Skip to content

Add V2_importer to collect advisories from EUVD #2046

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add V2_importer to collect advisories from EUVD #2046

wants to merge 2 commits into from
+402 −0

Conversation

@Samk1710
Copy link

@Samk1710 Samk1710 commented Nov 26, 2025
edited by ziadhany
Loading

EUVD Importer

Overview

This pull request introduces a new importer for the EU Vulnerability Database (EUVD) provided by ENISA. The importer retrieves vulnerability advisories via the EUVD JSON API and integrates them into VulnerableCode.

Data Source

  • API: https://euvdservices.enisa.europa.eu/api/search
  • Format: JSON with pagination

Test Run Results

Unit & pipeline tests 
Test counting advisories ... INFO Fetching data from EUVD API: https://euvdservices.enisa.europa.eu/api/search
INFO Fetched page 0: 3 items (total: 3)
INFO No items in response for page 1; stopping fetch.
INFO Fetch completed successfully. Total items collected: 3
INFO Cached 3 items for reuse
ok
test_collect_advisories (vulnerabilities.tests.pipelines.v2_importers.test_euvd_importer_v2.TestEUVDImporterPipeline)
Test collecting and parsing advisories from test data ... INFO Fetching data from EUVD API: https://euvdservices.enisa.europa.eu/api/search
INFO Fetched page 0: 3 items (total: 3)
INFO Fetched page 1: 2 items (total: 5)
INFO No items in response for page 2; stopping fetch.
INFO Fetch completed successfully. Total items collected: 5
INFO Cached 5 items for reuse
ok
test_get_scoring_system (vulnerabilities.tests.pipelines.v2_importers.test_euvd_importer_v2.TestEUVDImporterPipeline)
Test CVSS version to scoring system mapping ... WARNING Unknown CVSS version: unknown
ok

----------------------------------------------------------------------
Ran 3 tests in 0.003s

OK

Importer Run (Full EUVD Dataset)

