Skip to content

fixes #1391 - replacing old datasource to nist #1986

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Lissy93 merged 13 commits into from
Mar 10, 2026
+127 −103
Merged

fixes #1391 - replacing old datasource to nist #1986

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
2432663
fixes #1391 - replacing datasource to nist - https://nvd.nist.gov/dev…
ricardodemauro Feb 1, 2026
770db58
updating the docs
ricardodemauro Feb 1, 2026
37e85ae
fixing grammar
ricardodemauro Feb 1, 2026
4913dbb
removing mistaken commit file
ricardodemauro Feb 1, 2026
fe3550d
removing mistaken change
ricardodemauro Feb 1, 2026
1ce7aae
fixing suggestions
ricardodemauro Feb 1, 2026
0cb63d0
- updating docs to include - documentation of api
ricardodemauro Feb 1, 2026
53ab9e3
removing unecessary async
ricardodemauro Feb 1, 2026
a1acb77
adding parsing for different types of cvs metrics
ricardodemauro Feb 1, 2026
4dec9d8
fixing color pick and removing unused function
ricardodemauro Feb 1, 2026
b9ce363
🔀 Merge branch 'master' of github.com:lissy93/dashy into ricardodemau…
Lissy93 Mar 9, 2026
a674e21
🚨 Small lint fixes to cve widget
Lissy93 Mar 10, 2026
91de9fe
🔥 Removes temp code from conf
Lissy93 Mar 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
124 changes: 68 additions & 56 deletions src/components/Widgets/CveVulnerabilities.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,6 @@
<p class="title">{{ cve.id }}</p>
<span class="date">{{ cve.publishDate | formatDate }}</span>
<span class="last-updated">Last Updated: {{ cve.updateDate | formatDate }}</span>
<span :class="`exploit-count ${makeExploitColor(cve.numExploits)}`">
{{ cve.numExploits | formatExploitCount }}
</span>
</div>
</a>
<p class="cve-description">
Expand All @@ -33,6 +30,7 @@ export default {
data() {
return {
cveList: null,
total: 10,
};
},
filters: {
Expand All @@ -49,78 +47,92 @@ export default {
},
},
computed: {
/* Get sort order, defaults to publish date */
sortBy() {
const usersChoice = this.options.sortBy;
let sortCode;
switch (usersChoice) {
case ('publish-date'): sortCode = 1; break;
case ('last-update'): sortCode = 2; break;
case ('cve-code'): sortCode = 3; break;
default: sortCode = 1;
}
return `&orderby=${sortCode}`;
},
/* The minimum CVE score to fetch/ show, defaults to 4 */
minScore() {
const usersChoice = this.options.minScore;
let minScoreVal = 4;
if (usersChoice && (usersChoice >= 0 || usersChoice <= 10)) {
minScoreVal = usersChoice;
}
return `&cvssscoremin=${minScoreVal}`;
},
vendorId() {
return (this.options.vendorId) ? `&vendor_id=${this.options.vendorId}` : '';
},
productId() {
return (this.options.productId) ? `&product_id=${this.options.productId}` : '';
},
/* Should only show results with exploits, defaults to false */
hasExploit() {
const shouldShow = this.options.hasExploit ? 1 : 0;
return `&hasexp=${shouldShow}`;
},
/* The number of results to fetch/ show, defaults to 10 */
limit() {
const usersChoice = this.options.limit;
let numResults = 10;
if (usersChoice && (usersChoice >= 5 || usersChoice <= 30)) {
numResults = usersChoice;
}
return `&numrows=${numResults}`;
endpointTotal() {
let apiUrl = `${widgetApiEndpoints.cveVulnerabilities}?resultsPerPage=1&startIndex=1&noRejected`;
apiUrl = this.appendQuery(apiUrl, this.options, 'cveTag', 'cveTag');
apiUrl = this.appendQuery(apiUrl, this.options, 'cvssV2Severity', 'cvssV2Severity');
apiUrl = this.appendQuery(apiUrl, this.options, 'cvssV3Severity', 'cvssV3Severity');
apiUrl = this.appendQuery(apiUrl, this.options, 'cvssV4Severity', 'cvssV4Severity');
apiUrl = this.appendQuery(apiUrl, this.options, 'keywordSearch', 'keywordSearch');
apiUrl = this.appendQuery(apiUrl, this.options, 'sourceIdentifier', 'sourceIdentifier');

