9b395f5cc3
E2E Headed Chrome / e2e-headed (macos-15) (push) Has been cancelled
E2E Headed Chrome / e2e-headed (ubuntu-latest) (push) Has been cancelled
E2E Headed Chrome / e2e-headed (windows-latest) (push) Has been cancelled
CI / build (macos-latest) (push) Has been cancelled
CI / build (ubuntu-latest) (push) Has been cancelled
CI / build (windows-latest) (push) Has been cancelled
CI / unit-test (push) Has been cancelled
CI / bun-test (push) Has been cancelled
CI / adapter-test (push) Has been cancelled
CI / smoke-test (macos-latest) (push) Has been cancelled
CI / smoke-test (ubuntu-latest) (push) Has been cancelled
Security Audit / audit (push) Has been cancelled
Build Chrome Extension / build (push) Has been cancelled
Trigger Website Rebuild (Docs Updated) / dispatch (push) Has been cancelled
58 lines
1.9 KiB
Markdown
58 lines
1.9 KiB
Markdown
# NVD (NIST National Vulnerability Database)
|
||
|
||
**Mode**: 🌐 Public · **Domain**: `services.nvd.nist.gov`
|
||
|
||
Fetch a single CVE record from the NIST National Vulnerability Database via the public CVE 2.0 API.
|
||
|
||
## Commands
|
||
|
||
| Command | Description |
|
||
|---------|-------------|
|
||
| `opencli nvd cve <id>` | Fetch a CVE detail (description, CVSS, CWE, KEV flag) |
|
||
|
||
## Usage Examples
|
||
|
||
```bash
|
||
# Log4Shell
|
||
opencli nvd cve CVE-2021-44228
|
||
|
||
# Heartbleed
|
||
opencli nvd cve CVE-2014-0160
|
||
|
||
# JSON output for downstream tooling
|
||
opencli nvd cve CVE-2021-44228 -f json
|
||
```
|
||
|
||
## Output Columns
|
||
|
||
| Column | Description |
|
||
|--------|-------------|
|
||
| `id` | Canonical CVE id |
|
||
| `published` | First published date (`YYYY-MM-DD`) |
|
||
| `lastModified` | Last modified date (`YYYY-MM-DD`) |
|
||
| `vulnStatus` | NVD analysis status (e.g. `Analyzed`, `Awaiting Analysis`) |
|
||
| `baseScore` | CVSS base score (numeric, 0–10) |
|
||
| `severity` | CVSS severity (`CRITICAL` / `HIGH` / `MEDIUM` / `LOW` / `NONE`) |
|
||
| `attackVector` | CVSS attack vector (`NETWORK` / `LOCAL` / `PHYSICAL` / `ADJACENT`) |
|
||
| `cwe` | Comma-separated CWE id(s) |
|
||
| `kevAdded` | CISA KEV (Known Exploited Vulnerabilities) date if present |
|
||
| `description` | English description |
|
||
| `url` | Canonical NVD detail URL |
|
||
|
||
## Options
|
||
|
||
| Option | Description |
|
||
|--------|-------------|
|
||
| `id` (positional) | CVE identifier (`CVE-YYYY-N…`, case-insensitive). Validated upfront. |
|
||
|
||
## Caveats
|
||
|
||
- The CVE id is validated against `^CVE-\d{4}-\d{4,}$`; bad input raises `ArgumentError`.
|
||
- CVSS columns prefer v3.1, fall back to v3.0, then v2 if neither v3 record is present.
|
||
- NVD enforces aggressive rate limits without an API key. `HTTP 403` and `HTTP 429` both surface as typed `CommandExecutionError` with a retry hint.
|
||
- Empty / unanalyzed records (no CVSS payload) leave `baseScore` / `severity` / `attackVector` as `null` / empty rather than fabricating defaults.
|
||
|
||
## Prerequisites
|
||
|
||
- No browser required — uses `services.nvd.nist.gov/rest/json/cves/2.0`.
|