get-cve 1.5.2

Tools for CVE managing, exploring and collect some data about their weaknesses and classifications
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161

# Tyr - get-cve

## Installation
`cargo install get-cve`

## Purpose
This command line utility allows to explore fixed CVE on debian/redhat like OS.

The exploration is based on their changelog.

`git-cve` don't download CVE database to explore all open CVE on a package. There are several other good tools for this exploration.

## Usage on some linux distro
To explore all fixed CVE for an installed package:
```[bash,source]
get-cve <package>
```
or if several version are installing:
```[bash, source]
get-cve <package>=<version>
```
Eg:
```[bash, source]
# get-cve less
[ LESS => 590-1UBUNTU0.22.04.3 ]
CVE-2014-9488
CVE-2022-46663
CVE-2022-48624
CVE-2024-32487
#
```

## Common usage
With the common usage, this command make its queries directly on the NVD Nist database.

Eg:
```[bash, source]
# get-cve new
.
CVE-2024-44373
CVE-2024-45062
CVE-2025-2988
CVE-2025-31988
...
CVE-2025-9156
CVE-2025-9157
CVE-2025-9165
```

It's possible to search a list of CVE for a CPE string matching.
Eg:

```[bash, source]
$ get-cve f "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:*:*"
.
CVE-1999-0794
CVE-2004-0848
CVE-2005-2127
...
CVE-2021-41368
CVE-2022-26901
CVE-2023-36767
```

To show the CVE in array format:

```[bash, source]
$ get-cve CVE-2025-12224 -L
WARNING: NVD api key not found. The http requests will run with better performances with this key.
╭───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│                                                                         CVE list                                                                          │
├────────────────┬────────────────────────────────────────────────────────────────────────┬────────────────────┬────────────────────┬──────┬────────────────┤
│ CVE            │ Description                                                            │ Score v3           │ Score v4           │ CPE  │ Weaknesses     │
├────────────────┼────────────────────────────────────────────────────────────────────────┼────────────────────┼────────────────────┼──────┼────────────────┤
│ CVE-2025-12224 │ A flaw has been found in Iqbolshoh php-business-website up to 10677... │     3.5 - LOW      │    5.1 - MEDIUM    │ None │ CWE-79, CWE-94 │

