├── .gitmodules
├── LICENSE
├── README.md
├── SECURITY.md
├── fetch-cve-data.sh
└── update-cve-data.sh


/.gitmodules:
--------------------------------------------------------------------------------
1 | [submodule "cvelistV5"]
2 | 	path = cve-data/mitre
3 | 	url = git://github.com/CVEProject/cvelistV5.git
4 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2025 MITRE-Cyber-Security-CVE-Database
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # MITRE-Cyber-Security-CVE-Database
  2 | 
  3 | The **MITRE-Cyber-Security-CVE-Database** is a cybersecurity initiative by Enterprises, dedicated to providing a comprehensive, open-source platform for managing and tracking Common Vulnerabilities and Exposures (CVEs). This repository, `mitre-cve-database`, aggregates CVE data from multiple authoritative sources to support cybersecurity professionals, researchers, and organizations.
  4 | 
  5 | *An Enterprises Initiative • Established 2025*
  6 | 
  7 | ---
  8 | 
  9 | ## Overview
 10 | 
 11 | The `mitre-cve-database` repository consolidates CVE data from various trusted sources, including MITRE, the National Vulnerability Database (NVD), CISA’s Known Exploited Vulnerabilities (KEV) catalog, CVEDetails, and Tenable. Our goal is to provide a centralized, accessible platform for vulnerability management and foster community collaboration.
 12 | 
 13 | ### Key Features
 14 | 
 15 | - **Multi-Source CVE Data**: Aggregates CVE records from MITRE, NVD, CISA, CVEDetails, and Tenable.
 16 | - **Community-Driven**: Open for contributions of tools, scripts, and documentation to enhance usability.
 17 | - **Automated Updates**: Includes a script to keep CVE data in sync with the latest from all sources.
 18 | 
 19 | ### Data Sources
 20 | 
 21 | - **MITRE CVE Database**:
 22 | 
 23 |   - Source: https://cve.mitre.org (mirrored via https://github.com/CVEProject/cvelistV5)
 24 |   - Total Records: Over 275,000 CVE entries (as of June 2024)
 25 |   - Directory: `cve-data/mitre/`
 26 | 
 27 | - **National Vulnerability Database (NVD)**:
 28 | 
 29 |   - Source: https://nvd.nist.gov
 30 |   - Description: Enriched CVE data with CVSS scores and CPE applicability
 31 |   - Directory: `cve-data/nvd/`
 32 | 
 33 | - **CISA Known Exploited Vulnerabilities (KEV) Catalog**:
 34 | 
 35 |   - Source: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
 36 |   - Description: A subset of CVEs known to be exploited in the wild
 37 |   - Directory: `cve-data/cisa-kev/`
 38 | 
 39 | - **CVEDetails**:
 40 | 
 41 |   - Source: https://www.cvedetails.com
 42 |   - Description: Recent CVEs with additional details like exploits and trends
 43 |   - Directory: `cve-data/cvedetails/`
 44 | 
 45 | - **Tenable CVE List**:
 46 | 
 47 |   - Source: https://www.tenable.com/cve
 48 |   - Description: A sample of recent CVEs (full list requires API access)
 49 |   - Directory: `cve-data/tenable/`
 50 | 
 51 | ---
 52 | 
 53 | ## Governance
 54 | 
 55 | The MITRE-Cyber-Security-CVE-Database initiative is governed by Enterprises, with a commitment to transparency, collaboration, and adherence to industry standards. We operate under the following principles:
 56 | 
 57 | - **Data Integrity**: CVE data is mirrored without modification, in compliance with each source’s terms of use.
 58 | - **Open Access**: All data and tools in this repository are publicly accessible under open-source licenses.
 59 | - **Community Engagement**: We encourage contributions and discussions to improve the platform.
 60 | 
 61 | For more details, see our Governance Policy (coming soon).
