cwe-data

CLI tool to query CWE (Common Weakness Enumeration) data.

Features

• Query Weaknesses, Categories, and Views by ID
• Search across all CWE entries by keyword
• All data embedded in binary (no external files needed at runtime)
• Auto-downloads CWE database on first build

Build

cargo build --release

On first build, cwe.json is automatically downloaded from the CWE-CAPEC REST-API-wg repository. Following file is downloaded: https://github.com/CWE-CAPEC/REST-API-wg/blob/main/json_repo/cwe.json

That file is split and imbedded inside the executable. So no internet access is used while using the app, only during build.

Usage

# Get by ID (numeric or with CWE prefix)
cwe-data get 79
cwe-data get CWE-79

# Search by keyword (case-insensitive)
cwe-data search injection
cwe-data search "buffer overflow"
cwe-data search xss --limit 5          # Limit results
cwe-data search memory --line-limit 3  # Limit matching lines per entry

Output is JSON:

{
  "ID": "79",
  "Name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
  "Abstraction": "Base",
  ...
}

Data Source

CWE data from MITRE CWE via the CWE-CAPEC REST-API-wg repository.

License

The code in this project is licensed under the MIT or Apache 2.0 license.

All contributions, code and documentation, to this project will be similarly licensed.

CWE data is provided by MITRE. See CWE Terms of Use.