limit - (optional) int attribute, set to 1000 by default. The logic should use startIndex / resultsPerPage internally to fetch a required number of CVEs. If limit size is smaller than max value for resultsPerPage (2000, the data can be fetches without pagination.
The plugin should return a list of CVEs - response["vulnerabilities"] array
lastModStartDate and lastModEndDate / pubStartDate and pubEndDate values have a length constraint: "the maximum allowable range when using any date range parameters is 120 consecutive days". See the docs for more details.
the boolean parameters are included in the URL query params without a value
Description
The NVD is the U.S. government repository of standards based vulnerability management data. NVD API provides access to the collection of CVEs.
Use Case
NVD API can be used to pull the details of the specific CVEs or get the filtered collection of the recent CVEs for summarisation.
Requirements
configuration
api_key
-- (optional) string attribute. API key is not required for API access but the requests with API key set enjoy higher rate-limit capsparameters (a majority of these maps directly to CVE API endpoint parameters)
last_mod_start_date
- (optional) string attribute, ISO8601-serialized datetimelast_mod_end_data
- (optional) string attribute, ISO8601-serialized datetimepub_start_date
- (optional) string attribute, ISO8601-serialized datetimepub_end_date
- (optional) string attribute, ISO8601-serialized datetimecpe_name
- (optional) string attributecve_id
- (optional) string attributecvss_v3_metrics
- (optional) string attributecvss_v3_severity
- (optional) string attribute, that supports only the valuesLOW
,MEDIUM
,HIGH
, andCRITICAL
.cwe_id
- (optional) string attributekeyword_search
- (optional) string attributevirtual_match_string
- (optional) string attributesource_identifier
- (optional) string attributehas_cert_alerts
- (optional) bool attributehas_kev
- (optional) bool attributehas_cert_notes
- (optional) bool attributeis_vulnerable
- (optional) bool attributekeyword_exact_match
- (optional) bool attributeno_rejected
- (optional) bool attributestartIndex
/resultsPerPage
internally to fetch a required number of CVEs. Iflimit
size is smaller than max value forresultsPerPage
(2000, the data can be fetches without pagination.The plugin should return a list of CVEs -
response["vulnerabilities"]
arrayAdditional Information
lastModStartDate
andlastModEndDate
/pubStartDate
andpubEndDate
values have a length constraint: "the maximum allowable range when using any date range parameters is 120 consecutive days". See the docs for more details.