nIt will fetch all the existing XML files from the Common Vulnerabilities\nand Exposures database and the Common Platform Enumeration. The initial\nCommon Platform Enumeration (CPE) import might take some time depending\nof your configuration.\n\nIf you want to add the cross-references from NIST, Red Hat and other vendors:\n\n    ./sbin/db_mgmt_ref.py\n\nA more detailed documentation can be found in the Documentations folder of the project.\n\nDatabases and collections\n-------------------------\n\nThe MongoDB database is called cvedb and there are 11 collections:\n\n* cves (Common Vulnerabilities and Exposure items) - source NVD NIST\n* cpe (Common Platform Enumeration items) - source NVD NIST\n* cwe (Common Weakness Enumeration items) - source NVD NIST\n* capec (Common Attack Pattern Enumeration and Classification) - source NVD NIST\n* ranking (ranking rules per group) - local cve-search\n* d2sec (Exploitation reference from D2 Elliot Web Exploitation Framework) - source d2sec.com\n* [MITRE Reference Key/Maps](https://cve.mitre.org/data/refs/) - source MITRE reference Key/Maps\n* ms - (Microsoft Bulletin (Security Vulnerabilities and Bulletin)) - source [Microsoft](http://www.microsoft.com/en-us/download/details.aspx?id=36982)\n* exploitdb (Offensive Security - Exploit Database) - source [offensive security](https://github.com/offensive-security/exploit-database)\n* info (metadata of each collection like last-modified) - local cve-search\n* via4 [VIA4CVE](https://github.com/cve-search/VIA4CVE) cross-references.\n\nThe Redis database has 3 databases:\n\n* 10: The cpe (Common Platform Enumeration) cache - source MongoDB cvedb collection cpe\n* 11: The notification database - source cve-search\n* 12: The [CVE reference database](https://cve.mitre.org/data/refs/) is a cross-reference database to CVE ids against various vendors ID - source NVD NIST/MITRE\n\nThe reference database has 3 additional sources:\n\n* [MITRE Reference Key/Maps](https://cve.mitre.org/data/refs/).\n* Red Hat RPM to CVE database.\n* Red Hat RHSA Oval database.\n\nUpdating the database\n---------------------\n\nAn updater script helps to start the db_mgmt_*  \n\n    ./sbin/db_updater.py -v\n\nYou can run it in a crontab, logging is done in syslog by default.\n\nRepopulating the database\n-------------------------\n\nTo easily drop and re-populate all the databases\n\n    ./sbin/db_updater.py -v -f\n\nThis will drop all the existing external sources and reimport everything. This operation can take some time\nand it's usually only required when new attributes parsing are added in cve-search.\n\nUsage\n-----\n\nYou can search the database using search.py\n\n    ./bin/search.py -p cisco:ios:12.4\n    ./bin/search.py -p cisco:ios:12.4 -o json\n    ./bin/search.py -f nagios -n\n    ./bin/search.py -p microsoft:windows_7 -o html\n\nIf you want to search all the WebEx vulnerabilities and only printing the official\nreferences from the supplier.\n\n    ./bin/search.py -p webex: -o csv  -v \"cisco\"\n\nYou can also dump the JSON for a specific CVE ID.\n\n    ./bin/search.py -c CVE-2010-3333\n\nOr you can use the XMPP bot\n\n    ./bin/search_xmpp.py -j mybot@jabber.org -p strongpassword\n\nOr dump the last 2 CVE entries in RSS or Atom format\n\n    ./bin/dump_last.py -f atom -l 2\n\nOr you can use the webinterface.