1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
# cvedb-py
CLI client for [Shodan's CVEDB API](https://cvedb.shodan.io) - fast vulnerability lookups using CVE IDs and CPE 2.3 identifiers.
**Package name:** `cvedb-py`
**CLI command:** `cvedb`
## Installation
```bash
uv sync
uv run cvedb --help
```
System-wide install:
```bash
make install
```
## Usage
```bash
# Look up a specific CVE
cvedb cve CVE-2021-44228
# Search CVEs by product
cvedb cves -p nginx
cvedb cves -p nginx --kev --sort-epss # KEV only, sorted by EPSS
# Search CVEs by CPE
cvedb cves -c "cpe:2.3:a:apache:log4j:2.14.1"
# List CPEs for a product
cvedb cpes wordpress
cvedb cpes woocommerce --count
# Output formats
cvedb cves -p nginx -f json # JSON output
cvedb cves -p nginx -f tsv # TSV output
cvedb cves -p nginx | head # auto-TSV when piping
```
## Commands
### `cve <CVE-ID>`
Look up a specific CVE by ID.
### `cves`
Search CVEs by product name or CPE 2.3 identifier.
| Option | Description |
|--------|-------------|
| `-p, --product` | Product name to search |
| `-c, --cpe` | CPE 2.3 identifier |
| `-k, --kev` | Only CISA KEV entries |
| `-e, --sort-epss` | Sort by EPSS score |
| `-s, --start` | Start date (YYYY-MM-DD) |
| `--end` | End date (YYYY-MM-DD) |
| `-l, --limit` | Max results (default: 25) |
| `-L, --no-limit` | Fetch all results |
| `--skip` | Skip N results |
| `--count` | Only show count |
| `-f, --format` | Output format: table, json, tsv |
### `cpes <PRODUCT>`
List CPE 2.3 identifiers for a product.
| Option | Description |
|--------|-------------|
| `-l, --limit` | Max results (default: 25) |
| `-L, --no-limit` | Fetch all results |
| `--skip` | Skip N results |
| `--count` | Only show count |
| `-f, --format` | Output format: table, json, tsv |
## Output Formats
- `table` - Rich formatted table (default for TTY)
- `tsv` - Tab-separated values (default when piping)
- `json` - JSON output
## API
- **Source**: NVD (National Vulnerability Database)
- **Updates**: Daily at midnight UTC
- **Auth**: None required (free for non-commercial use)
- **Docs**: https://cvedb.shodan.io/docs
## License
MIT
|