CVE Tools
A set of tools useful when dealing with lists of vulnerability CVE IDs, such as those obtained from scans or dependency checks.
Installation
npm install cve-tools
Create CSV Files From Content Containing CVE IDs
There are several ways to use content, text files or strings, containing CVE
IDs such as CVE-2015-0001, to generate a useful CSV file with a summary and
CVSS score for the listed vulnerabilities.
cd path/to/cve-tools
# From a file.
bin/create-cve-csv -f path/to/file > cves.csv
# From a file via pipe.
cat path/to/file | bin/create-cve-csv > cves.csv
# Directly.
bin/create-cve-csv "CVE-2015-0001 blah blah CVE-2015-0002, etc." > cves.csv
# Directly via pipe.
echo "CVE-2015-0001 blah blah CVE-2015-0002, etc." \
| bin/create-cve-csv > cves.csv
The output has the following format:
| CVE ID | CSVV | URL | Summary |
|---|---|---|---|
| CVE-2015-0001 | 7.5 | https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0001 | A helpful summary. |
| CVE-2015-0002 | 5.0 | https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0002 | A helpful summary. |
| etc... |
Downloading and Parsing XML is Slow!
Expect this to take a few moments to chew through the necessary data, especially if having to check CVEs from multiple different years.