CVE Tools

A set of tools useful when dealing with lists of vulnerability CVE IDs, such
as those obtained from scans or dependency checks.

Installation

``
npm install cve-tools
`

Create CSV Files From Content Containing CVE IDs

There are several ways to use content, text files or strings, containing CVE
IDs such as CVE-2015-0001, to generate a useful CSV file with a summary and
CVSS score for the listed vulnerabilities.

`
cd path/to/cve-tools

From a file.

bin/create-cve-csv -f path/to/file > cves.csv

From a file via pipe.

cat path/to/file | bin/create-cve-csv > cves.csv

Directly.

bin/create-cve-csv "CVE-2015-0001 blah blah CVE-2015-0002, etc." > cves.csv

Directly via pipe.

echo "CVE-2015-0001 blah blah CVE-2015-0002, etc." \
| bin/create-cve-csv > cves.csv
``

The output has the following format:

| CVE ID | CSVV | URL | Summary |
| ------ | ---- | --- | ------- |
| CVE-2015-0001 | 7.5 | https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0001 | A helpful summary. |
| CVE-2015-0002 | 5.0 | https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0002 | A helpful summary. |
| etc... | | | |

$3

Expect this to take a few moments to chew through the necessary data, especially
if having to check CVEs from multiple different years.