 62 | 
 63 | ---
 64 | 
 65 | ## Getting Started
 66 | 
 67 | Follow these steps to set up and use the CVE data in this repository:
 68 | 
 69 | ### 1. Clone the Repository
 70 | 
 71 | Clone this repository to your local machine to access the CVE data:
 72 | 
 73 | ```bash
 74 | git clone https://github.com/MITRE-Cyber-Security-CVE-Database/mitre-cve-database.git
 75 | cd mitre-cve-database
 76 | ```
 77 | 
 78 | ### 2. Fetch CVE Data
 79 | 
 80 | Use the provided script to fetch or update CVE data from all sources:
 81 | 
 82 | ```bash
 83 | chmod +x fetch-cve-data.sh
 84 | ./fetch-cve-data.sh
 85 | ```
 86 | 
 87 | ### 3. Explore the Data
 88 | 
 89 | The CVE data is stored in the `cve-data` directory, organized by source. For example:
 90 | 
 91 | - `cve-data/mitre/2024/CVE-2024-12345.json` (MITRE CVE data)
 92 | - `cve-data/nvd/nvdcve-2025.json` (NVD CVE data for 2025)
 93 | 
 94 | ---
 95 | 
 96 | ## Usage Examples
 97 | 
 98 | Here are some practical ways to use the CVE data in this repository:
 99 | 
100 | ### Search for a Specific CVE in MITRE Data
101 | 
102 | Use `grep` to find a specific CVE by ID in the MITRE data:
103 | 
104 | ```bash
105 | grep -r "CVE-2024-12345" cve-data/mitre/
106 | ```
107 | 
108 | ### Parse NVD CVE Data with Python
109 | 
110 | Use Python to parse and analyze NVD CVE JSON files:
111 | 
112 | ```python
113 | import json
114 | 
115 | # Load NVD CVE data for 2025
116 | with open("cve-data/nvd/nvdcve-2025.json", "r") as f:
117 |     nvd_data = json.load(f)
118 | 
119 | # Example: Print CVE IDs and CVSS scores
120 | for item in nvd_data["CVE_Items"][:5]:  # Limit to first 5 for demonstration
121 |     cve_id = item["cve"]["CVE_data_meta"]["ID"]
122 |     cvss_score = item.get("impact", {}).get("baseMetricV3", {}).get("cvssV3", {}).get("baseScore", "N/A")
123 |     print(f"CVE ID: {cve_id}, CVSS Score: {cvss_score}")
124 | ```
125 | 
126 | ### Automate Updates with GitHub Actions
127 | 
128 | Set up a GitHub Action to run the `fetch-cve-data.sh` script daily:
129 | 
130 | ```yaml
131 | name: Fetch CVE Data
132 | on:
133 |   schedule:
134 |     - cron: '0 0 * * *'  # Runs daily at midnight UTC
135 |   workflow_dispatch:     # Allows you to run this workflow manually from the Actions tab
136 | jobs:
137 |   fetch-cve-data:
138 |     runs-on: ubuntu-latest
139 |     steps:
140 |     - uses: actions/checkout@v3
141 |     - name: Install Dependencies
142 |       run: sudo apt-get update && sudo apt-get install -y jq
143 |     - name: Run Fetch Script
144 |       run: |
145 |         git config --local user.email "action@github.com"
146 |         git config --local user.name "GitHub Action"
147 |         chmod +x fetch-cve-data.sh
148 |         ./fetch-cve-data.sh
149 |     - name: Commit Changes
150 |       run: |
151 |         git commit -a -m "Automated CVE data fetch" || echo "No changes to commit"
152 |         git push
153 | ```
154 | 
155 | ---
156 | 
157 | ## Repository Structure
158 | 
159 | - **cve-data/**: Contains CVE data from multiple sources, organized by provider.
160 |   - `mitre/`: MITRE CVE data from `CVEProject/cvelistV5`.
161 |   - `nvd/`: NVD CVE data in JSON format.
162 |   - `cisa-kev/`: CISA KEV catalog in JSON format.
163 |   - `cvedetails/`: Recent CVEs from CVEDetails in JSON format.
164 |   - `tenable/`: Sample of recent CVEs from Tenable in text format.
165 | - **/*.sh**: Utility scripts, including `fetch-cve-data.sh` for syncing CVE data.
166 | - **docs/**: Documentation for using and contributing to this repository (coming soon).
167 | 
168 | ### Related Repositories
169 | 
170 | - **mitre-cve-database** (Current Repository)\
171 |   Core repository for CVE data.\
172 |   Explore the database
173 | - **cve-services**\
174 |   APIs and tools for interacting with the CVE database.\
175 |   *Coming soon!*
176 | - **cve-discussions**\
177 |   A space for community discussions on vulnerabilities.\
178 |   *Coming soon!*
179 | 
180 | ---
181 | 
182 | ## Enterprise Features
183 | 
184 | - **SAML Single Sign-On**\
185 |   Secure access for enterprise teams (coming soon).
186 | - **Automated Dependency Updates**\
187 |   Keep your codebase secure with automatic updates (coming soon).
188 | 
189 | ---
190 | 
191 | ## Contributing
192 | 
193 | We welcome contributions to enhance this repository! While the CVE data itself must remain unchanged (per the sources’ terms), you can contribute by:
194 | 
195 | - Developing tools or scripts to analyze CVE data.
