{"id":27107,"library":"lib4vex","title":"lib4vex","description":"VEX (Vulnerability Exploitability eXchange) generator and consumer library supporting CSAF, CycloneDX, and OpenVEX formats. Current version 0.2.3, requires Python >=3.7. The library allows creating, parsing, and validating VEX documents in multiple formats. Release cadence is irregular, with updates focused on bug fixes and format compatibility.","status":"active","version":"0.2.3","language":"python","source_language":"en","source_url":"https://github.com/anthonyharrison/lib4vex","tags":["vex","csaf","cyclonedx","openvex","vulnerability-exchange","sbom"],"install":[{"cmd":"pip install lib4vex","lang":"bash","label":"Install from PyPI"}],"dependencies":[],"imports":[{"note":"load is the main entry point for parsing VEX documents","symbol":"load","correct":"from lib4vex import load"},{"note":"generate function for creating VEX documents","symbol":"generate","correct":"from lib4vex import generate"}],"quickstart":{"code":"from lib4vex import load\nfrom lib4vex import generate\n\n# Create a VEX document (e.g., CSAF format)\nvex = generate('csaf')\nvex.author = 'me'\nvex.product = 'myapp'\nvex.version = '1.0.0'\n\n# Add a vulnerability\nvex.add_vulnerability(vulnerability_id='CVE-2024-12345', status='not_affected', impact_statement='Not applicable')\n\n# Output JSON\nprint(vex.json())\n\n# Load a VEX document from file\n# with open('vex.json', 'r') as f:\n#     loaded_vex = load(f.read())\n#     print(loaded_vex.format())","lang":"python","description":"Generate a CSAF VEX document and print JSON; loading example commented out."},"warnings":[{"fix":"Ensure version is an integer when generating OpenVEX documents.","message":"The version field in OpenVEX documents must be an integer, not a string. Prior to v0.2.3, using a string version would cause validation errors.","severity":"gotcha","affected_versions":"<0.2.3"},{"fix":"Upgrade to >=0.2.0 and use load() for auto-detection.","message":"Automatic detection of VEX document type was introduced in v0.2.0. Older versions required manual specification of format.","severity":"deprecated","affected_versions":"<0.2.0"},{"fix":"Ensure product names are fully qualified or upgrade to latest version.","message":"Partial product names (e.g., missing namespace) may cause parsing errors in SPDX documents. This was fixed in v0.2.1.","severity":"gotcha","affected_versions":"<0.2.1"},{"fix":"Refer to documentation for current method signatures; upgrade to latest version.","message":"The API for adding vulnerabilities changed between v0.1.0 and v0.2.0. Methods like add_vulnerability signature may differ.","severity":"breaking","affected_versions":"0.1.0 to 0.2.0"}],"env_vars":null,"last_verified":"2026-05-01T00:00:00.000Z","next_check":"2026-07-30T00:00:00.000Z","problems":[{"fix":"Upgrade lib4vex: pip install --upgrade lib4vex","cause":"Using an older version of lib4vex that does not have load function (added in v0.2.0).","error":"ImportError: cannot import name 'load' from 'lib4vex'"},{"fix":"Set vex.version = 1 (integer) instead of '1'.","cause":"In OpenVEX generation, version field was provided as a string but must be integer.","error":"TypeError: version must be an integer, not str"},{"fix":"Ensure the input is valid JSON and one of the supported formats: csaf, cyclonedx, openvex.","cause":"load() received a VEX document in an unsupported format or malformed content.","error":"ValueError: Unknown VEX format: ..."},{"fix":"Check the format argument is correct (e.g., 'csaf', 'cyclonedx', 'openvex').","cause":"generate() returned None because of invalid parameters or missing required arguments.","error":"AttributeError: 'NoneType' object has no attribute 'json'"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}