{"id":18894102,"url":"https://github.com/trailofbits/cvedb","last_synced_at":"2025-08-02T04:06:55.867Z","repository":{"id":49960782,"uuid":"341351882","full_name":"trailofbits/cvedb","owner":"trailofbits","description":"CVE querying library and utility that uses a local store syncing directly to the National Vulnerability Database","archived":false,"fork":false,"pushed_at":"2023-06-29T17:29:26.000Z","size":44650,"stargazers_count":22,"open_issues_count":4,"forks_count":4,"subscribers_count":24,"default_branch":"master","last_synced_at":"2025-07-23T09:35:24.947Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trailofbits.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-02-22T22:10:48.000Z","updated_at":"2025-03-24T09:11:44.000Z","dependencies_parsed_at":"2024-06-21T13:10:02.100Z","dependency_job_id":null,"html_url":"https://github.com/trailofbits/cvedb","commit_stats":{"total_commits":89,"total_committers":3,"mean_commits":"29.666666666666668","dds":"0.022471910112359605","last_synced_commit":"772ac3a19f3e0406c0427bfe987b9d669360f453"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/trailofbits/cvedb","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fcvedb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fcvedb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fcvedb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fcvedb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trailofbits","download_url":"https://codeload.github.com/trailofbits/cvedb/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fcvedb/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268334063,"owners_count":24233782,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-02T02:00:12.353Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T08:17:56.892Z","updated_at":"2025-08-02T04:06:55.842Z","avatar_url":"https://github.com/trailofbits.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CVEdb\n\n[![PyPI version](https://badge.fury.io/py/cvedb.svg)](https://badge.fury.io/py/cvedb)\n[![Tests](https://github.com/trailofbits/cvedb/workflows/tests/badge.svg)](https://github.com/trailofbits/cvedb/actions)\n[![Slack Status](https://slack.empirehacking.nyc/badge.svg)](https://slack.empirehacking.nyc)\n\nCVEdb is yet another Python CVE database library and utility. There are lots already available. Why create another?\nMost existing libraries rely on a third party API like [cve.circl.lu](https://cve.circl.lu/), which can and do\nthrottle usage, require registration, and/or demand an internet connection. Some libraries are bloated, including web\ninterfaces for search.\n\nCVEdb Features:\n* Can be used either as a library or a command line utility\n* Simple API\n* Download directly from the [National Vulnerability Database](https://nvd.nist.gov/vuln/data-feeds)\n* Automatically, incrementally update at any time\n\nCVEdb Anti-Features:\n* Does not require many dependencies\n* Does not have a web server\n* Does not require Internet connectivity other than to download new CVEs\n\n## Installation\n\n```console\n$ pip3 install cvedb\n```\n\n## Command Line Usage\n\n```console\n$ cvedb --help\n```\n\n## Python Examples\n\n```python\nfrom cvedb.db import CVEdb\n\nwith CVEdb.open() as db:\n    for cve in db.data():\n        print(cve)\n```\n\nBy default, the CVEs downloaded from NIST are saved to a sqlite database stored in `cvedb.db.DEFAULT_DB_PATH`, which is\nset to `~/.config/cvedb/cvedb.sqlite`. This can be customized by passing the `db_path` argument to `CVEdb.open`.\n\nThe `db.data()` function returns an instance of a `cvedb.feed.Data` object, which has\n[numerous methods to query CVEs](https://github.com/trailofbits/cvedb/blob/master/cvedb/feed.py).\nFor example:\n```python\nwith CVEdb.open() as db:\n    for cve in db.data().search(\"search term\"):\n        print(cve)\n```\nIn addition to accepting strings, the `data().search(...)` function will accept any\n[`cvedb.search.SearchQuery` object](https://github.com/trailofbits/cvedb/blob/master/cvedb/search.py).\n\n## Known Issues\n\nThe NIST National Vulnerability Database is in the process of transitioning to a new REST API. The datasets on which\nCVEdb is built are still available, but it is unclear whether they may become deprecated. Also, NIST has started rate\nlimiting downloads, which may affect CVEdb syncing. Therefore, CVEdb ships\n[pre-seeded with a database](https://github.com/trailofbits/cvedb/tree/master/cvedb/data). Therefore, CVEdb does not\nrequire any Internet connectivity after it is installed, other than to download new CVE definitions. Also, the behavior\nof CVEdb was changed from automatically checking for updates as necessary to now requiring the user explicitly request\nan update with the new `--update` argument. Support for the new REST API is being tracked in\n[this GitHub issue](https://github.com/trailofbits/cvedb/issues/3).\n\n## License and Acknowledgements\n\nCVEdb was created by [Trail of Bits](https://www.trailofbits.com/).\nIt is licensed under the [GNU Lesser General Public License v3.0](LICENSE).\n[Contact us](mailto:opensource@trailofbits.com) if you're looking for an exception to the terms.\n© 2021, Trail of Bits.\n\nThe [CVE database shipped with CVEdb](https://github.com/trailofbits/cvedb/tree/master/cvedb/data) is created and\nmaintained by NIST and is released in the public domain.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Fcvedb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrailofbits%2Fcvedb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Fcvedb/lists"}