https://github.com/mrbisquit/localcve
The CVE database, but local
https://github.com/mrbisquit/localcve
cve cve-scanning cve-search database local sqlite3
Last synced: about 2 months ago
JSON representation
The CVE database, but local
- Host: GitHub
- URL: https://github.com/mrbisquit/localcve
- Owner: MrBisquit
- License: mit
- Created: 2026-04-17T19:35:07.000Z (3 months ago)
- Default Branch: master
- Last Pushed: 2026-04-29T16:55:43.000Z (2 months ago)
- Last Synced: 2026-04-29T18:20:28.827Z (2 months ago)
- Topics: cve, cve-scanning, cve-search, database, local, sqlite3
- Language: C
- Homepage: http://localcve-ref.wtdawson.info/
- Size: 506 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# LocalCVE
The CVE database, but local.
[Read the docs](docs/README.md)
|
[View the website](https://localcve-ref.wtdawson.info/)
|
[View the repo](https://github.com/MrBisquit/LocalCVE)
This contains libraries, tools, and other things designed to do the following:
- Convert the JSON files from [https://github.com/CVEProject/cvelistV5](https://github.com/CVEProject/cvelistV5)
into an sqlite3 database
- Search through the database
- Update the database with new changes
- If the time between the last update surpasses an hour, it may scan
the whole directory instead to see if there have been any other changes,
[find out why](#limitations)
- Monitor the database (so you know when one of your dependencies has a reported vulnerability within the hour)
- Create a watchlist
- Allows you to push information to some kind of endpoint/webhook
- Link into other databases, such as the [GitHub advisotry database](https://github.com/github/advisory-database/)
> [!NOTE]
> Please note that git operations are handled by the `localcve` backend library, since it needs to see the difference
> between the files.
## Usage
There are a few different ways to use LocalCVE, but before you do that, you need to set up your database.
## Limitations
This relies on the `delta.json` file within the git repository so that it does not constantly scan
through all the files.
It may in future be able to check through the `deltaLog.json` file, however, for now, this will
just use the `delta.json` file, and if it has been longer than an hour since the last check, it will
look through all the files to check if their last modification date was after the database record for it.