Software

cve-search project is composed of multiple free and open source software.

cve-search core

The main software behind the cve-search project.

cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs.

The main objective of the software is to avoid doing direct and public lookup into the public CVE databases. This is usually faster to do local lookups and limits your sensitive queries via the Internet.

cve-search includes a back-end to store vulnerabilities and related information, an intuitive web interface for search and managing vulnerabilities, a series of tools to query the system and a web API interface.

Requirements: Python 3 and MongoDB

To install or use, check the cve-search GitHub repository.

cve-search web interface

cve-search plugins

cve-search plugins include new features to extend the functionalities in cve-search.

  • bookmarks - Bookmark certain CVE’s for later reference
  • MISP - Enrich your CVE-Search instance with MISP information
  • notes - Allow users to add notes to a CVE
  • Reporting - Make queries on the data and export them to a CSV file
  • seen - Keep track of all the CVEs you’ve already seen in the past
  • sendMail - Easily send a mail with the CVE info to a specified mail address
  • team_collaboration - Similar to seen, but on group level
  • LDAP - Authenticate users over LDAP

To install or use a plugin, check the Plugins written for CVE-Search .

PyCVESearch

PyCVESearch is an easy to use wrapper around cve-search, defaulting on https://cve.circl.lu API.

To install or use, check the PyCVESearch GitHub repository.

Data feeds

API

A public API of cve-search is operated by CIRCL and can be accessed without installing cve-search. The same API is accessible if cve-search is installed internally.

The HTTP API outputs JSON.

Browse vendor and product

To get a JSON with all the vendors:

curl https://cve.circl.lu/api/browse

To get a JSON with all the products associated to a vendor:

curl https://cve.circl.lu/api/browse/microsoft

Browse CVEs per vendor/product

To get a JSON with all the vulnerabilities per vendor and a specific product:

curl https://cve.circl.lu/api/search/microsoft/office

Get CVE per CVE-ID

To get a JSON of a specific CVE ID:

curl https://cve.circl.lu/api/cve/CVE-2010-3333

Get the last updated CVEs

To get a JSON of the last 30 CVEs including CAPEC, CWE and CPE expansions:

curl https://cve.circl.lu/api/last

Get more information about the current CVE database

To get more information about the current databases in use and when it was updated:

curl https://cve.circl.lu/api/dbInfo

Other software using cve-search

Software using or relying on cve-search API.