In [1]:
from urllib.request import urlretrieve as download

In [5]:
base_url = 'https://nvd.nist.gov/feeds/json/cve/1.0/'
annual_name = 'nvdcve-1.0-2019.json.zip'
recent_name = 'nvdcve-1.0-recent.json.zip'
modified_name = 'nvdcve-1.0-modified.json.zip'

In [19]:
import json
from glob import glob
from invisibleroads_macros.disk import uncompress
from os.path import exists, join
target_folder = '/tmp'

def get_feed(name):
    source_url = join(base_url, name)
    target_path = join(target_folder, name)
    if not exists(target_path):
        download(source_url, target_path)
    archive_folder = uncompress(target_path)
    json_paths = glob(join(archive_folder, '*.json'))
    json_path = json_paths[0]
    return json.load(open(json_path, 'rt'))

annual_feed = get_feed(annual_name)
recent_feed = get_feed(recent_name)
modified_feed = get_feed(modified_name)

In [21]:
annual_feed.keys()

dict_keys(['CVE_data_type', 'CVE_data_format', 'CVE_data_version', 'CVE_data_numberOfCVEs', 'CVE_data_timestamp', 'CVE_Items'])

In [22]:
annual_feed['CVE_data_type']

'CVE'

In [23]:
annual_feed['CVE_data_format']

'MITRE'

In [24]:
annual_feed['CVE_data_version']

'4.0'

In [25]:
annual_feed['CVE_data_numberOfCVEs']

'1319'

In [26]:
annual_feed['CVE_data_timestamp']

'2019-03-09T08:00Z'

In [29]:
annual_feed['CVE_Items'][0].keys()

dict_keys(['cve', 'configurations', 'impact', 'publishedDate', 'lastModifiedDate'])

In [37]:
annual_feed['CVE_Items'][0]['lastModifiedDate']

'2019-02-14T18:35Z'

In [38]:
annual_feed['CVE_Items'][0]['publishedDate']

'2019-01-15T21:29Z'

In [39]:
annual_feed['CVE_Items'][0]['impact'].keys()

dict_keys(['baseMetricV3', 'baseMetricV2'])

In [40]:
annual_feed['CVE_Items'][0]['impact']['baseMetricV3']

{'cvssV3': {'attackComplexity': 'HIGH',
  'attackVector': 'NETWORK',
  'availabilityImpact': 'HIGH',
  'baseScore': 5.9,
  'baseSeverity': 'MEDIUM',
  'confidentialityImpact': 'NONE',
  'integrityImpact': 'NONE',
  'privilegesRequired': 'NONE',
  'scope': 'UNCHANGED',
  'userInteraction': 'NONE',
  'vectorString': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H',
  'version': '3.0'},
 'exploitabilityScore': 2.2,
 'impactScore': 3.6}

In [41]:
annual_feed['CVE_Items'][0]['impact']['baseMetricV2']

{'acInsufInfo': False,
 'cvssV2': {'accessComplexity': 'MEDIUM',
  'accessVector': 'NETWORK',
  'authentication': 'NONE',
  'availabilityImpact': 'COMPLETE',
  'baseScore': 7.1,
  'confidentialityImpact': 'NONE',
  'integrityImpact': 'NONE',
  'vectorString': 'AV:N/AC:M/Au:N/C:N/I:N/A:C',
  'version': '2.0'},
 'exploitabilityScore': 8.6,
 'impactScore': 6.9,
 'obtainAllPrivilege': False,
 'obtainOtherPrivilege': False,
 'obtainUserPrivilege': False,
 'severity': 'HIGH',
 'userInteractionRequired': False}

In [35]:
annual_feed['CVE_Items'][0]['configurations']

{'CVE_data_version': '4.0',
 'nodes': [{'cpe_match': [{'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*',
     'vulnerable': True},
    {'cpe23Uri': 'cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*',
     'vulnerable': True}],
   'operator': 'OR'},
  {'cpe_match': [{'cp

In [34]:
annual_feed['CVE_Items'][0]['cve']

{'CVE_data_meta': {'ASSIGNER': 'cve@mitre.org', 'ID': 'CVE-2019-0001'},
 'affects': {'vendor': {'vendor_data': [{'product': {'product_data': [{'product_name': 'junos',
        'version': {'version_data': [{'version_affected': '=',
           'version_value': '18.1'},
          {'version_affected': '=', 'version_value': '18.2'},
          {'version_affected': '=', 'version_value': '16.1'},
          {'version_affected': '=', 'version_value': '16.2'},
          {'version_affected': '=', 'version_value': '17.1'},
          {'version_affected': '=', 'version_value': '17.2'},
          {'version_affected': '=', 'version_value': '17.3'},
          {'version_affected': '=', 'version_value': '17.4'}]}}]},
     'vendor_name': 'juniper'}]}},
 'data_format': 'MITRE',
 'data_type': 'CVE',
 'data_version': '4.0',
 'description': {'description_data': [{'lang': 'en',
    'value': 'Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion 