Host a local, continuously updated CVE database using MongoDB and python in a docker container. Information is sourced from the NVD and contains (as of 2022) following data feeds:
CVE-Recent
CVE-Modified
CVE-2022
CVE-2021
CVE-2020
CVE-2019
CVE-2018
CVE-2017
CVE-2016
CVE-2015
CVE-2014
CVE-2013
CVE-2012
CVE-2011
CVE-2010
CVE-2009
CVE-2008
CVE-2007
CVE-2006
CVE-2005
CVE-2004
CVE-2003
CVE-2002
NOTE: The update script parses the data-feed overview and automatically pulls in new CVE-<YEAR> feeds. In other
words: unless the data feed page does not change over the years, there is no need for action on a new-year's eve.
Change into the repository root and run:
docker-compose upor daemonize:
docker-compose up -dAfter start, the service listens per default on:
host=127.0.0.1
port=28000
auth_backend=admin
username=root
password=cve
database=nvd
If you are not familiar with MongoDB, it is advised to use a graphical frontend to explore the dataset. For example: Robo 3T (installable via apt-sources or the AUR)
... run automagically via the cve_db.py script. The script kicks off an update process each 2 hours and runs in the
container's background.
... is handled by cve_db.py. May take several hours!
... are set in docker-compose.yml
Defaults:
root:cve
... is configurable in docker-compose.yml. Default Port: 27017
nvd.feedfor update source meta informationnvd.cvefor update source meta information
We employ the original NVD JSON 1.1 Schema for CVEs and preserve all information we can get from the NIST.
In other words: this database provides all CVE-associated data that is out there. You can query them as you please using MongoDB-Queries.
{
"_id" : ObjectId("60884fd5ecacc908fb32d484"),
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2021-22494",
"ASSIGNER" : "[email protected]"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "en",
"value" : "NVD-CWE-noinfo"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://security.samsungmobile.com/securityUpdate.smsb",
"name" : "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource" : "MISC",
"tags" : [
"Vendor Advisory"
]
}
]
},
"description" : {
"description_data" : [
{
"lang" : "en",
"value" : "An issue was discovered in the fingerprint scanner on Samsung Note20 mobile devices with Q(10.0) software. When a screen protector is used, the required image compensation is not present. Consequently, inversion can occur during fingerprint enrollment, and a high False Recognition Rate (FRR) can occur. The Samsung ID is SVE-2020-19216 (January 2021)."
}
]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [
{
"operator" : "AND",
"children" : [
{
"operator" : "OR",
"children" : [],
"cpe_match" : [
{
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"cpe_name" : []
}
]
},
{
"operator" : "OR",
"children" : [],
"cpe_match" : [
{
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:h:samsung:galaxy_note_20:-:*:*:*:*:*:*:*",
"cpe_name" : []
}
]
}
],
"cpe_match" : []
}
]
},
"impact" : {
"baseMetricV3" : {
"cvssV3" : {
"version" : "3.1",
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector" : "LOCAL",
"attackComplexity" : "LOW",
"privilegesRequired" : "NONE",
"userInteraction" : "REQUIRED",
"scope" : "UNCHANGED",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "HIGH",
"baseScore" : 5.5,
"baseSeverity" : "MEDIUM"
},
"exploitabilityScore" : 1.8,
"impactScore" : 3.6
},
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"acInsufInfo" : false,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2021-01-05T18:15Z",
"lastModifiedDate" : "2021-01-08T18:34Z"
}RAM usage is around 600MB when fully seeded. Size is ~1GB (growing through updates).
... yes. The update-script is not optimized. It slows down when the database grows. Feel free to contribute :-).
Do you want to automate things using python? You do not have to re-implement all database models.
See db/models/**/*.py and the mongoengine module.
Using these models, you can do something in the lines of:
from db import connect
from db.models.cve import CVEItem
# connect(...)
cve_2021_22494 = CVEItem.objects(cve__CVE_data_meta__ID='CVE-2021-22494').first()
print(cve_2021_22494.impact.baseMetricV3.impactScore)
# attributes are 1:1 mappings to the NVD JSON 1.1 Schema and can be accessed via dot-notation.monoengine is based on the official pymongo driver. Thus, you can also perform native queries without syntactic sugar like show above.