return apiUrl;
},
endpoint() {
return `${widgetApiEndpoints.cveVulnerabilities}?${this.sortBy}${this.limit}`
+ `${this.minScore}${this.vendorId}${this.productId}${this.hasExploit}`;
endpointPage() {
const page = this.total - (this.options.limit ?? 5);
let apiUrl = `${widgetApiEndpoints.cveVulnerabilities}`
+ `?resultsPerPage=${(this.options.limit ?? 5)}`
+ `&startIndex=${page}`
+ '&noRejected';

apiUrl = this.appendQuery(apiUrl, this.options, 'cveTag', 'cveTag');
apiUrl = this.appendQuery(apiUrl, this.options, 'cvssV2Severity', 'cvssV2Severity');
apiUrl = this.appendQuery(apiUrl, this.options, 'cvssV3Severity', 'cvssV3Severity');
apiUrl = this.appendQuery(apiUrl, this.options, 'cvssV4Severity', 'cvssV4Severity');
apiUrl = this.appendQuery(apiUrl, this.options, 'keywordSearch', 'keywordSearch');
apiUrl = this.appendQuery(apiUrl, this.options, 'sourceIdentifier', 'sourceIdentifier');

return apiUrl;
},
proxyReqEndpoint() {
const baseUrl = process.env.VUE_APP_DOMAIN || window.location.origin;
return `${baseUrl}${serviceEndpoints.corsProxy}`;
},
},
methods: {
appendQuery(url = '', opts = {}, property = '', paramUrl = '') {
const allowedKeys = [
'cveTag',
'cvssV2Severity',
'cvssV3Severity',
'cvssV4Severity',
'keywordSearch',
'sourceIdentifier',
];

if (allowedKeys.includes(property)) {
// eslint-disable-next-line no-prototype-builtins
if (opts.hasOwnProperty(property)) {
return `${url}&${paramUrl}=${opts[property]}`;
}
}

return url;
},

/* Make GET request to CoinGecko API endpoint */
fetchData() {
async fetchData() {
this.defaultTimeout = 12000;
this.makeRequest(this.endpoint).then(this.processData);
this.makeRequest(this.endpointTotal)
.then(sample => {
this.total = sample.totalResults;
this.makeRequest(this.endpointPage)
.then(this.processData);
});
},
/* Assign data variables to the returned data */
processData(data) {
const cveList = [];
data.forEach((cve) => {
data.vulnerabilities.forEach(({ cve = {} }) => {
cveList.push({
id: cve.cve_id,
score: cve.cvss_score,
url: cve.url,
description: cve.summary,
numExploits: cve.exploit_count,
publishDate: cve.publish_date,
updateDate: cve.update_date,
id: cve.id,
score: cve.metrics?.cvssMetricV2?.map(x => x.baseSeverity ?? 'UNSET') ?? 'UNSET',
url: `https://nvd.nist.gov/vuln/detail/${cve.id}`,
description: this.parseDescriptions(cve.descriptions),
publishDate: cve.published,
updateDate: cve.lastModified,
});
});
this.cveList = cveList;
},
parseDescriptions(cveDescriptions = []) {
for (let i = 0; i < cveDescriptions.length; i += 1) {
if (cveDescriptions[i].lang === 'en') {
return cveDescriptions[i].value;
}
}
return 'Unset';
},
makeExploitColor(numExploits) {
if (!numExploits || Number.isNaN(parseInt(numExploits, 10))) return 'fg-grey';
const count = parseInt(numExploits, 10);
Expand Down
2 changes: 1 addition & 1 deletion src/utils/defaults.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,7 @@ module.exports = {
covidStats: 'https://disease.sh/v3/covid-19',
cryptoPrices: 'https://api.coingecko.com/api/v3/coins/',
cryptoWatchList: 'https://api.coingecko.com/api/v3/coins/markets/',
cveVulnerabilities: 'https://www.cvedetails.com/json-feed.php',
cveVulnerabilities: 'https://services.nvd.nist.gov/rest/json/cves/2.0',
domainMonitor: 'https://api.whoapi.com',
ethGasPrices: 'https://ethgas.watch/api/gas',
ethGasHistory: 'https://ethgas.watch/api/gas/trend',
Expand Down
Loading