Files
wehub-resource-sync 9b395f5cc3
E2E Headed Chrome / e2e-headed (macos-15) (push) Has been cancelled
E2E Headed Chrome / e2e-headed (ubuntu-latest) (push) Has been cancelled
E2E Headed Chrome / e2e-headed (windows-latest) (push) Has been cancelled
CI / build (macos-latest) (push) Has been cancelled
CI / build (ubuntu-latest) (push) Has been cancelled
CI / build (windows-latest) (push) Has been cancelled
CI / unit-test (push) Has been cancelled
CI / bun-test (push) Has been cancelled
CI / adapter-test (push) Has been cancelled
CI / smoke-test (macos-latest) (push) Has been cancelled
CI / smoke-test (ubuntu-latest) (push) Has been cancelled
Security Audit / audit (push) Has been cancelled
Build Chrome Extension / build (push) Has been cancelled
Trigger Website Rebuild (Docs Updated) / dispatch (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:39:48 +08:00

58 lines
1.9 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# NVD (NIST National Vulnerability Database)
**Mode**: 🌐 Public · **Domain**: `services.nvd.nist.gov`
Fetch a single CVE record from the NIST National Vulnerability Database via the public CVE 2.0 API.
## Commands
| Command | Description |
|---------|-------------|
| `opencli nvd cve <id>` | Fetch a CVE detail (description, CVSS, CWE, KEV flag) |
## Usage Examples
```bash
# Log4Shell
opencli nvd cve CVE-2021-44228
# Heartbleed
opencli nvd cve CVE-2014-0160
# JSON output for downstream tooling
opencli nvd cve CVE-2021-44228 -f json
```
## Output Columns
| Column | Description |
|--------|-------------|
| `id` | Canonical CVE id |
| `published` | First published date (`YYYY-MM-DD`) |
| `lastModified` | Last modified date (`YYYY-MM-DD`) |
| `vulnStatus` | NVD analysis status (e.g. `Analyzed`, `Awaiting Analysis`) |
| `baseScore` | CVSS base score (numeric, 010) |
| `severity` | CVSS severity (`CRITICAL` / `HIGH` / `MEDIUM` / `LOW` / `NONE`) |
| `attackVector` | CVSS attack vector (`NETWORK` / `LOCAL` / `PHYSICAL` / `ADJACENT`) |
| `cwe` | Comma-separated CWE id(s) |
| `kevAdded` | CISA KEV (Known Exploited Vulnerabilities) date if present |
| `description` | English description |
| `url` | Canonical NVD detail URL |
## Options
| Option | Description |
|--------|-------------|
| `id` (positional) | CVE identifier (`CVE-YYYY-N…`, case-insensitive). Validated upfront. |
## Caveats
- The CVE id is validated against `^CVE-\d{4}-\d{4,}$`; bad input raises `ArgumentError`.
- CVSS columns prefer v3.1, fall back to v3.0, then v2 if neither v3 record is present.
- NVD enforces aggressive rate limits without an API key. `HTTP 403` and `HTTP 429` both surface as typed `CommandExecutionError` with a retry hint.
- Empty / unanalyzed records (no CVSS payload) leave `baseScore` / `severity` / `attackVector` as `null` / empty rather than fabricating defaults.
## Prerequisites
- No browser required — uses `services.nvd.nist.gov/rest/json/cves/2.0`.