CVE Vulnerability Database

This scanner will dowload CVE data from NIST and add it to your graph database.

The source of the data is here:

https://cve.mitre.org/cve/data_feeds.html

The command below will start the scanner locally:

docker run -it \
-e GRAPH_URL=bolt://host.docker.internal:7687 \
-e GRAPH_USERNAME=neo4j \
-e GRAPH_PASSWORD=graph \
soluble/cve-scanner

It will take a while to load all the data.

The scanner is reasonably smart and will not reload data that has not changed.

You can leave the scanner running and it will wake up once per hour and look for new CVE data to pull.

Query

CVE info is availble with the Cve label.

match (a:Cve) return a.cveId,a.description as description limit 10;

A subset of CVSS data is available for each CVE.