We are pleased to announce the release of pyvfeed v2.0, a major update to the Python command-line interface for the vFeed Vulnerability and Threat Intelligence database. This release brings significant new capabilities, a modernized CLI, and is now available for install on any platform via a single command:

pip install pyvfeed

pyvfeed queries the vFeed correlated vulnerability database and produces structured JSON output covering CVE metadata, CVSS 2/3/4 scoring, EPSS, CISA KEV, MITRE ATT&CK, advisories, exploits, patches, detection rules, and more.

What’s New in pyvfeed 2.0

CVSS 4.0 Support

All CVE outputs now include CVSS 4.0 scoring where available. Fields are included only when a cvss4_scores entry exists and silently omitted otherwise — no breaking changes to existing output.

For example, querying CVE-2021-44228 (Log4Shell — Apache Log4j2 Remote Code Execution):

pyvfeed --risk CVE-2021-44228
{
  "risk": {
    "cvss": {
      "cvss2": {
        "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
        "base_score": "9.3"
      },
      "cvss3": {
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "base_score": "10.0"
      }
    },
    "epss": {
      "probability": 0.94358,
      "percentile": 0.99964
    },
    "kev": {
      "id": "CISA:BOD 22-01",
      "parameters": {
        "date_added": "2021-12-10",
        "date_due": "2021-12-24",
        "name": "Apache Log4j2 Remote Code Execution Vulnerability",
        "vendor": "Apache",
        "product": "Log4j2"
      }
    }
  }
}

CVE Metadata Triage Flags

When a cve_metadata row exists, enriched triage fields are appended to all CVE outputs: vuln_statussource_identifierhas_exploitshas_kev_cisahas_patcheshas_advisory, and risk_score. These provide immediate at-a-glance prioritization signals.

pyvfeed --information CVE-2021-44228
{
  "information": {
    "description": [
      {
        "id": "CVE-2021-44228",
        "parameters": {
          "published": "2021-12-10T10:15Z",
          "summary": "Apache Log4j2 2.0-beta9 through 2.15.0 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints ...",
          "vuln_status": "Analyzed",
          "source_identifier": "security@apache.org",
          "has_exploits": true,
          "has_kev_cisa": true,
          "has_patches": true,
          "has_advisory": true,
          "risk_score": 0.438675
        }
      }
    ]
  }
}

New: --advisory Command

Retrieve the top vendor and third-party advisories for any CVE directly from the advisory database.

pyvfeed --advisory CVE-2021-44228
[
  { "type": "bulletin", "source": "certvn",  "id": "VU#930724",              "link": "https://www.kb.cert.org/vuls/id/930724" },
  { "type": "fix",      "source": "debian",  "id": "DSA-5020",               "link": "https://www.debian.org/security/2021/dsa-5020" },
  { "type": "fix",      "source": "suse",    "id": "openSUSE-SU-2021:1577-1","link": "https://www.suse.com/security/cve/CVE-2021-44228" }
]

New: --mitre Command

Resolve the full CVE → CWE → CAPEC → MITRE ATT&CK chain for any CVE, returning weakness classifications and mapped ATT&CK techniques with tactics.

pyvfeed --mitre CVE-2021-44228
{
  "cve_id": "CVE-2021-44228",
  "weaknesses": [
    {
      "cwe_id": "CWE-20",
      "title": "Improper Input Validation",
      "class": "weakness",
      "url": "https://cwe.mitre.org/data/definitions/20.html",
      "attack_techniques": [
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "tactic": "execution"
        },
        {
          "id": "T1574.010",
          "name": "Services File Permissions Weakness",
          "tactic": "execution"
        }
      ]
    }
  ]
}

New: --schema Command

Print the complete SQLite3 DB schema — all CREATE TABLE and CREATE INDEX statements — useful for integration and tooling development.

pyvfeed --schema

Demo DB Download (--download-demo-db)

Download the public vFeed demo database with a single command. Uses SHA-256 checksum comparison against a remote signature file to skip downloads when already up to date.

pyvfeed --download-demo-db
[+] Checking demo DB update status ...
    [-] Fetching remote checksum from '...' ...
    [-] Remote checksum: a3f1...
    [-] Downloading demo DB 'vfeed.db.tgz' ...
    [-] Unpacking ...
[+] Cleaning tmp downloads ...

Persistent DB Configuration (--set-dbfile)

Save a custom database path permanently so every subsequent command picks it up without needing --db.

pyvfeed --set-dbfile /path/to/vfeed.db
[+] DB file saved to /path/to/pyvfeed/.pyvfeedrc: /path/to/vfeed.db

DB resolution order: config.py → .pyvfeedrc → --db.

Enriched Language and Package Queries

--lang and --pkgs outputs now include CVSS 4.0 scores and all cve_metadata triage fields, providing richer context per CVE entry. For example, querying CVE-2021-47952 (python jsonpickle 2.0.0 Remote Code Execution):

pyvfeed --lang python
{
  "cve_id": "CVE-2021-47952",
  "summary": "python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code via a crafted file.",
  "cvss3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "cpe23_id": "cpe:2.3:a:python:jsonpickle:2.0.0:*:*:*:*:*:*:*",
  "cvss4_vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
  "cvss4_base": "9.3",
  "vuln_status": "Deferred",
  "has_exploits": true,
  "risk_score": 0.161863
}

JSON Schema v2.0

A new schema/schema-v2.0.json documents all output shapes introduced in this release, extending v1.4 with cvss4epsskevcve_metadataadvisorymitre, and lang structures.

Installation

pyvfeed is published on PyPI and installs on Linux, macOS, and Windows with Python 3.8 or later.

pip install pyvfeed

To get started immediately with the demo database:

pyvfeed --download-demo-db
pyvfeed --information CVE-2021-44228
pyvfeed --risk CVE-2021-44228
pyvfeed --advisory CVE-2021-44228
pyvfeed --mitre CVE-2021-44228
pyvfeed --lang python

Full source code and documentation are available on GitHub https://github.com/vfeedio/pyvfeed

Changelog Summary

AreaChange
CVSS 4.0Added to --risk--lang--pkgs--information
CVE MetadataTriage flags (vuln_statushas_exploitsrisk_score, etc.) appended to all CVE outputs
--advisoryNew command — top advisories per CVE
--mitreNew command — CWE/CAPEC/ATT&CK chain
--schemaNew command — print DB schema
--download-demo-dbSHA-256 update check; skip if already current
--set-dbfilePersistent DB path via .pyvfeedrc
--dbPer-run DB path override
CLIFull rewrite — grouped argparse, build_parser() / main()
Python supportLowered to Python 3.8+
PyPIFirst public release — pip install pyvfeed
Schemaschema-v2.0.json published

vFeed threat intelligence data feeds continue to embrace NIST NVD 2.0 schema, CISA schemas, CVSS4, and EPSS4 scoring. Our correlated database tracks over 930K affected packages and 93K known exploits — providing the context defenders need to prioritize what matters.

Click here to schedule your demo with vFeed Threat Intel today!