{"id":21624,"library":"nvdlib","title":"nvdlib","description":"A Python library for the National Vulnerability Database (NVD) CPE/CVE API. Provides easy search and retrieval of CVEs, CPEs, and CPE match strings with support for pagination and generators. Current version 0.8.3, requires Python >=3.11.0. Maintained actively with monthly releases.","status":"active","version":"0.8.3","language":"python","source_language":"en","source_url":"https://github.com/Vehemont/nvdlib/","tags":["nvd","cve","cpe","vulnerability","api","security"],"install":[{"cmd":"pip install nvdlib","lang":"bash","label":"Install from PyPI"}],"dependencies":[{"reason":"HTTP requests to NVD API","package":"requests","optional":false}],"imports":[{"note":"Common mistake: trying direct import of functions; they are only available after 'import nvdlib'","wrong":"from nvdlib import searchCVE","symbol":"nvdlib","correct":"import nvdlib"}],"quickstart":{"code":"import nvdlib\nimport os\n\n# Use environment variable for API key ( optional but recommended)\napi_key = os.environ.get('NVD_API_KEY', '')\n\n# Search for CVEs with keyword\ncves = list(nvdlib.searchCVE(keyword='openssl', key=api_key, delay=0.6))\nfor cve in cves[:2]:\n    print(cve.id, cve.score, cve.title)\n","lang":"python","description":"Basic usage to search for CVEs by keyword and print ID, score, and title."},"warnings":[{"fix":"Always pass a 'delay' parameter (e.g., delay=0.6) and consider using an API key via 'key' parameter.","message":"The NVD API has rate limits (5 requests per 30 seconds without API key, 50 per 30 seconds with key). Set 'delay' parameter to at least 0.6 (no key) or 0.03 (with key) seconds between requests to avoid 403 errors.","severity":"gotcha","affected_versions":">=0.7.0"},{"fix":"Upgrade code to not depend on URL parameter presence for boolean flags; they are now handled internally.","message":"In v0.8.0, boolean parameters 'hasKev', 'hasOval', 'hasCertAlerts', 'hasCertNotes', 'keywordExactMatch' are no longer passed in the URL as 'True'/'False' strings. If you relied on their presence in the URL, behavior changed.","severity":"breaking","affected_versions":">=0.8.0"},{"fix":"Use timezone-aware datetime objects (e.g., from datetime import timezone, datetime; dt = datetime.now(timezone.utc)).","message":"When using datetime objects for 'pubStartDate' or 'pubEndDate', ensure timezone is set. The library replaces '+' with '%2B', but incorrect timezone strings can cause 404 errors.","severity":"gotcha","affected_versions":">=0.7.3"},{"fix":"For reliable iteration, collect into list (list(searchCVE_V2(...))) or implement custom retry logic.","message":"The generator functions searchCVE_V2 and searchCPE_V2 yield results as they fetch pages, but they do not retry on rate limit errors; a single 403 will break the generator.","severity":"gotcha","affected_versions":">=0.7.4"}],"env_vars":null,"last_verified":"2026-04-27T00:00:00.000Z","next_check":"2026-07-26T00:00:00.000Z","problems":[{"fix":"Use 'import nvdlib' then call nvdlib.searchCVE(...)","cause":"Trying to import searchCVE directly instead of importing the module.","error":"ImportError: cannot import name 'searchCVE' from 'nvdlib'"},{"fix":"Provide a valid API key via the 'key' parameter or set NVD_API_KEY environment variable.","cause":"Invalid or missing API key when trying to access API v2.1 endpoints that require key.","error":"nvdlib.error.AuthenticationError: (401) Unauthorized"},{"fix":"Check for None before accessing nested attributes (e.g., if cve.description: ...)","cause":"Some CVE objects may have missing fields (e.g., 'metrics' or 'descriptions') depending on NVD API response.","error":"TypeError: 'NoneType' object is not subscriptable' when accessing CVE attributes"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}