GitHub - PredestinedPrivacy/cvedaily-rss: CVE tagging and RSS feed generation scripts for cvedaily.com, MIT. · GitHub
/" data-turbo-transient="true" />
Skip to content
Search or jump to...
Search code, repositories, users, issues, pull requests...
-->
Search
Clear
Search syntax tips
Provide feedback
--><br>We read every piece of feedback, and take your input very seriously.
Include my email address so I can be contacted
Cancel
Submit feedback
Saved searches
Use saved searches to filter your results more quickly
-->
Name
Query
To see all available qualifiers, see our documentation.
Cancel
Create saved search
Sign in
/;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up
Appearance settings
Resetting focus
You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.
Dismiss alert
{{ message }}
This repository was archived by the owner on Jun 19, 2026. It is now read-only.
PredestinedPrivacy
cvedaily-rss
Public archive
Notifications<br>You must be signed in to change notification settings
Fork
Star
master
BranchesTags
Go to file
CodeOpen more actions menu
Folders and files<br>NameNameLast commit message<br>Last commit date<br>Latest commit
History<br>1 Commit<br>1 Commit
core
core
fetchers
fetchers
tag_core
tag_core
.gitignore
.gitignore
LICENSE
LICENSE
README.md
README.md
build_feeds.py
build_feeds.py
requirements.txt
requirements.txt
update.sh
update.sh
View all files
Repository files navigation
CVE Daily - self-host RSS edition
A trimmed-down version of the CVE Daily backend that does one thing: pull CVEs<br>from the NVD API, auto-tag them by product/vendor/weakness, and emit RSS feeds<br>you can point your reader at. No web framework, no database, no detail pages -<br>just static XML files you can host anywhere (or even read straight off disk).
This is the "bits and pieces" you asked for - the tagging engine plus the feed<br>generator. The tag dictionary is the same one the live site uses (~1100<br>patterns covering products, languages, CMSes, vendors and weakness classes).
What you get
fetchers/fetch_cves.py # downloads CVEs from NVD, tags each one<br>fetchers/fetch_cwe_dict.py # downloads the CWE name dictionary (optional, nicer labels)<br>build_feeds.py # turns the tagged data into RSS feeds<br>tag_core/ # the tagging engine (patterns, display names, vendors)<br>core/ # small helpers (risk labels, tag grouping)<br>update.sh # fetch + build, ready for cron<br>requirements.txt
Output (written to public/):
= 9.0<br>public/feed-tags/.xml # one feed per tag, e.g. feed-tags/log4j.xml">public/feed.xml # 100 latest CVEs<br>public/feed-new.xml # only CVEs published since the last run<br>public/feed-critical.xml # CVSS >= 9.0<br>public/feed-tags/.xml # one feed per tag, e.g. feed-tags/log4j.xml
The tag feeds are the whole point: subscribe to feed-tags/nginx.xml,<br>feed-tags/windows.xml, feed-tags/postgresql.xml etc. in your RSS reader and<br>you only see CVEs touching your stack.
Requirements
Python 3.9+
pip install -r requirements.txt (just requests, regex, python-dotenv)
Optional: a free NVD API key (https://nvd.nist.gov/developers/request-an-api-key)<br>to fetch faster and avoid rate limiting. Set it as NVD_API_KEY.
Quick start
/ only
# 3. Seed some data. Start small to test, then widen the window.<br>python fetchers/fetch_cves.py --incremental-days 7 # last 7 days<br># or a full backfill (slow without an API key):<br># python fetchers/fetch_cves.py --years 2024-2026<br># python fetchers/fetch_cves.py --years all
# 4. (optional) nicer CWE labels<br>python fetchers/fetch_cwe_dict.py
# 5. Build the feeds<br>python build_feeds.py
# 6. Look at the result<br>ls public/feed-tags/"># 1. Install dependencies<br>pip install -r requirements.txt
# 2. (optional) configure<br>export NVD_API_KEY=your_key_here<br>export SITE_TITLE="My CVE Feed"<br>export SITE_URL="https://cve.example.com" # used in / only
# 3. Seed some data. Start small to test, then widen the window.<br>python fetchers/fetch_cves.py --incremental-days 7 # last 7 days<br># or a full backfill (slow without an API key):<br># python fetchers/fetch_cves.py --years 2024-2026<br># python fetchers/fetch_cves.py --years all
# 4. (optional) nicer CWE labels<br>python fetchers/fetch_cwe_dict.py
# 5. Build the feeds<br>python build_feeds.py
# 6. Look at the result<br>ls public/feed-tags/
Windows note: if you see a UnicodeEncodeError about charmap, set<br>PYTHONIOENCODING=utf-8 before running (the NVD data and console output use<br>UTF-8). On Linux/macOS this is rarely needed.
Keeping it fresh
feed-new.xml is incremental: it remembers the last published timestamp (in<br>public/data/rss_state.json) and only lists CVEs newer than that. So a typical<br>cron entry that fetches the last day and rebuilds every hour:
> /var/log/cvedaily.log 2>&1"># crontab -e (runs hourly, at minute 7)<br>7 * * * * /path/to/cvedaily-selfhost/update.sh >> /var/log/cvedaily.log...