Introduction
When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like NVD and MITRE are valuable, but relying on them directly can expose sensitive queries or create delays. That’s where CVE-Search steps in.
CVE-Search is an open-source tool that imports CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) data into MongoDB. This allows you to build a local CVE vulnerability database, making queries faster, private, and automation-ready.
It includes:
- A back-end database for vulnerabilities and related metadata
- An intuitive web interface for searching and managing CVEs
- Powerful command-line tools for querying
- A REST API for integration into workflows
Why Use CVE-Search?
- Faster queries: Local MongoDB searches are much quicker than remote lookups.
- Privacy protection: Sensitive queries never leave your network.
- Versatility: Choose between CLI, web, or API interfaces.
- Automation friendly: Perfect for CI/CD pipelines or continuous monitoring.
Installing MongoDB
CVE-Search requires Python 3.3+ and MongoDB 2.2+ (or newer). Install MongoDB either from your distribution’s package manager or directly from MongoDB. Don’t forget to include the development headers.
For installation instructions, refer to the MongoDB manual.
Populating the Database
Once MongoDB is running, populate your CVE and CPE data:
./sbin/db_mgmt.py -p
./sbin/db_mgmt_cpe_dictionary.py
./sbin/db_updater.py -c
This fetches XML data from official CVE and CPE databases. The first import can take time depending on your system.
To add cross-references from NIST, Red Hat, and other vendors:
./sbin/db_mgmt_ref.py
Keeping the Database Updated
To update the database regularly:
./sbin/db_updater.py -v
- Can be automated with
cron
- Logs are written to
syslog
by default
To fully reset and repopulate:
./sbin/db_updater.py -v -f
Usage Examples
With your database populated, query it using search.py
:
./bin/search.py -p cisco:ios:12.4
./bin/search.py -p cisco:ios:12.4 -o json
./bin/search.py -f nagios -n
./bin/search.py -p microsoft:windows_7 -o html
Example: Find all Cisco WebEx vulnerabilities with official references:
./bin/search.py -p webex: -o csv -v "cisco"
Lookup a specific CVE:
./bin/search.py -c CVE-2010-3333
Other utilities include:
- XMPP bot:
./bin/search_xmpp.py -j mybot@jabber.org -p strongpassword
- Dump last CVEs (RSS/Atom):
./bin/dump_last.py -f atom -l 2
- Web Interface:
./web/index.py
Ranking Database
CVE-Search allows ranking vulnerabilities per organization or department.
Example: Mark SAP NetWeaver as critical for accounting:
./sbin/db_ranking.py -c "sap:netweaver" -g "accounting" -r 3
./bin/search.py -c CVE-2012-4341 -r -n
Advanced Usage
Because CVE-Search is modular, you can combine it with Unix tools for analysis.
Example: Top vendors with “unknown” vulnerabilities
python3 bin/search_fulltext.py -q unknown -f \
| jq -c '.vulnerable_configuration[0]' \
| cut -f5 -d: | sort | uniq -c | sort -nr | head -10
Example: Compare CVSS scores (Oracle vs Sun JRE)
python3 bin/search.py -p oracle:java -o json | jq -r '.cvss' | Rscript -e 'summary(...)'
python3 bin/search.py -p sun:jre -o json | jq -r '.cvss' | Rscript -e 'summary(...)'
Full-Text Indexing & Visualization
Index CVEs:
./sbin/db_fulltext.py
Search full-text index:
./bin/search_fulltext.py -q NFS -q Linux
Generate visualization JSON (requires NLTK):
./bin/search_fulltext.py -g -s > cve.json
This produces keyword insights and frequency analysis for vulnerabilities.
Web Interface & API
CVE-Search includes:
- Minimal web UI: View latest CVEs, query by ID. Runs on Flask + Flask-PyMongo.
- JSON API: Programmatic access to vendors, products, and CVEs.
Examples:
curl http://127.0.0.1:5000/api/browse/ # List vendors
curl http://127.0.0.1:5000/api/browse/zyxel # Zyxel products
curl http://127.0.0.1:5000/api/search/zyxel/p-660hw
A public API is also available at cve.circl.lu.
Ecosystem & Integrations
Several projects extend CVE-Search:
- cve-portal: CVE notification portal
- cve-search-mt: Management toolkit
- cve-scan: Nmap-based CVE scanner
Together, these enhance automation, monitoring, and proactive vulnerability management.
Docker Deployment & Quickstart
One of the easiest ways to get started with CVE-Search today is by using its official Docker Compose setup. This avoids the need to manually configure MongoDB, Redis, or dependencies on your host system.
Step 1: Clone the CVE-Search Docker Repository
git clone https://github.com/cve-search/CVE-Search-Docker.git
cd CVE-Search-Docker
Step 2: Start the Containers
Use Docker Compose to bring up the full stack (CVE-Search, MongoDB, Redis):
docker compose up -d
This launches all required services in the background.
Step 3: Access the Web Interface
Once running, the web interface is available at:
http://127.0.0.1:5000
From here, you can browse recent CVEs, search by vendor or product, and interact with the REST API.
Step 4: Keep Your Data Updated
Update CVE and CPE data inside the container with:
docker compose exec cvesearch ./sbin/db_updater.py -v
Step 5: Stop or Remove Containers
To gracefully shut down:
docker compose down
To remove all containers and volumes (resetting the database):
docker compose down -v
Why Use Docker for CVE-Search?
- Fast setup: Get running in minutes without manual dependency management
- Portable & reproducible: Works across different environments with the same configuration
- Isolated services: MongoDB and Redis are preconfigured inside containers
- Easy resets: Quickly rebuild or refresh your vulnerability database