This project automates the process of downloading, processing, and generating short, compressed JSON files for specific software vulnerabilities from the National Vulnerability Database (NVD) GitHub mirror. Each JSON file contains CVEs (Common Vulnerabilities and Exposures) for various software, compressed using LZMA to save space.
- Downloads CVE data files from the NVD GitHub repository.
- Filters and extracts relevant CVE information based on specified software.
- Generates compressed JSON files for each software containing relevant CVE data.
- Automated daily updates using GitHub Actions.
The project currently monitors the following software:
- Angular.js
- Apache HTTP Server
- Cherokee
- Drupal
- jQuery
- IIS
- Jetty
- Joomla
- Next.js
- Node.js
- Nginx
- OpenSSL
- PHP
- PrestaShop
- SPIP
- Tomcat
- Underscore.js
- WebLogic
- WordPress
- Python 3.10 or higher
pippackage manager
git clone https://github.com/wapiti-scanner/nvd-web-cves.git
cd nvd-web-cvespip install -r requirements.txtTo download CVE data and generate JSON files, run:
python sync.pyThis script performs the following steps:
- Downloads the latest CVE data files from the NVD GitHub mirror.
- Processes the downloaded files to extract relevant CVE information.
- Generates compressed JSON files for each software in the releases directory.
This project includes a GitHub Actions workflow to automate the process and create a new release with updated JSON files daily. The workflow file is located at .github/workflows/make-realease.yml.
This project is licensed under the MIT License. See the LICENSE file for details.