🛡 CVE-CLI

Query the National Vulnerability Database from your terminal — fast, beautiful, and scriptable.

🛡  CVE-CLI  NVD-Powered Vulnerability Intelligence

╭─────────────────────────────────────────────────────────────╮
│ CVE-2021-44228                                              │
│ 🔴 CRITICAL  10.0/10                                       │
│ ████████████████████  CVSS 3.1 · Network · Low Complexity  │
╰─────────────────────────────────────────────────────────────╯

📋 Description
 Apache Log4j2 2.0-beta9 through 2.14.1 JNDI features used in
 configuration, log messages, and parameters do not protect against
 attacker-controlled LDAP and other JNDI related endpoints...

🔗 References (12)
 https://logging.apache.org/log4j/2.x/security.html
 https://github.com/advisories/GHSA-jfh8-c2jp-5-qrq
 ...

---

✨ Features

• 🔍 Lookup any CVE by ID with full CVSS detail
• 🔎 Search by keyword, product, or vendor
• 📅 Recent — browse CVEs from the last N days
• 📊 Stats — severity breakdown chart for any topic
• 📌 Watchlist — save CVEs locally to track
• 📄 Export — HTML reports + JSON output
• 🌈 Beautiful terminal output with Rich
• 🔑 Optional NVD API key for higher rate limits

---

📦 Installation

From PyPI (coming soon)

pip install cve-cli

From source

git clone https://github.com/AswinMathew2004/cve-cli
cd cve-cli
pip install -r requirements.txt
python cve_cli.py --help

---

🚀 Usage

Look up a CVE

cve-cli lookup CVE-2021-44228
cve-cli lookup CVE-2023-44487        # HTTP/2 Rapid Reset
cve-cli lookup CVE-2014-0160         # Heartbleed

Search by keyword / product / vendor

cve-cli search --keyword log4j
cve-cli search --product nginx --severity HIGH
cve-cli search --vendor microsoft --days 30 --limit 50
cve-cli search --keyword wordpress --severity CRITICAL --export report.html

Show recent CVEs

cve-cli recent                        # last 7 days
cve-cli recent --days 30
cve-cli recent --severity CRITICAL --export critical.html

Severity stats for a topic

cve-cli stats --keyword apache
cve-cli stats --keyword docker

Watchlist

cve-cli watch --add CVE-2021-44228
cve-cli watch --add CVE-2023-44487
cve-cli watch --list                  # fetch & display all watched CVEs
cve-cli watch --remove CVE-2021-44228

Export reports

# HTML report (shareable)
cve-cli search --keyword openssl --export openssl_report.html

# JSON for scripting / SIEM integration
cve-cli search --keyword nginx --json-out nginx_cves.json

---

🔑 API Key (Optional but Recommended)

Without a key you get 5 requests/30 seconds. With a free NVD API key you get 50 requests/30 seconds.

Get your free key at: https://nvd.nist.gov/developers/request-an-api-key

# Set via environment variable
export NVD_API_KEY=your-key-here

# Or pass directly
cve-cli --api-key your-key-here lookup CVE-2021-44228

---

🔧 Scripting & Automation

CVE-CLI outputs JSON so you can pipe it into other tools:

# Save to JSON and process with jq
cve-cli search --keyword apache --json-out cves.json
cat cves.json | jq '[.[] | select(.cvss.score >= 9.0)]'

# Daily critical CVE alert (add to cron)
cve-cli recent --days 1 --severity CRITICAL --export /var/www/html/daily_cves.html

---

🗺 Roadmap

• PyPI release (pip install cve-cli)
• EPSS score integration
• Slack / Discord webhook alerts
• SBOM / requirements.txt scanning
• GitHub Actions integration

---

🤝 Contributing

PRs are welcome! Please open an issue first to discuss what you'd like to change.

1. Fork the repo
2. Create a feature branch (git checkout -b feature/webhook-alerts)
3. Commit your changes
4. Open a PR to AswinMathew2004/cve-cli

---

⚖️ License

MIT © Aswin Mathew

---

Data source: National Vulnerability Database (NVD) by NIST. This tool is not affiliated with or endorsed by NIST. Made with ❤️ by Aswin Mathew — GitHub