pontos.nvd.cve package¶
- class pontos.nvd.cve.CVEApi(*, token=None, timeout=Timeout(timeout=180.0), rate_limit=True)¶
API for querying the NIST NVD CVE information.
Should be used as an async context manager.
Example
from pontos.nvd.cve import CVEApi async with CVEApi() as api: cve = await api.cve("CVE-2022-45536")
Create a new instance of the CVE API.
- Parameters:
token (str | None) – The API key to use. Using an API key allows to run more requests at the same time.
timeout (Timeout | None) – Timeout settings for the HTTP requests
rate_limit (bool) – Set to False to ignore rate limits. The public rate limit (without an API key) is 5 requests in a rolling 30 second window. The rate limit with an API key is 50 requests in a rolling 30 second window. See https://nvd.nist.gov/developers/start-here#divRateLimits Default: True.
- cves(*, last_modified_start_date=None, last_modified_end_date=None, published_start_date=None, published_end_date=None, cpe_name=None, is_vulnerable=None, cvss_v2_vector=None, cvss_v2_severity=None, cvss_v3_vector=None, cvss_v3_severity=None, keywords=None, cwe_id=None, source_identifier=None, virtual_match_string=None, has_cert_alerts=None, has_cert_notes=None, has_kev=None, has_oval=None, request_results=None, start_index=0, results_per_page=None)¶
Get all CVEs for the provided arguments
https://nvd.nist.gov/developers/vulnerabilities#divGetCves
- Parameters:
last_modified_start_date (datetime | None) – Return all CVEs modified after this date.
last_modified_end_date (datetime | None) – Return all CVEs modified before this date. If last_modified_start_date is set but no last_modified_end_date is passed it is set to now.
published_start_date (datetime | None) – Return all CVEs that were added to the NVD (i.e., published) after this date.
published_end_date (datetime | None) – Return all CVEs that were added to the NVD (i.e., published) before this date. If published_start_date is set but no published_end_date is passed it is set to now.
cpe_name (str | None) – Return all CVEs associated with a specific CPE. The exact value provided with cpe_name is compared against the CPE Match Criteria within a CVE applicability statement. If the value of cpe_name is considered to match, the CVE is included in the results.
is_vulnerable (bool | None) – Return only CVEs that match cpe_name that are vulnerable. Requires cpe_name to be set.
cvss_v2_vector (str | None) – Return all CVEs matching this CVSSv2 vector
cvss_v2_severity (Severity | None) – Return all CVEs matching the CVSSv2 severity
cvss_v3_vector (str | None) – Return all CVEs matching this CVSSv3 vector
cvss_v3_severity (Severity | None) – Return all CVEs matching the CVSSv3 severity
keywords (List[str] | str | None) – Returns only the CVEs where a word or phrase is found in the current description.
cwe_id (str | None) – Returns only the CVEs that include a weakness identified by Common Weakness Enumeration using the provided cwe_id.
source_identifier (str | None) – Returns CVEs where the exact value of source_identifier appears as a data source in the CVE record. For example: cve@mitre.org
virtual_match_string (str | None) – Filters CVEs more broadly than cpe_name. The exact value of virtual_match_string is compared against the CPE Match Criteria present on CVE applicability statements. If cpe_name and virtual_match_string are provided only cpe_name is considered.
has_cert_alerts (bool | None) – Returns the CVEs that contain a Technical Alert from US-CERT.
has_cert_notes (bool | None) – Returns the CVEs that contain a Vulnerability Note from CERT/CC.
has_kev (bool | None) – Returns the CVE that appear in CISA’s Known Exploited Vulnerabilities (KEV) Catalog.
has_oval (bool | None) – Returns the CVEs that contain information from MITRE’s Open Vulnerability and Assessment Language (OVAL) before this transitioned to the Center for Internet Security (CIS).
request_results (int | None) – Number of CVEs to download. Set to None (default) to download all available CVEs.
start_index (int) – Index of the first CVE to be returned. Useful only for paginated requests that should not start at the first page.
results_per_page (int | None) – Number of results in a single requests. Mostly useful for paginated requests.
- Returns:
A NVDResponse for CVEs
- Return type:
Examples
from pontos.nvd.cve import CVEApi async with CVEApi() as api: async for cve in api.cves(keywords=["Mac OS X", "kernel"]): print(cve.id) json = await api.cves( cpe_name="cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x64:*", ).json() async for cves in api.cves( virtual_match_string="cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x64:*", ).chunks(): for cve in cves: print(cve)
- async cve(cve_id)¶
Returns a single CVE matching the CVE ID. Vulnerabilities not yet published in the NVD are not available.
- Parameters:
cve_id (str) – Common Vulnerabilities and Exposures identifier
- Returns:
A CVE matching the CVE ID
- Raises:
PontosError – If CVE ID is empty or if no CVE with the CVE ID is found.
- Return type:
Example
from pontos.nvd.cve import CVEApi async with CVEApi() as api: cve = await api.cve("CVE-2022-45536") print(cve)