Skip to content

Notoriousjayy/cve-sqlite-api

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
src/main
src/main
 
 
.dockerignore
.dockerignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

CVE SQLite API v2

Spring Boot + Maven API for querying a cve_stage.sqlite database with:

  • prepared statements for all SQL execution
  • Swagger UI / OpenAPI docs
  • Docker support
  • endpoints against both staged raw JSON and normalized CVE tables

Endpoints

  • GET /api/health
  • GET /api/cves/{cveId}/summary
  • GET /api/cves/{cveId}/raw
  • GET /api/cves/{cveId}/references
  • GET /api/cves/{cveId}/affected-versions
  • GET /api/cwes/{cweId}/summaries?limit=100&offset=0
  • GET /api/search/descriptions?term=chrome
  • POST /api/query

Swagger / OpenAPI

After startup:

  • Swagger UI: http://localhost:8080/swagger-ui.html
  • OpenAPI JSON: http://localhost:8080/v3/api-docs
  • Grouped OpenAPI JSON: http://localhost:8080/v3/api-docs/cve-api

Configuration

Edit src/main/resources/application.properties or pass environment variables:

app.sqlite.path=/absolute/path/to/cve_stage.sqlite
app.sqlite.read-only=true
server.port=8080

Run locally

mvn spring-boot:run

Build locally

mvn clean package
java -jar target/cve-sqlite-api.jar

Docker build

docker build -t cve-sqlite-api:latest .

Docker run

Mount your SQLite DB file into the container and point the app at it:

docker run --rm -p 8080:8080   -e APP_SQLITE_PATH=/data/cve_stage.sqlite   -e APP_SQLITE_READ_ONLY=true   -v /absolute/path/to/your/db-directory:/data:ro   cve-sqlite-api:latest

actual:

docker run --rm -p 8080:8080   -e APP_SQLITE_PATH=/data/cve_stage.sqlite   -e APP_SQLITE_READ_ONLY=false   -v /home/jordan/db:/data   cve-sqlite-api:latest

Example requests

curl http://localhost:8080/api/health
curl http://localhost:8080/api/cves/CVE-2026-3538/summary
curl http://localhost:8080/api/cves/CVE-2026-3538/raw
curl "http://localhost:8080/api/cwes/CWE-209/summaries?limit=25&offset=0"

Template query endpoint example

curl -X POST http://localhost:8080/api/query   -H 'Content-Type: application/json'   -d '{
    "template": "CVES_BY_CWE",
    "params": {
      "cweId": "CWE-209",
      "limit": 25,
      "offset": 0
    }
  }'

Notes

  • The generic query endpoint is intentionally restricted to approved query templates rather than raw arbitrary SQL.
  • That keeps the service safely parameterized even when callers supply filter values.

Compatibility note

This project uses:

  • Spring Boot 4.0.3
  • springdoc-openapi 3.0.2

If you use springdoc 2.x with Spring Boot 4.x, Swagger UI initialization can fail at startup due to the Spring Boot 3 vs 4 compatibility split.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages