In [122]:
import requests
import json

#NIST API URL that only outputs CVEs that are in CISA's Known Exploited Vulnerabilities catalog
url = "https://services.nvd.nist.gov/rest/json/cves/2.0?hasKev&startIndex=0&cvssV3Severity=CRITICAL&keywordSearch=Microsoft"

### Helper Functions

In [110]:
def get_nvd_data(url):
    #function that receives data from NIST API

    try:
        response = requests.get(url)

        if response.status_code == 200:
            data = response.json()
            return data

        else:
            print(f"Request failed with status code {response.status_code}")
            return None

    except requests.exceptions.RequestException as e:
        print(f"Request failed: {str(e)}")
        return None

In [3]:
def filter_by_severity(cve_data, filter_severity):
    medium_severity_results = []

    for vulnerability in cve_data.get("vulnerabilities", []):
        cvss_metric_v2 = vulnerability.get("cve", {}).get("metrics", {}).get("cvssMetricV2", [])
    
        for metric in cvss_metric_v2:
            baseSeverity = metric.get("baseSeverity")

            if baseSeverity == filter_severity:
                medium_severity_results.append(vulnerability)

    return medium_severity_results


In [4]:
def filter_by_vulnerability_name(cve_data, filter_keyword):
    matching_results = []

    for vulnerability in cve_data.get("vulnerabilities", []):
        vulnerability_name = vulnerability.get("cve", {}).get("cisaVulnerabilityName", "")
        
        if filter_keyword.lower() in vulnerability_name.lower():
            matching_results.append(vulnerability)

    return matching_results

### Select CVE Severity

In [21]:
filter_severity = "LOW"

In [6]:
filter_severity = "MEDIUM"

In [7]:
filter_severity = "HIGH"

### Select Keyword

In [123]:
filter_keyword = "Microsoft"

In [9]:
filter_keyword = "Adobe"

In [10]:
filter_keyword = "Office"

### Main(s)

Filter for severity

In [124]:
# get cve data
cve_data = get_nvd_data(url)

In [125]:
print(f"resultsPerPage: {cve_data['resultsPerPage']}")
print(f"startIndex: {cve_data['startIndex']}")
print(f"totalResults: {cve_data['totalResults']}")

resultsPerPage: 11
startIndex: 0
totalResults: 11


In [85]:
cve_data

{'resultsPerPage': 2000,
 'startIndex': 200,
 'totalResults': 227017,
 'format': 'NVD_CVE',
 'version': '2.0',
 'timestamp': '2023-10-05T00:06:52.257',
 'vulnerabilities': [{'cve': {'id': 'CVE-1999-0252',
    'sourceIdentifier': 'cve@mitre.org',
    'published': '1997-01-01T05:00:00.000',
    'lastModified': '2022-08-17T10:15:12.293',
    'vulnStatus': 'Modified',
    'descriptions': [{'lang': 'en',
      'value': 'Buffer overflow in listserv allows arbitrary command execution.'}],
    'metrics': {'cvssMetricV2': [{'source': 'nvd@nist.gov',
       'type': 'Primary',
       'cvssData': {'version': '2.0',
        'vectorString': 'AV:N/AC:L/Au:N/C:P/I:P/A:P',
        'accessVector': 'NETWORK',
        'accessComplexity': 'LOW',
        'authentication': 'NONE',
        'confidentialityImpact': 'PARTIAL',
        'integrityImpact': 'PARTIAL',
        'availabilityImpact': 'PARTIAL',
        'baseScore': 7.5},
       'baseSeverity': 'HIGH',
       'exploitabilityScore': 10.0,
       'impact

In [22]:
# filter for severity
filtered_cve_data = filter_by_severity(cve_data, filter_severity)

In [73]:
print(f"resultsPerPage: {cve_data['resultsPerPage']}")
print(f"startIndex: {cve_data['startIndex']}")
print(f"totalResults: {cve_data['totalResults']}")

resultsPerPage: 2000
startIndex: 0
totalResults: 227017


In [15]:
filtered_cve_data

[{'cve': {'id': 'CVE-2013-2597',
   'sourceIdentifier': 'cve@mitre.org',
   'published': '2014-08-31T10:55:03.753',
   'lastModified': '2014-09-02T18:43:12.043',
   'vulnStatus': 'Analyzed',
   'cisaExploitAdd': '2022-09-15',
   'cisaActionDue': '2022-10-06',
   'cisaRequiredAction': 'Apply updates per vendor instructions.',
   'cisaVulnerabilityName': 'Code Aurora ACDB Audio Driver Stack-based Buffer Overflow Vulnerability',
   'descriptions': [{'lang': 'en',
     'value': 'Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that leverages /dev/msm_acdb access and provides a large size value in an ioctl argument.'},
    {'lang': 'es',
     'value': 'Desbordamiento de buffer basado en pila en la función acdb_ioctl en audio_acdb.c en el controlador de a

Filter for keyword

In [53]:
# get cve data
cve_data = get_nvd_data(url)

Request failed with status code 404


In [50]:
len(cve_data["vulnerabilities"])

1000

In [18]:
filtered_cve_data = filter_by_vulnerability_name(cve_data, filter_keyword)

In [19]:
len(filtered_cve_data)

28

In [20]:
filtered_cve_data

[{'cve': {'id': 'CVE-2015-1770',
   'sourceIdentifier': 'secure@microsoft.com',
   'published': '2015-06-10T01:59:36.483',
   'lastModified': '2018-10-12T22:09:12.167',
   'vulnStatus': 'Modified',
   'cisaExploitAdd': '2022-03-28',
   'cisaActionDue': '2022-04-18',
   'cisaRequiredAction': 'Apply updates per vendor instructions.',
   'cisaVulnerabilityName': 'Microsoft Office Uninitialized Memory Use Vulnerability',
   'descriptions': [{'lang': 'en',
     'value': 'Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Uninitialized Memory Use Vulnerability."'},
    {'lang': 'es',
     'value': "Microsoft Office 2013 SP1 y 2013 RT SP1 permite a atacantes remotos ejecutar código arbitrario a través de un documento Office manipulado, también conocido como 'vulnerabilidad del uso de memoria no inicializada de Microsoft Office.'"}],
   'metrics': {'cvssMetricV2': [{'source': 'nvd@nist.gov',
      'ty