Search CPE

Searching for CPEs is similar to searching for CVEs albeit less parameters. CPE match strings are allowed, meaning if partial strings are known, you can search for all possible CPE names. Like searching CVEs, the parameters are not positional.


Due to rate limiting restrictions by NVD, a request will take 6 seconds with no API key. Requests with an API key have the ability to define a delay argument. The delay argument must be a integer/float greater than 0.6 (seconds).

Get a NIST NVD API key here (free): https://nvd.nist.gov/developers/request-an-api-key

Here is an example of a CPE search with a keyword and a limit of 2 results then iterate through said CPE names.

import nvdlib

r = nvdlib.searchCPE(keywordSearch = 'Microsoft Exchange', limit = 2)
for eachCPE in r:

nvdlib.cpe.searchCPE(cpeNameId=None, cpeMatchString=None, keywordExactMatch=None, keywordSearch=None, lastModStartDate=None, lastModEndDate=None, matchCriteriaId=None, limit=None, key=None, delay=None, verbose=None)[source]

Build and send GET request then return list of objects containing a collection of CPEs.

  • cpeNameId (str) – Returns a specific CPE record using its UUID. If a correctly formatted UUID is passed but it does not exist, it will return empty results. The UUID is the cpeNameId value when searching CPE.

  • cpeMatchString (str) – Use a partial CPE name to search for other CPE names.

  • keywordExactMatch (bool) – Searches metadata within CPE title and reference links for an exact match of the phrase or word passed to it. Must be included with keywordSearch.

  • keywordSearch (str) – Returns CPE records where a word or phrase is found in the metadata title or reference links. Space characters act as an AND statement.

  • lastModStartDate (str/datetime obj) –

    CPE last modification start date. Maximum 120 day range. A start and end date is required. All times are in UTC 00:00.

    A datetime object or string can be passed as a date. NVDLib will automatically parse the datetime object into the correct format.

    String Example: ‘2020-06-28 00:00’

  • lastModEndDate (str/datetime obj) – CPE last modification end date. Maximum 120 day range. Must be included with lastModStartDate. Example: ‘2020-06-28 00:00’

  • limit (int) – Limits the number of results of the search.

  • key (str) – NVD API Key. Allows for a request every 0.6 seconds instead of 6 seconds.

  • delay – Can only be used if an API key is provided. The amount of time to sleep in between requests. Must be a value above 0.6 seconds if an API key is present. delay is set to 6 seconds if no API key is passed.

  • verbose (bool) – Prints the URL request for debugging purposes.

class nvdlib.classes.CPE(response)[source]

JSON dump class for CPEs

  • deprecated (bool) – Indicates whether CPE has been deprecated

  • cpeName – CPE URI name

  • cpeNameId (str) – CPE UUID

  • lastModifiedDate – CPE modification date

  • created (str) – CPE creation date

  • titles – List of available titles for the CPE

  • deprecatedBy – If deprecated=true, one or more CPE that replace this one

  • vulnerabilities (list) – Optional vulnerabilities associated with this CPE. Must use ‘cves = true’ argument in searchCPE.

In addition to searchCPE there is also searchCPE_V2. This function uses the same parameters as searchCPE except creates a generator. This is useful if the search performed consumes a lot of data and there are memory constraints on the system. It will convert the CVE response one object at a time, instead of attempting to convert the entire data set into memory at once. Here is an example using next().

>>> r = nvdlib.searchCPE_V2(keywordSearch='Microsoft Exchange 2010', limit=100)
>>> oneCVE = next(r)
>>> print(oneCVE.cpeName)

CPE Search Examples

Filter for a partial cpeMatchString for Microsoft Exchange 2013, return all the vulnerabilities for said matching CPEs, and print their CVE IDs.


The new NVD API version 2 (starting with NVDLib 0.7.0) cannot include CVE names in CPE searches anymore.

r = nvdlib.searchCPE(cpeMatchString='cpe:2.3:a:microsoft:exchange_server:2013:', key='xxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxx', delay=6)
for eachCPE in r:

Filter for CPE names modfied between 2019-01-01 and 2021-01-01 with the keyword of PHP.


There is a maximum 120 day range when using date ranges. If searching publication or modified dates, start and end dates are required. A datetime object can also be used instead of a string.

len(r) will return how many CPE (or CVE) entries were found in the result.
r = nvdlib.searchCPE(lastModStartDate='2020-01-01 00:00', lastModEndDate='2020-02-01 00:00', keywordSearch='PHP')


Filter for all CPE names modified in the last 30 days using datetime objects.

>>> import datetime
>>> end = datetime.datetime.now()
>>> start = end - datetime.timedelta(days=30)
>>> r = nvdlib.searchCPE(lastModStartDate=start, lastModEndDate=end)