Skip to content

Latest commit

 

History

History
50 lines (34 loc) · 2.6 KB

README.md

File metadata and controls

50 lines (34 loc) · 2.6 KB

CVE Statistics Extractor

This is a basic script to extract statistics about CVE's.

CVE's are used to report and rate vulnerabilities.


Usage

  1. Download the CVE data in JSON format: cve.org, Archive
  2. Extract the data to the same directory as the script (cvelistV5-main should be on the same level)
  3. Run the script: python3 cve_statistics.py
  4. Use the JSON export: cve_statistics.json

Example

See: example.json (after enabling SHRINK)

python3 cve_statistics.py
> ...
> 2015 | Published: 147 | Scored: 147 | Severity: {'low': 65, 'med': 79, 'high': 2, 'crit': 0, 'dis': 1} | %-Scored: 100.0 | Avg score: 4.9
> 2016 | Published: 205 | Scored: 202 | Severity: {'low': 50, 'med': 82, 'high': 58, 'crit': 1, 'dis': 11} | %-Scored: 98.54 | Avg score: 6.26
> 2017 | Published: 1027 | Scored: 1022 | Severity: {'low': 189, 'med': 364, 'high': 399, 'crit': 18, 'dis': 52} | %-Scored: 99.51 | Avg score: 6.79
> 2018 | Published: 1597 | Scored: 1589 | Severity: {'low': 283, 'med': 761, 'high': 429, 'crit': 51, 'dis': 65} | %-Scored: 99.5 | Avg score: 6.54
> 2019 | Published: 2636 | Scored: 2552 | Severity: {'low': 456, 'med': 1219, 'high': 717, 'crit': 50, 'dis': 110} | %-Scored: 96.81 | Avg score: 6.56
> 2020 | Published: 5794 | Scored: 5307 | Severity: {'low': 1046, 'med': 2223, 'high': 1481, 'crit': 186, 'dis': 371} | %-Scored: 91.59 | Avg score: 6.65
> 2021 | Published: 9341 | Scored: 8202 | Severity: {'low': 1654, 'med': 3098, 'high': 2741, 'crit': 268, 'dis': 442} | %-Scored: 87.81 | Avg score: 6.66
> 2022 | Published: 11181 | Scored: 9454 | Severity: {'low': 1926, 'med': 3984, 'high': 2688, 'crit': 338, 'dis': 518} | %-Scored: 84.55 | Avg score: 6.55
> 2023 | Published: 17279 | Scored: 13886 | Severity: {'low': 2669, 'med': 6861, 'high': 3101, 'crit': 399, 'dis': 860} | %-Scored: 80.36 | Avg score: 6.48
> 2024 | Published: 9631 | Scored: 8422 | Severity: {'low': 1593, 'med': 4564, 'high': 1644, 'crit': 236, 'dis': 385} | %-Scored: 87.45 | Avg score: 6.4

Note: Some CVE's are filtered

  • CVE's that are not of the state PUBLISHED
  • CVE's without a score

If you need a small export for some charts - set SHRINK = True! Size difference: 1.2MB => 4KB


Customize

If you want to customize the script, you should look into the CVE data schema.

Common use-cases could be to search/filter for vulnerabilities of a single product (MS Windows, MS Exchange, ...)