Importer log (451,638 advisories) 
Processing 451638 EUVD advisories...
Progress: Created 1000/451638 vulnerabilities...
Progress: Created 2000/451638 vulnerabilities...
Progress: Created 3000/451638 vulnerabilities...
Progress: Created 4000/451638 vulnerabilities...
Progress: Created 5000/451638 vulnerabilities...
Processed 5000/451638 advisories...
Progress: Created 6000/451638 vulnerabilities...
Progress: Created 7000/451638 vulnerabilities...
Progress: Created 8000/451638 vulnerabilities...
Progress: Created 9000/451638 vulnerabilities...
Progress: Created 10000/451638 vulnerabilities...
Processed 10000/451638 advisories...
Progress: Created 11000/451638 vulnerabilities...
Progress: Created 12000/451638 vulnerabilities...
Progress: Created 13000/451638 vulnerabilities...
Progress: Created 14000/451638 vulnerabilities...
Progress: Created 15000/451638 vulnerabilities...
Processed 15000/451638 advisories...
Progress: Created 16000/451638 vulnerabilities...
Progress: Created 17000/451638 vulnerabilities...
Progress: Created 18000/451638 vulnerabilities...
Progress: Created 19000/451638 vulnerabilities...
Progress: Created 20000/451638 vulnerabilities...
Processed 20000/451638 advisories...
Progress: Created 21000/451638 vulnerabilities...
Progress: Created 22000/451638 vulnerabilities...
Progress: Created 23000/451638 vulnerabilities...
Progress: Created 24000/451638 vulnerabilities...
Progress: Created 25000/451638 vulnerabilities...
Processed 25000/451638 advisories...
Progress: Created 26000/451638 vulnerabilities...
Progress: Created 27000/451638 vulnerabilities...
Progress: Created 28000/451638 vulnerabilities...
Progress: Created 29000/451638 vulnerabilities...
Progress: Created 30000/451638 vulnerabilities...
Processed 30000/451638 advisories...
Progress: Created 31000/451638 vulnerabilities...
Progress: Created 32000/451638 vulnerabilities...
Progress: Created 33000/451638 vulnerabilities...
Progress: Created 34000/451638 vulnerabilities...
Processed 35000/451638 advisories...
Progress: Created 35000/451638 vulnerabilities...
Progress: Created 36000/451638 vulnerabilities...
Progress: Created 37000/451638 vulnerabilities...
Progress: Created 38000/451638 vulnerabilities...
Progress: Created 39000/451638 vulnerabilities...
Processed 40000/451638 advisories...
Progress: Created 40000/451638 vulnerabilities...
Progress: Created 41000/451638 vulnerabilities...
Progress: Created 42000/451638 vulnerabilities...
Progress: Created 43000/451638 vulnerabilities...
Progress: Created 44000/451638 vulnerabilities...
Processed 45000/451638 advisories...
Progress: Created 45000/451638 vulnerabilities...
Progress: Created 46000/451638 vulnerabilities...
Progress: Created 47000/451638 vulnerabilities...
Progress: Created 48000/451638 vulnerabilities...
Progress: Created 49000/451638 vulnerabilities...
Processed 50000/451638 advisories...
Progress: Created 50000/451638 vulnerabilities...
Progress: Created 51000/451638 vulnerabilities...
Progress: Created 52000/451638 vulnerabilities...
Progress: Created 53000/451638 vulnerabilities...
Progress: Created 54000/451638 vulnerabilities...
Processed 55000/451638 advisories...
Progress: Created 55000/451638 vulnerabilities...
Progress: Created 56000/451638 vulnerabilities...
Progress: Created 57000/451638 vulnerabilities...
Progress: Created 58000/451638 vulnerabilities...
Progress: Created 59000/451638 vulnerabilities...
Processed 60000/451638 advisories...
Progress: Created 60000/451638 vulnerabilities...
Progress: Created 61000/451638 vulnerabilities...
Progress: Created 62000/451638 vulnerabilities...
Progress: Created 63000/451638 vulnerabilities...
Progress: Created 64000/451638 vulnerabilities...
Processed 65000/451638 advisories...
Progress: Created 65000/451638 vulnerabilities...
Progress: Created 66000/451638 vulnerabilities...
Progress: Created 67000/451638 vulnerabilities...
Progress: Created 68000/451638 vulnerabilities...
Progress: Created 69000/451638 vulnerabilities...
Processed 70000/451638 advisories...
Progress: Created 70000/451638 vulnerabilities...
Progress: Created 71000/451638 vulnerabilities...
Progress: Created 72000/451638 vulnerabilities...