196 | - Improving documentation or adding usage tutorials.
197 | - Submitting pull requests with your enhancements.
198 | 
199 | Please review our Contributing Guidelines (coming soon) before submitting contributions.
200 | 
201 | ---
202 | 
203 | ## License and Attribution
204 | 
205 | The CVE data in this repository is provided under the terms of use of each respective source:
206 | 
207 | - MITRE CVE data: https://cve.mitre.org/about/termsofuse.html
208 | - NVD data: Public domain (U.S. government data)
209 | - CISA KEV data: Public domain (U.S. government data)
210 | - CVEDetails and Tenable data: Used under fair use for non-commercial purposes; refer to their respective terms.
211 | 
212 | Any additional scripts, documentation, or tools added to this repository are licensed under the MIT License. See the LICENSE file for details.
213 | 
214 | ---
215 | 
216 | *© 2025 MITRE-Cyber-Security-CVE-Database, Enterprises. All rights reserved.*
217 | 


--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
 1 | # Security Policy
 2 | 
 3 | ## Supported Versions
 4 | 
 5 | Use this section to tell people about which versions of your project are
 6 | currently being supported with security updates.
 7 | 
 8 | | Version | Supported          |
 9 | | ------- | ------------------ |
10 | | 5.1.x   | :white_check_mark: |
11 | | 5.0.x   | :x:                |
12 | | 4.0.x   | :white_check_mark: |
13 | | < 4.0   | :x:                |
14 | 
15 | ## Reporting a Vulnerability
16 | 
17 | Use this section to tell people how to report a vulnerability.
18 | 
19 | Tell them where to go, how often they can expect to get an update on a
20 | reported vulnerability, what to expect if the vulnerability is accepted or
21 | declined, etc.
22 | 


--------------------------------------------------------------------------------
/fetch-cve-data.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Script to fetch CVE data from multiple sources and organize it into the repository
 4 | # Purpose: Downloads or updates CVE data from MITRE, NVD, CISA, CVEDetails, and Tenable
 5 | # Usage: Run ./fetch-cve-data.sh from the repository root
 6 | # Requirements: Git, curl, and jq must be installed and configured
 7 | 
 8 | # Exit on any error
 9 | set -e
10 | 
11 | # Check for required tools
12 | for tool in git curl jq; do
13 |     if ! command -v "$tool" &> /dev/null; then
14 |         echo "Error: $tool is not installed. Please install $tool and try again."
15 |         exit 1
16 |     fi
17 | done
18 | 
19 | # Base directory for CVE data
20 | BASE_DIR="cve-data"
21 | 
22 | # Create base directory if it doesn't exist
23 | mkdir -p "$BASE_DIR"
24 | 
25 | # Function to log the last update time
26 | log_update_time() {
27 |     local dir="$1"
28 |     echo "Last updated: $(date)" > "$dir/last-updated.txt"
29 | }
30 | 
31 | # 1. Fetch MITRE CVE Data (already mirrored via GitHub)
32 | MITRE_DIR="$BASE_DIR/mitre"
33 | MITRE_REPO="https://github.com/CVEProject/cvelistV5.git"
34 | if [ -d "$MITRE_DIR" ]; then
35 |     echo "Updating MITRE CVE data in $MITRE_DIR..."
36 |     cd "$MITRE_DIR"
37 |     git pull origin main || { echo "Error: Failed to update MITRE CVE data."; exit 1; }
38 |     cd ../..
39 | else
40 |     echo "Cloning MITRE CVE data from $MITRE_REPO into $MITRE_DIR..."
41 |     git clone "$MITRE_REPO" "$MITRE_DIR" || { echo "Error: Failed to clone MITRE CVE data."; exit 1; }
42 | fi
43 | log_update_time "$MITRE_DIR"
44 | 
45 | # 2. Fetch NVD CVE Data (using NVD 2.0 API data feed)
46 | NVD_DIR="$BASE_DIR/nvd"
47 | mkdir -p "$NVD_DIR"
48 | echo "Fetching NVD CVE data into $NVD_DIR..."
