The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entities.
This client can be integrated into software such as
Vulnerability-Lookup
to provide core GCVE functionalities by adhering to the
Best Current Practices.
It can also be used as a standalone command-line tool.
Examples of usage
As a command line tool
First install the gcve client:
$ python -m pip install --user pipx
$ python -m pipx ensurepath
$ pipx install gcve
installed package gcve 0.6.0, installed using Python 3.13.0
These apps are now globally available
- gcve
done! ✨ 🌟 ✨
Pulling the registry locally
$ gcve registry --pull
Pulling from registry...
Downloaded updated https://gcve.eu/dist/key/public.pem to data/public.pem
Downloaded updated https://gcve.eu/dist/gcve.json.sigsha512 to data/gcve.json.sigsha512
Downloaded updated https://gcve.eu/dist/gcve.json to data/gcve.json
Integrity check passed successfully.
Retrieving a GNA
Note: This operation is case sensitive.
$ gcve registry --get CIRCL
{
"id": 1,
"short_name": "CIRCL",
"cpe_vendor_name": "circl",
"full_name": "Computer Incident Response Center Luxembourg",
"gcve_url": "https://vulnerability.circl.lu/",
"gcve_api": "https://vulnerability.circl.lu/api/",
"gcve_dump": "https://vulnerability.circl.lu/dumps/",
"gcve_allocation": "https://vulnerability.circl.lu/",
"gcve_sync_api": "https://vulnerability.circl.lu/"
}
$ gcve registry --get CIRCL | jq .id
1
Searching the Registry
Note: Search operations are case insensitive.
$ gcve registry --find cert
[
{
"id": 680,
"short_name": "DFN-CERT",
"full_name": "DFN-CERT Services GmbH",
"gcve_url": "https://adv-archiv.dfn-cert.de/"
}
]
More information in the Git repository.