Progress: Created 73000/451638 vulnerabilities...
Progress: Created 74000/451638 vulnerabilities...
Processed 75000/451638 advisories...
Progress: Created 75000/451638 vulnerabilities...
Progress: Created 76000/451638 vulnerabilities...
Progress: Created 77000/451638 vulnerabilities...
Progress: Created 78000/451638 vulnerabilities...
Progress: Created 79000/451638 vulnerabilities...
Processed 80000/451638 advisories...
Progress: Created 80000/451638 vulnerabilities...
Progress: Created 81000/451638 vulnerabilities...
Progress: Created 82000/451638 vulnerabilities...
Progress: Created 83000/451638 vulnerabilities...
Progress: Created 84000/451638 vulnerabilities...
Processed 85000/451638 advisories...
Progress: Created 85000/451638 vulnerabilities...
Progress: Created 86000/451638 vulnerabilities...
Progress: Created 87000/451638 vulnerabilities...
Progress: Created 88000/451638 vulnerabilities...
Progress: Created 89000/451638 vulnerabilities...
Processed 90000/451638 advisories...
Progress: Created 90000/451638 vulnerabilities...
Progress: Created 91000/451638 vulnerabilities...
Progress: Created 92000/451638 vulnerabilities...
Progress: Created 93000/451638 vulnerabilities...
Progress: Created 94000/451638 vulnerabilities...
Processed 95000/451638 advisories...
Progress: Created 95000/451638 vulnerabilities...
Progress: Created 96000/451638 vulnerabilities...
Progress: Created 97000/451638 vulnerabilities...
Progress: Created 98000/451638 vulnerabilities...
Progress: Created 99000/451638 vulnerabilities...
Processed 100000/451638 advisories...
Progress: Created 100000/451638 vulnerabilities...
Progress: Created 101000/451638 vulnerabilities...
Progress: Created 102000/451638 vulnerabilities...
Progress: Created 103000/451638 vulnerabilities...
Progress: Created 104000/451638 vulnerabilities...
Processed 105000/451638 advisories...
Progress: Created 105000/451638 vulnerabilities...
Progress: Created 106000/451638 vulnerabilities...
Progress: Created 107000/451638 vulnerabilities...
Progress: Created 108000/451638 vulnerabilities...
Progress: Created 109000/451638 vulnerabilities...
Processed 110000/451638 advisories...
Progress: Created 110000/451638 vulnerabilities...
Progress: Created 111000/451638 vulnerabilities...
Progress: Created 112000/451638 vulnerabilities...
Progress: Created 113000/451638 vulnerabilities...
Progress: Created 114000/451638 vulnerabilities...
Processed 115000/451638 advisories...
Progress: Created 115000/451638 vulnerabilities...
Progress: Created 116000/451638 vulnerabilities...
Progress: Created 117000/451638 vulnerabilities...
Progress: Created 118000/451638 vulnerabilities...
Progress: Created 119000/451638 vulnerabilities...
Processed 120000/451638 advisories...
Progress: Created 120000/451638 vulnerabilities...
Progress: Created 121000/451638 vulnerabilities...
Progress: Created 122000/451638 vulnerabilities...
Progress: Created 123000/451638 vulnerabilities...
Progress: Created 124000/451638 vulnerabilities...
Processed 125000/451638 advisories...
Progress: Created 125000/451638 vulnerabilities...
Progress: Created 126000/451638 vulnerabilities...
Progress: Created 127000/451638 vulnerabilities...
Progress: Created 128000/451638 vulnerabilities...
Progress: Created 129000/451638 vulnerabilities...
Processed 130000/451638 advisories...
Progress: Created 130000/451638 vulnerabilities...
Progress: Created 131000/451638 vulnerabilities...
Progress: Created 132000/451638 vulnerabilities...
Progress: Created 133000/451638 vulnerabilities...
Progress: Created 134000/451638 vulnerabilities...
Processed 135000/451638 advisories...
Progress: Created 135000/451638 vulnerabilities...
Progress: Created 136000/451638 vulnerabilities...
Progress: Created 137000/451638 vulnerabilities...
Progress: Created 138000/451638 vulnerabilities...
Progress: Created 139000/451638 vulnerabilities...
Processed 140000/451638 advisories...
Progress: Created 140000/451638 vulnerabilities...
Progress: Created 141000/451638 vulnerabilities...
Progress: Created 142000/451638 vulnerabilities...
Progress: Created 143000/451638 vulnerabilities...
Progress: Created 144000/451638 vulnerabilities...
