DISCONTINUED: Since October 16th, 2019, the NVD discontinued support for XML Data Feeds. You can read more here. There are JSON data feeds available that are going to be discontinued by the end of 2023. They recommend to use their API instead.
Pipe-able parser from XML to JSON of the nvdcve list.
First, install it with:
go get github.com/ghostbar/nvdcve2json
Or just go to the releases page and download the binary for your system.
Then, just run it like:
$GOPATH/bin/nvdcve2json < nvdcve-2.0-2016.xml
curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Recent.xml.gz | \
gunzip - | $GOPATH/bin/nvdcve2json
$GOPATH/bin/nvdcve2json --input nvdcve-2.0-2016.xml
$GOPATH/bin/nvdcve2json --input nvdcve-2.0-2016.xml > nvdcve-2.0-2016.json
More help can be found on $GOPATH/bin/nvdcve2json --help.
You can use the flag --filter since v1.0.0 to just get the CVEs you want,
like: "cpe:/o:apple:mac_os_x", then nvdcve2json will use the logical tests
on the vulnerable-configuration field to determine if that cpe string
matches any of the CVEs and will print out just that.
Protip: you can send multiple --filter, like:
curl https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Recent.xml.gz | \
gunzip - | $GOPATH/bin/nvdcve2json --filter "cpe:/o:apple:mac_os_x"
--filter "cpe:/o:microsoft:windows" > cves-for-mac-n-windows.json
© Jose-Luis Rivas <me@ghostbar.co>.
This software is licensed under the MIT terms, a copy of the license can be
found in the LICENSE file in this repository.