\n\n    ./web/index.py\n\nUsage of the ranking database\n-----------------------------\n\nThere is a ranking database allowing to rank software vulnerabilities based on\ntheir common platform enumeration name. The ranking can be done per organization\nor department within your organization or any meaningful name for you.\n\nAs an example, you can add a partial CPE name like \"sap:netweaver\" which is very\ncritical for your accounting department.\n\n    ./sbin/db_ranking.py  -c \"sap:netweaver\" -g \"accounting\" -r 3\n\nand then you can lookup the ranking (-r option) for a specific CVE-ID:\n\n    ./bin/search.py -c CVE-2012-4341  -r  -n\n\nAdvanced usage\n--------------\n\nAs cve-search is based on a set of tools, it can be used and combined with standard Unix tools. If you ever wonder what are the top vendors using the term \"unknown\" for their vulnerabilities:\n\n    python3 bin/search_fulltext.py -q unknown -f | jq -c '. | .vulnerable_configuration[0]' | cut -f5 -d: | sort  | uniq -c  | sort -nr | head -10\n\n    1500 oracle\n    381 sun\n    372 hp\n    232 google\n    208 ibm\n    126 mozilla\n    103 microsoft\n    100 adobe\n     78 apple\n     68 linux\n\nYou can compare CVSS (Common Vulnerability Scoring System ) values of some products based on their CPE name. Like comparing oracle:java versus sun:jre and using R to make some statistics about their CVSS values:\n\n    python3 bin/search.py -p oracle:java -o json  | jq -r '.cvss' | Rscript -e 'summary(as.numeric(read.table(file(\"stdin\"))[,1]))'\n    Min. 1st Qu.  Median    Mean 3rd Qu.    Max.\n    1.800   5.350   9.300   7.832  10.000  10.000\n\n\n    python3 bin/search.py -p sun:jre -o json  | jq -r '.cvss' | Rscript -e 'summary(as.numeric(read.table(file(\"stdin\"))[,1]))'\n    Min. 1st Qu.  Median    Mean 3rd Qu.    Max.\n    0.000   5.000   7.500   7.333  10.000  10.000\n\nFulltext indexing\n-----------------\n\nIf you want to index all the CVEs from your current MongoDB collection:\n\n    ./sbin/db_fulltext.py\n\nand you query the fulltext index (to get a list of matching CVE-ID):\n\n    ./bin/search_fulltext.py -q NFS -q Linux\n\nor to query the fulltext index and output the JSON object for each CVE-ID:\n\n    ./bin/search_fulltext.py -q NFS -q Linux -f\n\nFulltext visualization\n----------------------\n\nThe fulltext indexer visualization is using the fulltext indexes to build\na list of the most common keywords used in CVE. [NLTK](http://nltk.org/) is\nrequired to generate the keywords with the most common English\nstopwords and lemmatize the output. [NTLK for Python 3](http://nltk.org/nltk3-alpha/)\nexists but you need to use the alpha version of NLTK.\n\n    ./bin/search_fulltext.py  -g -s \u003ecve.json\n\n![cve-search visualization](https://farm9.staticflickr.com/8109/8603509755_c7690c2de4_n.jpg \"CVE Keywords Visualization Using Data From cve-search\")\n\nYou can see a visualization on the [demo site](http://www.foo.be/cve/).\n\nWeb interface\n-------------\n\nThe web interface is a minimal interface to see the last CVE entries and\nquery a specific CVE. You'll need flask in order to run the website and [Flask-PyMongo](http://flask-pymongo.readthedocs.org/en/latest/). To start\nthe web interface:\n\n    cd ./web\n    ./index.py\n\nThen you can connect on http://127.0.0.1:5000/ to browser the last CVE.