Processed 145000/451638 advisories...
Progress: Created 145000/451638 vulnerabilities...
Progress: Created 146000/451638 vulnerabilities...
Progress: Created 147000/451638 vulnerabilities...
Progress: Created 148000/451638 vulnerabilities...
Progress: Created 149000/451638 vulnerabilities...
Processed 150000/451638 advisories...
Progress: Created 150000/451638 vulnerabilities...
Progress: Created 151000/451638 vulnerabilities...
Progress: Created 152000/451638 vulnerabilities...
Progress: Created 153000/451638 vulnerabilities...
Progress: Created 154000/451638 vulnerabilities...
Processed 155000/451638 advisories...
Progress: Created 155000/451638 vulnerabilities...
Progress: Created 156000/451638 vulnerabilities...
Progress: Created 157000/451638 vulnerabilities...
Progress: Created 158000/451638 vulnerabilities...
Progress: Created 159000/451638 vulnerabilities...
Processed 160000/451638 advisories...
Progress: Created 160000/451638 vulnerabilities...
Progress: Created 161000/451638 vulnerabilities...
Progress: Created 162000/451638 vulnerabilities...
Progress: Created 163000/451638 vulnerabilities...
Progress: Created 164000/451638 vulnerabilities...
Processed 165000/451638 advisories...
Progress: Created 165000/451638 vulnerabilities...
Progress: Created 166000/451638 vulnerabilities...
Progress: Created 167000/451638 vulnerabilities...
Progress: Created 168000/451638 vulnerabilities...
Progress: Created 169000/451638 vulnerabilities...
Processed 170000/451638 advisories...
Progress: Created 170000/451638 vulnerabilities...
Progress: Created 171000/451638 vulnerabilities...
Progress: Created 172000/451638 vulnerabilities...
Progress: Created 173000/451638 vulnerabilities...
Progress: Created 174000/451638 vulnerabilities...
Processed 175000/451638 advisories...
Progress: Created 175000/451638 vulnerabilities...
Progress: Created 176000/451638 vulnerabilities...
Progress: Created 177000/451638 vulnerabilities...
Progress: Created 178000/451638 vulnerabilities...
Progress: Created 179000/451638 vulnerabilities...
Processed 180000/451638 advisories...
Progress: Created 180000/451638 vulnerabilities...
Progress: Created 181000/451638 vulnerabilities...
Progress: Created 182000/451638 vulnerabilities...
Progress: Created 183000/451638 vulnerabilities...
Progress: Created 184000/451638 vulnerabilities...
Processed 185000/451638 advisories...
Progress: Created 185000/451638 vulnerabilities...
Progress: Created 186000/451638 vulnerabilities...
Progress: Created 187000/451638 vulnerabilities...
Progress: Created 188000/451638 vulnerabilities...
Progress: Created 189000/451638 vulnerabilities...
Processed 190000/451638 advisories...
Progress: Created 190000/451638 vulnerabilities...
Progress: Created 191000/451638 vulnerabilities...
Progress: Created 192000/451638 vulnerabilities...
Progress: Created 193000/451638 vulnerabilities...
Progress: Created 194000/451638 vulnerabilities...
Processed 195000/451638 advisories...
Progress: Created 195000/451638 vulnerabilities...
Progress: Created 196000/451638 vulnerabilities...
Progress: Created 197000/451638 vulnerabilities...
Progress: Created 198000/451638 vulnerabilities...
Progress: Created 199000/451638 vulnerabilities...
Processed 200000/451638 advisories...
Progress: Created 200000/451638 vulnerabilities...
Progress: Created 201000/451638 vulnerabilities...
Progress: Created 202000/451638 vulnerabilities...
Progress: Created 203000/451638 vulnerabilities...
Progress: Created 204000/451638 vulnerabilities...
Processed 205000/451638 advisories...
Progress: Created 205000/451638 vulnerabilities...
Progress: Created 206000/451638 vulnerabilities...
Progress: Created 207000/451638 vulnerabilities...
Progress: Created 208000/451638 vulnerabilities...
Progress: Created 209000/451638 vulnerabilities...
Processed 210000/451638 advisories...
Progress: Created 210000/451638 vulnerabilities...
Progress: Created 211000/451638 vulnerabilities...
Progress: Created 212000/451638 vulnerabilities...
Progress: Created 213000/451638 vulnerabilities...
Progress: Created 214000/451638 vulnerabilities...
Processed 215000/451638 advisories...
Progress: Created 215000/451638 vulnerabilities...
