v0.7.9

Bugfixes

• Added missing CVSS 3.0 data for attackVector, attackComplexity, privilegesRequired, userInteraction, scope, confidentialityImpact, integrityImpact, and availabilityImpact as reported from #48
• Added basic CVSS 4.0 data: v40score, v40vector, and v40severity in CVEs for #52

Enhancements

• Implement logging and fix delay parameter type by @LinasVidziunas in #44
• Add type hinting to function definitions by @LachJones in #49
• Add suspected missing if/else case to classes.py by @LachJones in #50
• Increased minimum required Python version to 3.11 or later from Python 3.8.3. This opens up some cooler features and fixed a compatibility issue with LiteralString not being available until 3.11.

New Contributors

• @LinasVidziunas made their first contribution in #44
• @LachJones made their first contribution in #49

Full Changelog: v0.7.7...v0.7.9

v0.7.7

Bugfixes

• Fix cwe attr in CVE by @jobselko in #39

Enhancements

• Added CPE Match String API with nvdlib.searchCPEmatch, check out the documentation at https://nvdlib.com/en/latest/v2/CPEv2.html#cpe-match-criteria-api and more information can be found at the NVD API documentation page: https://nvd.nist.gov/developers/products

Thanks to @jobselko for submitting a PR to resolve the cwe bug.

Full Changelog: v0.7.6...v0.7.7

v0.7.6

Bugfixes

• Merged #35. Fixed a CPE search not pulling all CPE matches.

Enhancements

• Merged #34. Added additional vars for CVEs for easy accessability.
• Still working on #32 for supporting type hints, but some have been added.

Thanks to @akuster for submitting a PR for these changes, and @ammerzon for the type hint suggestion.

Full Changelog: v0.7.5...v0.7.6****

v0.7.5

Bugfixes

• Merged #30. Added a check if the getCVE generator hits 403 rate limit error, instead of breaking the entire generator. Delays twice as long to ensure another 403 isn't hit.

Give thanks to @ntnunk

Full Changelog: v0.7.4...v0.7.5

v0.7.4

Enhancements

• Merged #24. Added the new functions for searchCVE_V2 and searchCPE_V2. They have the same arguments as their respective counterparts (searchCVE and searchCPE), but are defined as a generator instead. Yields after each CVE conversion from the response. This is useful for systems with resource constraints.

@ntnunk single handedly pushed these features. Thank you.

Full Changelog: v0.7.3...v0.7.4

v0.7.3

Bugfixes

• Merged #22. When using a datetime object in parameters like pubEndDate, NVDLib will now replace the + character used to denote the time zone with %2B in the string of parameters, preventing a 404 error and following the NVD API documentation. Normally this is done automatically within requests, but NVDLib passes the parameters as a string rather than a dictionary natively within requests.

Enhancements

• Merged #23. Set the optional parameters in searchCVE and searchCPE to None instead of False. Helps out with linters and type assignment mismatches.

Big thanks to @ntnunk for submitting the PRs for these changes.

Full Changelog: v0.7.2...v0.7.3

v0.7.2

0.7.2 (2023-03-14)

Bugfixes

• Fixed parsing of CPEs names to allow special characters with CPE names to function correctly.
• Fixed PyTest data, tests are passing now.

Enhancements

• Added newer parameters to nvdlib.searchCVE().
  • noRejected - Filter out CVEs that have a status of rejected.
  • versionEnd / versionEndType / versionStart / versionStartType - Used with virtualMatchString to provide filters based on versions within CPE names

Full Changelog: v0.7.1...v0.7.2

v0.7.1

0.7.1 (2022-12-19)

Bugfixes

• Fixed the location of baseSeverity. The baseSeverity attribute had its location changed and caused lookups with a CVSS version 2 score to fail.

Full Changelog: v0.7.0...v0.7.1

v0.7.0

• Overhauled NVDLib to utilize the new version of the NVD API (version 2).
• nvdlib.getCVE() no longer exists and is now combined into nvdlib.searchCVE() using the cvdId parameter.
• nvdlib.searchCPE() no longer has the cves parameter to pass CVEs.
• New parameters for nvdlib.searchCVE()
• For a full list of changes, see https://nvdlib.com/docs/build/html/v1/changesv1.html

Happy Halloween! 🎃

v0.6.1

0.6.1 (2022-10-18)

Bugfixes

• Updated cve.py to utilize the correct parameter to allow sorting by exact match. The parameter is isExactMatch with a value of True. The argument used in searchCVE is still exactMatch with a value of True, NVDLib will now use the correct parameter when building the search query.

Full Changelog: https://github.com/vehemont/nvdlib/commits/v0.6.1