Open mhdawson opened 3 days ago
I received this from @.**@.> on July 2, 2024:
"...We are aware of availability issues with the NVD API Endpoints and are working to resolve them..."
From: Michael Dawson @.> Sent: Friday, July 5, 2024 9:38 AM To: vehemont/nvdlib @.> Cc: Subscribed @.***> Subject: [vehemont/nvdlib] nvd endpoint down? (Issue #45)
The automation we have in the Node.js project has been reporting errors for the last week or so. I updated to the latest version of nvdlib but still see the issue.
From the errors it looks like an issue on the server side:
Traceback (most recent call last):
File "/home/runner/work/nodejs-dependency-vuln-assessments/nodejs-dependency-vuln-assessments/dep_checker/main.py", line 261, in
exit(main())
File "/home/runner/work/nodejs-dependency-vuln-assessments/nodejs-dependency-vuln-assessments/dep_checker/main.py", line 236, in main
nvd_vulnerabilities: list[Vulnerability] = query_nvd(
File "/home/runner/work/nodejs-dependency-vuln-assessments/nodejs-dependency-vuln-assessments/dep_checker/main.py", line 155, in query_nvd
for cve in searchCVE(
File "/opt/hostedtoolcache/Python/3.9.19/x64/lib/python3.9/site-packages/nvdlib/cve.py", line 161, in searchCVE
raw = __get('cve', headers, parameters, limit, verbose, delay)
File "/opt/hostedtoolcache/Python/3.9.19/x64/lib/python3.9/site-packages/nvdlib/get.py", line 27, in __get
raw.raise_for_status()
File "/opt/hostedtoolcache/Python/3.9.19/x64/lib/python3.9/site-packages/requests/models.py", line 1024, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 503 Server Error: Service Unavailable for url: https://services.nvd.nist.gov/rest/json/cves/2.0?virtualMatchString=cpe%3A2.3%3Aa%3Aada-url%3Aada%3A2.7.8%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A%3A%2A
Error: Process completed with exit code 1.
Are other people having the same issue?
- Reply to this email directly, view it on GitHubhttps://github.com/vehemont/nvdlib/issues/45, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ACCWEOIN5OXRYPYC7NXOAUTZK2OSZAVCNFSM6AAAAABKNHIDLGVHI2DSMVQWIX3LMV43ASLTON2WKOZSGM4TENRSHEZTMNY. You are receiving this because you are subscribed to this thread.Message ID: @.**@.>>
Yeah it looks like the NVD API is having issues at the moment. They pushed some additional features on July 2nd to the API which may have broke some stuff. We can only sit tight and wait until NVD resolves the issue. If you are unsure of the status of the issue, you can email the NVD at nvd@nist.gov. I will leave this issue open so users are aware of the on-going problem, and will close it once we can confirm it is resolved.
I got a timeout on a simple search, so it seems to be a 503 error, or timeout. Not sure what other results we could be observing.
>>> r = nvdlib.searchCVE(keywordSearch="Microsoft")
Traceback (most recent call last):
File "C:\Users\***\AppData\Roaming\Python\Python312\site-packages\urllib3\connectionpool.py", line 537, in _make_request
response = conn.getresponse()
^^^^^^^^^^^^^^^^^^
File "C:\Users\***\AppData\Roaming\Python\Python312\site-packages\urllib3\connection.py", line 461, in getresponse
httplib_response = super().getresponse()
^^^^^^^^^^^^^^^^^^^^^
File "C:\Program Files\Python312\Lib\http\client.py", line 1411, in getresponse
response.begin()
File "C:\Program Files\Python312\Lib\http\client.py", line 324, in begin
version, status, reason = self._read_status()
^^^^^^^^^^^^^^^^^^^
File "C:\Program Files\Python312\Lib\http\client.py", line 285, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Program Files\Python312\Lib\socket.py", line 707, in readinto
return self._sock.recv_into(b)
^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Program Files\Python312\Lib\ssl.py", line 1249, in recv_into
return self.read(nbytes, buffer)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Program Files\Python312\Lib\ssl.py", line 1105, in read
return self._sslobj.read(len, buffer)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TimeoutError: The read operation timed out```
Now I'm consistently getting a JSON decode error - the error occurs at a different location in the download from session to session.
Here is an example:
https://services.nvd.nist.gov/rest/json/cves/2.0?cvssV3Severity=MEDIUM&pubStartDate=2023-07-13T14:11:36.755588&pubEndDate=2023-11-10T14:11:36.755588&resultsPerPage=2000&startIndex=2000 Traceback (most recent call last): File "/home/johnf/.local/lib/python3.10/site-packages/requests/models.py", line 974, in json return complexjson.loads(self.text, **kwargs) File "/usr/lib/python3/dist-packages/simplejson/init.py", line 525, in loads return _default_decoder.decode(s) File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 370, in decode obj, end = self.raw_decode(s) File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 400, in raw_decode return self.scan_once(s, idx=_w(s, idx).end()) simplejson.errors.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/johnf/Scripts/./acquire-reform.py", line 613, in
Nothing has changed on my end. Prior to July, I was able to successfully download data without errors. I've reached out to nvd.nist.gov
The automation we have in the Node.js project has been reporting errors for the last week or so. I updated to the latest version of nvdlib but still see the issue.
From the errors it looks like an issue on the server side:
Are other people having the same issue?