49 | # NVD provides yearly JSON feeds; we'll fetch the most recent year (2025) as an example
50 | NVD_URL="https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-2025.json.gz"
51 | curl -s -o "$NVD_DIR/nvdcve-2025.json.gz" "$NVD_URL" || { echo "Error: Failed to download NVD CVE data."; exit 1; }
52 | gunzip -f "$NVD_DIR/nvdcve-2025.json.gz" || { echo "Error: Failed to unzip NVD CVE data."; exit 1; }
53 | log_update_time "$NVD_DIR"
54 | 
55 | # 3. Fetch CISA KEV Catalog
56 | CISA_DIR="$BASE_DIR/cisa-kev"
57 | mkdir -p "$CISA_DIR"
58 | echo "Fetching CISA KEV catalog into $CISA_DIR..."
59 | CISA_URL="https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
60 | curl -s -o "$CISA_DIR/known_exploited_vulnerabilities.json" "$CISA_URL" || { echo "Error: Failed to download CISA KEV data."; exit 1; }
61 | log_update_time "$CISA_DIR"
62 | 
63 | # 4. Fetch CVEDetails Data (example: recent CVEs via RSS feed)
64 | CVEDETAILS_DIR="$BASE_DIR/cvedetails"
65 | mkdir -p "$CVEDETAILS_DIR"
66 | echo "Fetching CVEDetails recent CVEs into $CVEDETAILS_DIR..."
67 | CVEDETAILS_URL="https://www.cvedetails.com/vulnerability-feed.php?format=json&days=30"
68 | curl -s -o "$CVEDETAILS_DIR/recent-cves.json" "$CVEDETAILS_URL" || { echo "Error: Failed to download CVEDetails CVE data."; exit 1; }
69 | log_update_time "$CVEDETAILS_DIR"
70 | 
71 | # 5. Fetch Tenable CVE Data (example: scrape recent CVEs; note: Tenable's full list requires API access)
72 | TENABLE_DIR="$BASE_DIR/tenable"
73 | mkdir -p "$TENABLE_DIR"
74 | echo "Fetching Tenable CVE data into $TENABLE_DIR..."
75 | # Since Tenable's full CVE list requires API access, we'll fetch a sample of recent CVEs from their blog or public page
76 | # This is a placeholder; you may need to use Tenable's API with credentials for full access
77 | TENABLE_URL="https://www.tenable.com/cve/feed"
78 | curl -s "$TENABLE_URL" | grep -o 'CVE-[0-9]\{4\}-[0-9]\+' | head -n 50 > "$TENABLE_DIR/recent-cves.txt" || { echo "Error: Failed to fetch Tenable CVE data."; exit 1; }
79 | log_update_time "$TENABLE_DIR"
80 | 
81 | # Add and commit the changes to your repository
82 | git add "$BASE_DIR"
83 | git commit -m "Update CVE data from multiple sources - $(date)" || echo "No changes to commit."
84 | echo "CVE data fetched successfully. Run 'git push' to upload the changes to your repository."


--------------------------------------------------------------------------------
/update-cve-data.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Script to synchronize MITRE CVE data with this repository
 4 | # Purpose: Clones or updates CVE data from the official MITRE CVE repository into the local cve-data directory
 5 | # Usage: Run ./update-cve-data.sh from the repository root
 6 | # Requirements: Git must be installed and configured
 7 | 
 8 | # Exit on any error
 9 | set -e
10 | 
11 | # Directory where CVE data will be stored
12 | CVE_DIR="cve-data"
13 | 
14 | # Official MITRE CVE repository URL
15 | CVE_REPO="https://github.com/CVEProject/cvelistV5.git"
16 | 
17 | # Check if Git is installed
18 | if ! command -v git &> /dev/null; then
19 |     echo "Error: Git is not installed. Please install Git and try again."
20 |     exit 1
21 | fi
22 | 
23 | # Check if the cve-data directory exists
24 | if [ -d "$CVE_DIR" ]; then
25 |     echo "Updating existing CVE data in $CVE_DIR..."
26 |     cd "$CVE_DIR"
27 |     git pull origin main || { echo "Error: Failed to update CVE data."; exit 1; }
28 |     cd ..
29 | else
30 |     echo "Cloning CVE data from $CVE_REPO into $CVE_DIR..."
31 |     git clone "$CVE_REPO" "$CVE_DIR" || { echo "Error: Failed to clone CVE data."; exit 1; }
32 | fi
33 | 
34 | # Record the last update time
35 | echo "Last updated: $(date)" > "$CVE_DIR/last-updated.txt"
36 | 
37 | # Add and commit the changes to your repository
38 | git add "$CVE_DIR"
39 | git commit -m "Update CVE data from CVEProject/cvelistV5 - $(date)" || echo "No changes to commit."
40 | echo "CVE data updated successfully. Run 'git push' to upload the changes to your repository."


--------------------------------------------------------------------------------