What is OpenCVE
OpenCVE is a platform used to locally import the list of CVEs and perform searches on it (by vendors, products, CVSS, CWE...).
Users subscribe to vendors or products, and OpenCVE alerts them when a new CVE is created or when an update is done in an existing CVE.
You can manually install OpenCVE, or use docker. We also provide a running instance on https://www.opencve.io if you don't want to host it yourself.
How it Works
OpenCVE uses the JSON feed provided by the NVD to update the local list of CVEs.
After an initial import, a background task is regularly executed to synchronize the local copy with the NVD feed. If a new CVE is added, or if a change is detected, the subscribers of the related vendors and products are alerted.
Info
Read the dedicated documentation to learn in details how OpenCVE works.
Requirements
OpenCVE works with Python >=3.6.
It uses the JSONB feature for performance, so you will need a PostgreSQL instance to store the data (CVE, Users, Vendors, Products, Subscriptions, ...). Other engines are not supported.
The pg_trgm module of PostgreSQL is required to let you search in the CVEs list. The upgrade-db command will enable it for you, but you can also do it yourself if you prefer (CREATE EXTENSION pg_trgm).
Celery is used to periodically fetch the NVD database and update the list of CVEs. For that you will need a broker: you can use the backend you want but we recommend you Redis for the ease of installation.
In any case OpenCVE requires a Redis instance to store a lock, if you choose this backend all the Celery requirements will be filled with one dependency.
During the import of initial data OpenCVE will download and parse huge files, like the CPE dictionnary. For that we recommend you 3.5G RAM at least.
Installation
We provide 2 methods to install OpenCVE :
The second method can be useful if you don't want to manage the dependencies (like PostgreSQL, Redis or Celery).
Check these documentations for the details of each step (initial import, admin creation, etc).