```

To show the list of exploited CVE in array format:

```[bash, source]
$ get-cve exploited --long

WARNING: NVD api key not found. The http requests will run with better performances with this key.

╭──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│                                                                                             CVE list                                                                                             │
├──────────────────┬────────────────────────────────────────────────────────────────────────┬────────────────────┬────────────────────┬──────────────────────────────────────────┬─────────────────┤
│ CVE              │ Description                                                            │ Score v3           │ Score v4           │ CPE                                      │ Weaknesses      │
├──────────────────┼────────────────────────────────────────────────────────────────────────┼────────────────────┼────────────────────┼──────────────────────────────────────────┼─────────────────┤
│ CVE-2002-0367    │ smss.exe debugging subsystem in Windows NT and Windows 2000 does no... │     7.8 - HIGH     │     0.0 - None     │ cpe:2.3:o:microsoft:windows_2000:-:*:... │ NVD-CWE-noinfo  │
│ CVE-2004-0210    │ The POSIX component of Microsoft Windows NT and Windows 2000 allows... │     7.8 - HIGH     │     0.0 - None     │ cpe:2.3:a:microsoft:interix:2.2:*:*:*... │ CWE-120         │
│ CVE-2004-1464    │ Cisco IOS 12.2(15) and earlier allows remote attackers to cause a d... │    5.9 - MEDIUM    │     0.0 - None     │ cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*      │ NVD-CWE-noinfo  │
│ CVE-2005-2773    │ HP OpenView Network Node Manager 6.2 through 7.50 allows remote att... │   9.8 - CRITICAL   │     0.0 - None     │ cpe:2.3:a:hp:openview_network_node_ma... │ NVD-CWE-noinfo  │
│ CVE-2006-1547    │ ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 ... │     7.5 - HIGH     │     0.0 - None     │ cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*  │ NVD-CWE-noinfo  │
│ CVE-2006-2492    │ Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3... │     8.8 - HIGH     │     0.0 - None     │ cpe:2.3:a:microsoft:office:2000:sp3:*... │ CWE-120         │
│ CVE-2007-0671    │ Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 20... │     8.8 - HIGH     │     0.0 - None     │ cpe:2.3:a:microsoft:access:2000:*:*:*... │ NVD-CWE-noinfo  │
│ CVE-2007-3010    │ masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterp... │   9.8 - CRITICAL   │     0.0 - None     │ cpe:2.3:a:al-enterprise:omnipcx_enter... │ NVD-CWE-noinfo  │
│ CVE-2007-5659    │ Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and ear... │     7.8 - HIGH     │     0.0 - None     │ cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*  │ CWE-120         │
│ CVE-2008-0655    │ Multiple unspecified vulnerabilities in Adobe Reader and Acrobat be... │   9.8 - CRITICAL   │     0.0 - None     │ cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*  │ NVD-CWE-noinfo  │
│ CVE-2008-2992    │ Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and e... │     7.8 - HIGH     │     0.0 - None     │ cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*  │ CWE-787         │

...
│ CVE-2025-6543    │ Memory overflow vulnerability leading to unintended control flow an... │   9.8 - CRITICAL   │   9.2 - CRITICAL   │ cpe:2.3:a:citrix:netscaler_applicatio... │ CWE-119         │
│ CVE-2025-6554    │ Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowe... │     8.1 - HIGH     │     0.0 - None     │ cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*  │ CWE-843         │
│ CVE-2025-6558    │ Insufficient validation of untrusted input in ANGLE and GPU in Goog... │     8.8 - HIGH     │     0.0 - None     │ cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*  │ CWE-20          │
│ CVE-2025-7775    │ Memory overflow vulnerability leading to Remote Code Execution and/... │   9.8 - CRITICAL   │   9.2 - CRITICAL   │ cpe:2.3:a:citrix:netscaler_applicatio... │ CWE-119         │
│ CVE-2025-8088    │ A path traversal vulnerability affecting the Windows version of Win... │     8.8 - HIGH     │     8.4 - HIGH     │ cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*  │ CWE-35          │
│ CVE-2025-8875    │ Deserialization of Untrusted Data vulnerability in N-able N-central... │     7.8 - HIGH     │   9.4 - CRITICAL   │ cpe:2.3:a:n-able:n-central:*:*:*:*:*:... │ CWE-502         │
│ CVE-2025-8876    │ Improper Input Validation vulnerability in N-able N-central allows ... │     8.8 - HIGH     │   9.4 - CRITICAL   │ cpe:2.3:a:n-able:n-central:*:*:*:*:*:... │ CWE-20          │
│ CVE-2025-9242    │ An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may ... │   9.8 - CRITICAL   │   9.3 - CRITICAL   │ cpe:2.3:o:watchguard:fireware:*:*:*:*... │ CWE-787         │
│ CVE-2025-9377    │ The authenticated remote command execution (RCE) vulnerability exis... │     7.2 - HIGH     │     8.6 - HIGH     │ cpe:2.3:o:tp-link:tl-wr841n_firmware:... │ CWE-78          │
╰──────────────────┴────────────────────────────────────────────────────────────────────────┴────────────────────┴────────────────────┴──────────────────────────────────────────┴─────────────────╯
```

To show the schema associated to a cve uses:

```[bash,source]
$ get-cve cve-2025-66918 -S
CVE-2025-66918
 ├─ CWE-20 - Improper Input Validation
 │  ├─ CAPEC-3 - Using Leading 'Ghost' Character Sequences to Bypass Input Filters
 │  ├─ CAPEC-7 - Blind SQL Injection
 │  ├─ CAPEC-8 - Buffer Overflow in an API Call
 │  ├─ CAPEC-9 - Buffer Overflow in Local Command-Line Utilities
 │  ├─ CAPEC-10 - Buffer Overflow via Environment Variables
 │  ├─ CAPEC-13 - Subverting Environment Variable Values
 │  ├─ CAPEC-14 - Client-side Injection-induced Buffer Overflow
 │  ├─ CAPEC-22 - Exploiting Trust in Client
 │  ├─ CAPEC-23 - File Content Injection
 │  ├─ CAPEC-24 - Filter Failure through Buffer Overflow
 │  ├─ CAPEC-28 - Fuzzing
 │  ├─ CAPEC-31 - Accessing/Intercepting/Modifying HTTP Cookies
 │  ├─ CAPEC-42 - MIME Conversion
 │  ├─ CAPEC-43 - Exploiting Multiple Input Interpretation Layers
 │  ├─ CAPEC-45 - Buffer Overflow via Symbolic Links
...
 |  └─ CAPEC-664 - Server Side Request Forgery
 └─ CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    ├─ CAPEC-63 - Cross-Site Scripting (XSS)
    ├─ CAPEC-85 - AJAX Footprinting
    ├─ CAPEC-209 - XSS Using MIME Type Mismatch
    ├─ CAPEC-588 - DOM-Based XSS
    ├─ CAPEC-591 - Reflected XSS
    └─ CAPEC-592 - Stored XSS
```

Same option is existing for new CVE list and updated CVE list, and it's possible to sort the table result with different criteria (see `get-cve help`).

To explore other options run `get-cve help`.

## Authors and acknowledgment
Help will be appreciated. All tools will be developed with rust technology.

## License
This project is under MIT license.

## Project status
This project is under development and all contributions are welcome.

These tools are provided without any guaranties.