\n\nWeb API interface\n-----------------\n\nThe web interface includes a minimal JSON API to get CVE by ID, by vendor or product.\nA public version of the API is also accessible on [cve.circl.lu](https://cve.circl.lu/).\n\nList the know vendors in JSON\n\n~~~\ncurl http://127.0.0.1:5000/api/browse/\n~~~\n\nDump the product of a specific vendor in JSON\n\n~~~\ncurl  http://127.0.0.1:5000/api/browse/zyxel \n{\n  \"product\": [\n    \"n300_netusb_nbg-419n\",\n    \"n300_netusb_nbg-419n_firmware\",\n    \"p-660h-61\",\n    \"p-660h-63\",\n    \"p-660h-67\",\n    \"p-660h-d1\",\n    \"p-660h-d3\",\n    \"p-660h-t1\",\n    \"p-660h-t3\",\n    \"p-660hw\",\n    \"p-660hw_d1\",\n    \"p-660hw_d3\",\n    \"p-660hw_t3\"\n  ],\n  \"vendor\": \"zyxel\"\n}\n~~~\n\nFind the associated vulnerabilities to a vendor and a product\n\n~~~\ncurl  http://127.0.0.1:5000/api/search/zyxel/p-660hw\n[{\"cwe\": \"CWE-352\", \"references\": [\"http://www.exploit-db.com/exploits/33518\", \"http://secunia.com/advisories/58513\", \"http://packetstormsecurity.com/files/126812/Zyxel-P-660HW-T1-Cross-Site-Request-Forgery.html\", \"http://osvdb.org/show/osvdb/107449\"], \"vulnerable_configuration\": [\"cpe:/h:zyxel:p-660hw:_t1:v3\"], \"Published\": \"2014-06-16T14:55:09.713-04:00\", \"id\": \"CVE-2014-4162\", \"Modified\": \"2014-07-17T01:07:29.683-04:00\", \"cvss\": 6.8, \"summary\": \"Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to Forms/WLAN_General_1.\"}, {\"cwe\": \"CWE-20\", \"references\": [\"http://www.kb.cert.org/vuls/id/893726\"], \"vulnerable_configuration\": [\"cpe:/h:zyxel:p-660h-63:-\", \"cpe:/h:zyxel:p-660h-t1:-\", \"cpe:/h:zyxel:p-660h-d3:-\", \"cpe:/h:zyxel:p-660h-t3:v2\", \"cpe:/h:zyxel:p-660h-t1:v2\", \"cpe:/h:zyxel:p-660h-d1:-\", \"cpe:/h:zyxel:p-660h-67:-\", \"cpe:/h:zyxel:p-660h-61:-\", \"cpe:/h:zyxel:p-660hw_t3:v2\", \"cpe:/h:zyxel:p-660hw_t3:-\", \"cpe:/h:zyxel:p-660hw_d3:-\", \"cpe:/h:zyxel:p-660hw_d1:v2\", \"cpe:/h:zyxel:p-660hw_d1:-\", \"cpe:/h:zyxel:p-660hw:_t1:v2\", \"cpe:/h:zyxel:p-660hw:_t1:-\"], \"Published\": \"2014-04-01T23:58:16.967-04:00\", \"id\": \"CVE-2013-3588\", \"Modified\": \"2014-04-02T11:29:53.243-04:00\", \"cvss\": 7.8, \"summary\": \"The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets.\"}, {\"cwe\": \"CWE-79\", \"references\": [\"http://osvdb.org/ref/99/rompager407.pdf\", \"http://osvdb.org/99694\", \"http://antoniovazquezblanco.github.io/docs/advisories/Advisory_RomPagerXSS.pdf\"], \"vulnerable_configuration\": [\"cpe:/h:d-link:dsl-2640r:-\", \"cpe:/h:d-link:dsl-2641r:-\", \"cpe:/h:huawei:mt882:-\", \"cpe:/h:sitecom:wl-174:-\", \"cpe:/h:tp-link:td-8816:-\", \"cpe:/a:allegrosoft:rompager:4.07\", \"cpe:/h:zyxel:p-660hw_d1:-\"], \"Published\": \"2014-01-16T14:55:04.607-05:00\", \"id\": \"CVE-2013-6786\", \"Modified\": \"2014-01-17T11:01:47.353-05:00\", \"cvss\": 4.3, \"summary\": \"Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the \\\"forbidden author header\\\" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page.  NOTE: there is no CVE for a \\\"URL redirection\\\" issue that some sources list separately.