Progress: Created 216000/451638 vulnerabilities...
Progress: Created 217000/451638 vulnerabilities...
Progress: Created 218000/451638 vulnerabilities...
Progress: Created 219000/451638 vulnerabilities...
Processed 220000/451638 advisories...
Progress: Created 220000/451638 vulnerabilities...
Progress: Created 221000/451638 vulnerabilities...
Progress: Created 222000/451638 vulnerabilities...
Progress: Created 223000/451638 vulnerabilities...
Progress: Created 224000/451638 vulnerabilities...
Processed 225000/451638 advisories...
Progress: Created 225000/451638 vulnerabilities...
Progress: Created 226000/451638 vulnerabilities...
Progress: Created 227000/451638 vulnerabilities...
Progress: Created 228000/451638 vulnerabilities...
Progress: Created 229000/451638 vulnerabilities...
Processed 230000/451638 advisories...
Progress: Created 230000/451638 vulnerabilities...
Progress: Created 231000/451638 vulnerabilities...
Progress: Created 232000/451638 vulnerabilities...
Progress: Created 233000/451638 vulnerabilities...
Progress: Created 234000/451638 vulnerabilities...
Processed 235000/451638 advisories...
Progress: Created 235000/451638 vulnerabilities...
Progress: Created 236000/451638 vulnerabilities...
Progress: Created 237000/451638 vulnerabilities...
Progress: Created 238000/451638 vulnerabilities...
Progress: Created 239000/451638 vulnerabilities...
Processed 240000/451638 advisories...
Progress: Created 240000/451638 vulnerabilities...
Progress: Created 241000/451638 vulnerabilities...
Progress: Created 242000/451638 vulnerabilities...
Progress: Created 243000/451638 vulnerabilities...
Progress: Created 244000/451638 vulnerabilities...
Processed 245000/451638 advisories...
Progress: Created 245000/451638 vulnerabilities...
Progress: Created 246000/451638 vulnerabilities...
Progress: Created 247000/451638 vulnerabilities...
Progress: Created 248000/451638 vulnerabilities...
Progress: Created 249000/451638 vulnerabilities...
Processed 250000/451638 advisories...
Progress: Created 250000/451638 vulnerabilities...
Progress: Created 251000/451638 vulnerabilities...
Progress: Created 252000/451638 vulnerabilities...
Progress: Created 253000/451638 vulnerabilities...
Progress: Created 254000/451638 vulnerabilities...
Progress: Created 255000/451638 vulnerabilities...
Progress: Created 256000/451638 vulnerabilities...
Progress: Created 257000/451638 vulnerabilities...
Progress: Created 258000/451638 vulnerabilities...
Processed 310000/451638 advisories...
Progress: Created 259000/451638 vulnerabilities...
Progress: Created 260000/451638 vulnerabilities...
Progress: Created 261000/451638 vulnerabilities...
Progress: Created 262000/451638 vulnerabilities...
Progress: Created 263000/451638 vulnerabilities...
Progress: Created 264000/451638 vulnerabilities...
Processed 365000/451638 advisories...
Progress: Created 265000/451638 vulnerabilities...
Progress: Created 266000/451638 vulnerabilities...
Progress: Created 267000/451638 vulnerabilities...
Progress: Created 268000/451638 vulnerabilities...
Progress: Created 269000/451638 vulnerabilities...
Processed 370000/451638 advisories...
Progress: Created 270000/451638 vulnerabilities...
Progress: Created 271000/451638 vulnerabilities...
Progress: Created 272000/451638 vulnerabilities...
Progress: Created 273000/451638 vulnerabilities...
Processed 375000/451638 advisories...
Progress: Created 274000/451638 vulnerabilities...
Progress: Created 275000/451638 vulnerabilities...
Progress: Created 276000/451638 vulnerabilities...
Progress: Created 277000/451638 vulnerabilities...
Processed 380000/451638 advisories...
Progress: Created 278000/451638 vulnerabilities...
Progress: Created 279000/451638 vulnerabilities...
Progress: Created 280000/451638 vulnerabilities...
Progress: Created 281000/451638 vulnerabilities...
Progress: Created 282000/451638 vulnerabilities...
Processed 400000/451638 advisories...
Progress: Created 283000/451638 vulnerabilities...
Progress: Created 284000/451638 vulnerabilities...
Progress: Created 285000/451638 vulnerabilities...
Progress: Created 286000/451638 vulnerabilities...
Processed 450000/451638 advisories...

