NVDLib: NIST National Vulnerability Database API Wrapper¶
NVDLib is a Python API wrapper utilizing the REST API provided by NIST for the National Vulnerability Database (NVD).
Demo:
>>> import nvdlib
>>> r = nvdlib.getCVE('CVE-2021-26855')
>>> print(r.v3severity + ' - ' + str(r.v3score))
CRITICAL - 9.8
>>> print(r.cve.description.description_data[0].value)
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412,
CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
>>> print(r.v3vector)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVDLib is able to pull all data on known CVEs, search the NVD for CVEs or Common Platform Enumeration (CPE) names.
Features:¶
Pull data on individual CVEs:
CVE ID, description, reference links, CWE.
CPE applicability statements and optional CPE names.
CVSS severity scores.
CVE publication date.
CVE modified date.
Search the NVD for CVEs by:
Keywords
Publish or modification start/end dates
cweID
CVSS V2/V3, score, severity, or metrics.
CPE match string
CPE name.
Search the NVD for CPE names by:
Modification start/End dates
Keywords
CPE match string.
Dump data into objects to be accessible easily as class attributes.
For more information on the NIST NVD API for CPE and CVEs, see the documentation here: https://nvd.nist.gov/General/News/New-NVD-CVE-CPE-API-and-SOAP-Retirement
Note
NVDLib version 0.5.3 now includes NIST NVD rate limiting recommendations. Requests will now sleep for 6 seconds to complete with no API key. Requests with an API key will sleep 0.6 seconds. Get an API key here (free): https://nvd.nist.gov/developers/request-an-api-key