\"}, {\"cwe\": \"CWE-79\", \"references\": [\"http://xforce.iss.net/xforce/xfdb/41109\", \"http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded\", \"http://www.gnucitizen.org/projects/router-hacking-challenge/\"], \"vulnerable_configuration\": [\"cpe:/h:zyxel:p-660hw_t3:v2\", \"cpe:/h:zyxel:p-660hw:_t1:v2\", \"cpe:/h:zyxel:p-660hw_d1:v2\", \"cpe:/h:zyxel:p-660hw_t3:-\", \"cpe:/h:zyxel:p-660hw:_t1:-\", \"cpe:/h:zyxel:p-660hw_d3:-\", \"cpe:/h:zyxel:p-660hw_d1:-\"], \"Published\": \"2008-03-10T13:44:00.000-04:00\", \"id\": \"CVE-2008-1257\", \"Modified\": \"2012-05-31T00:00:00.000-04:00\", \"cvss\": 4.3, \"summary\": \"Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ZyXEL P-660HW series router allows remote attackers to inject arbitrary web script or HTML via the PingIPAddr parameter.\"}, {\"id\": \"CVE-2008-1256\", \"references\": [\"http://xforce.iss.net/xforce/xfdb/41108\", \"http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded\", \"http://www.gnucitizen.org/projects/router-hacking-challenge/\"], \"vulnerable_configuration\": [\"cpe:/h:zyxel:p-660hw\"], \"Published\": \"2008-03-10T13:44:00.000-04:00\", \"Modified\": \"2011-03-07T22:06:25.080-05:00\", \"cvss\": 10.0, \"summary\": \"The ZyXEL P-660HW series router has \\\"admin\\\" as its default password, which allows remote attackers to gain administrative access.\"}, {\"cwe\": \"CWE-264\", \"references\": [\"http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded\", \"http://www.gnucitizen.org/projects/router-hacking-challenge/\", \"http://xforce.iss.net/xforce/xfdb/41114\"], \"vulnerable_configuration\": [\"cpe:/h:zyxel:p-660hw\"], \"Published\": \"2008-03-10T13:44:00.000-04:00\", \"id\": \"CVE-2008-1255\", \"Modified\": \"2008-09-05T17:37:15.440-04:00\", \"cvss\": 10.0, \"summary\": \"The ZyXEL P-660HW series router maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a previously authenticated user.\"}, {\"cwe\": \"CWE-352\", \"references\": [\"http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded\", \"http://www.gnucitizen.org/projects/router-hacking-challenge/\", \"http://xforce.iss.net/xforce/xfdb/41111\"], \"vulnerable_configuration\": [\"cpe:/h:zyxel:p-660hw\"], \"Published\": \"2008-03-10T13:44:00.000-04:00\", \"id\": \"CVE-2008-1254\", \"Modified\": \"2008-09-05T17:37:15.287-04:00\", \"cvss\": 6.8, \"summary\": \"Multiple cross-site request forgery (CSRF) vulnerabilities on the ZyXEL P-660HW series router allow remote attackers to (1) change DNS servers and (2) add keywords to the \\\"bannedlist\\\" via unspecified vectors.\"}]\n~~~\n\nSoftware using cve-search\n-------------------------\n\n* [cve-portal](https://www.github.com/CIRCL/cve-portal) which is a CVE notification portal\n* [cve-search-mt](https://www.github.com/NorthernSec/cve-search-mt) which is a set of management tools for CVE-Search\n* [cve-scan](https://www.github.com/NorthernSec/cve-scan) which is a NMap CVE system scanner\n\nChangelog\n---------\n\nYou can find the changelog [here](https://github.com/cve-search/UpdateLog)\n\nLicense\n-------\n\ncve-search is free software released under the \"Modified BSD license\"\n\n    Copyright (c) 2012 Wim Remes - https://github.com/wimremes/\n    Copyright (c) 2012-2016 Alexandre Dulaunoy - https://github.com/adulau/\n    Copyright (c) 2015-2017 Pieter-Jan Moreels - https://github.com/pidgeyl/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenthought%2Fcve-search","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fenthought%2Fcve-search","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenthought%2Fcve-search/lists"}