Simple NIST NVD API wrapper library
NVDlib is a Python library that allows you to interface with the NIST National Vulnerability Database (NVD), pull vulnerabilities (CVEs), and Common Platform Enumeration (CPEs) into easily accessible objects.
Features
- Search the NVD for CVEs using all parameters allowed by the NVD API. Including search criteria such as CVE publish and modification date, keywords, severity, score, or CPE name.
- Search CPE names by keywords, CPE match strings, or modification dates. Then pull the CVE ID's that are relevant to those CPEs.
- Retrieve details on individual CVEs, their relevant CPE names, and more.
- Built in rate limiting according to NIST NVD recommendations.
Get an API key (https://nvd.nist.gov/developers/request-an-api-key) to allow for 0.6 seconds between requests. Otherwise it is 6 seconds between requests.
Install
$ pip install nvdlibDemo
>>> import nvdlib
>>> r = nvdlib.getCVE('CVE-2021-26855')
>>> print(r.v3severity + ' - ' + str(r.v3score))
CRITICAL - 9.8
>>> print(r.cve.description.description_data[0].value)
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412,
CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
>>> print(r.v3vector)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Development
Run the tests with
$ pip install -e '.[dev]'
$ pytestDocumentation
More information
This is my first attempt at creating a library while utilizing all my Python experience from classes to functions.
For more information on the NIST NVD API for CPE and CVEs, see the documentation here: https://nvd.nist.gov/General/News/New-NVD-CVE-CPE-API-and-SOAP-Retirement