Done!
Created 286986 new vulnerabilities
Added 611992 alias relationships

The full EUVD pipeline completed successfully in 6.4 hours locally, relevant log excerpt:

INFO 2025-11-25 23:53:04.724015 UTC Progress: 100% (452459/452459)
INFO 2025-11-25 23:53:04.735236 UTC Successfully collected 452,441 advisories
INFO 2025-11-25 23:53:04.735444 UTC Step [collect_and_store_advisories] completed in 23064 seconds (6.4 hours)

@Samk1710 Samk1710 mentioned this pull request Nov 26, 2025
Open
@Samk1710
Add V2_importer to collect advisories from EUVD
19d4d45 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
@ziadhany ziadhany self-requested a review November 26, 2025 12:21
@Samk1710
Fix code formatting with black and isort
a3a5c36 
Signed-off-by: Sampurna Pyne <sampurnapyne1710@gmail.com>
ziadhany
ziadhany requested changes Nov 27, 2025
View reviewed changes
Copy link
Collaborator

@ziadhany ziadhany left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Samk1710 Great start! Just a few small tweaks

vulnerabilities/pipelines/v2_importers/euvd_importer.py
advisory = self.parse_advisory(raw_data)
if advisory:
yield advisory
except Exception as e:
Copy link
Collaborator

@ziadhany ziadhany Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please avoid using general exceptions.

vulnerabilities/tests/pipelines/v2_importers/test_euvd_importer_v2.py
Comment on lines +44 to +53
first = advisories[0]
assert isinstance(first, AdvisoryData)
assert first.advisory_id == "EUVD-2025-197757"
assert "EUVD-2025-197757" in first.aliases
assert "CVE-2025-13284" in first.aliases
assert first.summary == "ThinPLUS vulnerability that allows remote code execution"
assert first.date_published is not None
assert len(first.severities) == 1
assert first.severities[0].system.identifier == "cvssv3.1"
assert first.severities[0].value == "9.8"
Copy link
Collaborator

@ziadhany ziadhany Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be easier if you test using util_tests.check_results_against_json(result, expected_file) and with an expected file.

vulnerabilities/pipelines/v2_importers/euvd_importer.py
Comment on lines +51 to +53
if self._cached_data is not None:
logger.info(f"Using cached data: {len(self._cached_data)} items")
return self._cached_data
Copy link
Collaborator

@ziadhany ziadhany Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we have _cached_data? It is because the API returns repeated data

Copy link
Author

@Samk1710 Samk1710 Nov 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

_cached_data prevents a second full API fetch.
The base importer calls fetch_data() once to count advisories and again to iterate through them.
Caching ensures both steps use the same dataset snapshot while avoiding duplicated network requests and API load.

vulnerabilities/pipelines/v2_importers/euvd_importer.py

logger.info(f"Fetching data from EUVD API: {self.url}")

while True:
Copy link
Collaborator

@ziadhany ziadhany Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should avoid loops without a condition. Maybe looping over the total 452584 advisories is a good idea.

vulnerabilities/pipelines/v2_importers/euvd_importer.py
logger.error(f"API returned status {response.status_code} for page {page}")
retry_count += 1
if retry_count < max_retries:
sleep_time = min(10 * (2 ** min(retry_count - 1, 5)), 60)
Copy link
Collaborator

@ziadhany ziadhany Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why this sleep_time? We run the importers multiple times. If one request fails, we can have just one retry.

( please avoid complex retry )

Copy link
Author

@Samk1710 Samk1710 Nov 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Screenshot from 2025-11-25 20-25-53

I added the retry logic as I faced some API failures during importer run (in my case it was network failures), but as you mentioned that we run importers multiple times, it shouldn't be an issue. I will apply one retry on failure as suggested.

@Samk1710
Copy link
Author

Samk1710 commented Nov 27, 2025

@Samk1710 Great start! Just a few small tweaks

Thanks a lot @ziadhany for the review. Will make the changes as suggested.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ziadhany ziadhany ziadhany requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Collect EUVD data

2 participants

@Samk1710 @ziadhany