I change the code so that it can read oldest CVSS type 2.0, but always giving priority to 3.x
`def display_nvd_data(cve_data):
if (
cve_data
and "vulnerabilities" in cve_data
and len(cve_data["vulnerabilities"]) > 0
):
cve_item = cve_data["vulnerabilities"][0]["cve"]
published = cve_item.get("published", "")
if published:
published_date = datetime.datetime.fromisoformat(published)
published = published_date.strftime("%Y-%m-%d")
descriptions = cve_item.get("descriptions", [])
description = next(
(desc["value"] for desc in descriptions if desc["lang"] == "en"),
"No description available",
)
metrics = cve_item.get("metrics", {})
baseScore = baseSeverity = vectorString = "N/A"
# First try to get CVSS v3*
for key, value in metrics.items():
if key.startswith("cvssMetricV3"):
cvss_data = value[0].get("cvssData", {})
baseScore = cvss_data.get("baseScore", "N/A")
baseSeverity = cvss_data.get("baseSeverity", "N/A")
vectorString = cvss_data.get("vectorString", "N/A")
break # Stop at the first occurrence
# If CVSS v3* is not available, try to get CVSS v2
if baseScore == "N/A":
for key, value in metrics.items():
if key.startswith("cvssMetricV2"):
cvss_data = value[0].get("cvssData", {})
baseScore = cvss_data.get("baseScore", "N/A")
baseSeverity = cvss_data.get("baseSeverity", "N/A")
vectorString = cvss_data.get("vectorString", "N/A")
break # Stop at the first occurrence
label_width = max(
len("Description:"),
len("Published:"),
len("Base Score:"),
len("Base Severity:"),
len("Vector String:"),
)
description_label = "Description:".ljust(label_width)
published_label = "Published:".ljust(label_width)
base_score_label = "Base Score:".ljust(label_width)
base_severity_label = "Base Severity:".ljust(label_width)
vector_string_label = "Vector String:".ljust(label_width)
print(
f"\n{description_label} {description}\n"
f"{published_label} {published}\n"
f"{base_score_label} {baseScore}\n"
f"{base_severity_label} {baseSeverity}\n"
f"{vector_string_label} {vectorString}\n"
)
else:
print("\n❌ No NVD data found for this CVE ID.\n")`
I change the code so that it can read oldest CVSS type 2.0, but always giving priority to 3.x
`def display_nvd_data(cve_data): if ( cve_data and "vulnerabilities" in cve_data and len(cve_data["vulnerabilities"]) > 0 ): cve_item = cve_data["vulnerabilities"][0]["cve"] published = cve_item.get("published", "") if published: published_date = datetime.datetime.fromisoformat(published) published = published_date.strftime("%Y-%m-%d")