{"id":45729415,"url":"https://github.com/jimmyislive/gocve","last_synced_at":"2026-02-25T09:03:15.492Z","repository":{"id":64307043,"uuid":"222869306","full_name":"jimmyislive/gocve","owner":"jimmyislive","description":"Command line client for CVEs","archived":false,"fork":false,"pushed_at":"2019-12-02T14:18:06.000Z","size":21,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-06-20T12:44:18.309Z","etag":null,"topics":["cve","cybersecurity","golang","infosec","security-vulnerability"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jimmyislive.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-11-20T06:43:44.000Z","updated_at":"2024-06-20T12:44:18.309Z","dependencies_parsed_at":"2023-01-15T11:00:32.889Z","dependency_job_id":null,"html_url":"https://github.com/jimmyislive/gocve","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/jimmyislive/gocve","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jimmyislive%2Fgocve","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jimmyislive%2Fgocve/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jimmyislive%2Fgocve/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jimmyislive%2Fgocve/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jimmyislive","download_url":"https://codeload.github.com/jimmyislive/gocve/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jimmyislive%2Fgocve/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29815281,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-25T05:36:42.804Z","status":"ssl_error","status_checked_at":"2026-02-25T05:36:31.934Z","response_time":61,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve","cybersecurity","golang","infosec","security-vulnerability"],"created_at":"2026-02-25T09:03:14.294Z","updated_at":"2026-02-25T09:03:15.478Z","avatar_url":"https://github.com/jimmyislive.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# GoCVE\n\nGoCVE is a command line client that provides CVE info (queried from a local database). GoCVE provides simple commands to download and populate a DB(postgres or sqlite) which you can then use to list, search or get CVE info from.\n\nGoCVE is a single binary that was tested on linux.\n\n# Usage\n\n## Configure the GoCVE tool\n\nThe configs you set will be written out to a config file at `~/.gocve/gocve.yaml`\n\nIf you would like to use a different file for the configs, use the `--config` option to point to a different file. `--config` is a global flag and can be used in any of the following commands to point to a different source of config.\n\n\n### postgres\n`gocve config set-db --dbType postgres --dbHost pg-docker --dbPort 5432 --dbUser postgres --tableName cve`\n\nRemember to set the env var GOCVE_PASSWORD to your DB password \n\n### sqlite: \n`gocve config set-db --dbType sqlite --dbName cvedb.sqlite`\n\nThe configs you set will be written out to a config file at `~/.gocve/gocve.yaml`\n\n## Show the GoCVE config\n\n`gocve config show`\n\n### postgres \n```\ndbtype:  postgres\ndbhost:  pg-docker\ndbname:  cvedb\ndbport:  5432\ndbuser:  postgres\ntablename:  cve\npassword:  xxxxx\n```\n### sqlite\n```\ndbtype:  sqlite\ndbhost:  localhost\ndbname:  cvedb.sqlite\ndbport:  0\ndbuser:  \ntablename:  cve\n```\n\n## Download CVE data\n\n`gocve db download`\n\nIf you have used the defauls, a file `allitems.csv.gz` will be downloaded to your local. You can unzip it by doing `gunzip allitems.csv.gz`.\n\nSee `gocve help db download` for more details.\n\n## Populate the DB\n\nAfter downloading the data, you need to import it into a database. \n\nYour DB probably has UTF-8 encoding. To change to UTF-8 do:\n\n`iconv -f ISO-8859-14 -t UTF-8 allitems.csv \u003e allitems.utf8.csv`\n\n### postgres \nWe will assume that your postgres instance has a DB called `cvedb` created. (If not connect to your postgres instance and run `create database cvedb;`)\n\nTo load `allitems.utf8.csv` into the DB, do:\n\n`gocve db populate --fileName allitems.utf8.csv`\n\n*NOTE:* This will take a few minutes. The above command programatically inserts the info into the DB. It does not use an COPY/LOAD utility.\n\n### sqlite\n\n`gocve db populate --fileName allitems.utf8.csv`\n\n*NOTE:* This may take a while in sqlite! (We don't use the normal `.import` of sqlite as that results in a lot of parsing errors)\n\nYou are now ready to use GoCVE !\n\n## List all CVEs\n\n`gocve list | more`\n\n```\nUsing config file: /home/gouser/.gocve/gocve.yaml\nCVE-1999-0001 \t ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of servic\nCVE-1999-0002 \t Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.\nCVE-1999-0003 \t Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).\nCVE-1999-0004 \t MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook.\nCVE-1999-0005 \t Arbitrary command execution via IMAP buffer overflow in authenticate command.\n...\n...\n```\n\n## Get details of a CVE\n\n`gocve get CVE-2005-2266`\n\n```\nCVE-2005-2266\n=============\nStatus: Candidate\n\nDescription: Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.\n\n...\n...\n```\n\n## Search for a CVE\n\n`gocve search CVE-2005-22`\n\n```\nUsing config file: /home/gouser/.gocve/gocve.yaml\nCVE-2005-2200\n=============\nMultiple unknown vulnerabilities in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to bypass authentication.\n\nCVE-2005-2201\n=============\nUnknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests.\n\n...\n...\n```\n\n# Development\n\nAll dev work happens in a container. First build the container:\n\n`make docker-build`\n\nNext, exec into a shell to get your dev env:\n\n`make docker-shell`\n\nYou can now build your go code:\n\n`make go-build`\n\n\n# TODO\n* Complete unit tests\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjimmyislive%2Fgocve","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjimmyislive%2Fgocve","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjimmyislive%2Fgocve/lists"}