pyvfeed CLI 2.0 Gets a Major Upgrade
We are pleased to announce the release of pyvfeed v2.0, a major update to the Python command-line interface for the vFeed Vulnerability and Threat Intelligence database. This release brings significant new capabilities, a modernized CLI, and is now available for install on any platform via a single command:
pip install pyvfeed
pyvfeed queries the vFeed correlated vulnerability database and produces structured JSON output covering CVE metadata, CVSS 2/3/4 scoring, EPSS, CISA KEV, MITRE ATT&CK, advisories, exploits, patches, detection rules, and more.
What’s New in pyvfeed 2.0
CVSS 4.0 Support
All CVE outputs now include CVSS 4.0 scoring where available. Fields are included only when a cvss4_scores entry exists and silently omitted otherwise — no breaking changes to existing output.
For example, querying CVE-2021-44228 (Log4Shell — Apache Log4j2 Remote Code Execution):
pyvfeed --risk CVE-2021-44228
{
"risk": {
"cvss": {
"cvss2": {
"vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"base_score": "9.3"
},
"cvss3": {
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"base_score": "10.0"
}
},
"epss": {
"probability": 0.94358,
"percentile": 0.99964
},
"kev": {
"id": "CISA:BOD 22-01",
"parameters": {
"date_added": "2021-12-10",
"date_due": "2021-12-24",
"name": "Apache Log4j2 Remote Code Execution Vulnerability",
"vendor": "Apache",
"product": "Log4j2"
}
}
}
}
CVE Metadata Triage Flags
When a cve_metadata row exists, enriched triage fields are appended to all CVE outputs: vuln_status, source_identifier, has_exploits, has_kev_cisa, has_patches, has_advisory, and risk_score. These provide immediate at-a-glance prioritization signals.
pyvfeed --information CVE-2021-44228
{
"information": {
"description": [
{
"id": "CVE-2021-44228",
"parameters": {
"published": "2021-12-10T10:15Z",
"summary": "Apache Log4j2 2.0-beta9 through 2.15.0 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints ...",
"vuln_status": "Analyzed",
"source_identifier": "security@apache.org",
"has_exploits": true,
"has_kev_cisa": true,
"has_patches": true,
"has_advisory": true,
"risk_score": 0.438675
}
}
]
}
}
New: --advisory Command
Retrieve the top vendor and third-party advisories for any CVE directly from the advisory database.
pyvfeed --advisory CVE-2021-44228
[
{ "type": "bulletin", "source": "certvn", "id": "VU#930724", "link": "https://www.kb.cert.org/vuls/id/930724" },
{ "type": "fix", "source": "debian", "id": "DSA-5020", "link": "https://www.debian.org/security/2021/dsa-5020" },
{ "type": "fix", "source": "suse", "id": "openSUSE-SU-2021:1577-1","link": "https://www.suse.com/security/cve/CVE-2021-44228" }
]
New: --mitre Command
Resolve the full CVE → CWE → CAPEC → MITRE ATT&CK chain for any CVE, returning weakness classifications and mapped ATT&CK techniques with tactics.
pyvfeed --mitre CVE-2021-44228
{
"cve_id": "CVE-2021-44228",
"weaknesses": [
{
"cwe_id": "CWE-20",
"title": "Improper Input Validation",
"class": "weakness",
"url": "https://cwe.mitre.org/data/definitions/20.html",
"attack_techniques": [
{
"id": "T1574",
"name": "Hijack Execution Flow",
"tactic": "execution"
},
{
"id": "T1574.010",
"name": "Services File Permissions Weakness",
"tactic": "execution"
}
]
}
]
}
New: --schema Command
Print the complete SQLite3 DB schema — all CREATE TABLE and CREATE INDEX statements — useful for integration and tooling development.
pyvfeed --schema
Demo DB Download (--download-demo-db)
Download the public vFeed demo database with a single command. Uses SHA-256 checksum comparison against a remote signature file to skip downloads when already up to date.
pyvfeed --download-demo-db
[+] Checking demo DB update status ...
[-] Fetching remote checksum from '...' ...
[-] Remote checksum: a3f1...
[-] Downloading demo DB 'vfeed.db.tgz' ...
[-] Unpacking ...
[+] Cleaning tmp downloads ...
Persistent DB Configuration (--set-dbfile)
Save a custom database path permanently so every subsequent command picks it up without needing --db.
pyvfeed --set-dbfile /path/to/vfeed.db
[+] DB file saved to /path/to/pyvfeed/.pyvfeedrc: /path/to/vfeed.db
DB resolution order: config.py → .pyvfeedrc → --db.
Enriched Language and Package Queries
--lang and --pkgs outputs now include CVSS 4.0 scores and all cve_metadata triage fields, providing richer context per CVE entry. For example, querying CVE-2021-47952 (python jsonpickle 2.0.0 Remote Code Execution):
pyvfeed --lang python
{
"cve_id": "CVE-2021-47952",
"summary": "python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code via a crafted file.",
"cvss3_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cpe23_id": "cpe:2.3:a:python:jsonpickle:2.0.0:*:*:*:*:*:*:*",
"cvss4_vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"cvss4_base": "9.3",
"vuln_status": "Deferred",
"has_exploits": true,
"risk_score": 0.161863
}
JSON Schema v2.0
A new schema/schema-v2.0.json documents all output shapes introduced in this release, extending v1.4 with cvss4, epss, kev, cve_metadata, advisory, mitre, and lang structures.
Installation
pyvfeed is published on PyPI and installs on Linux, macOS, and Windows with Python 3.8 or later.
pip install pyvfeed
To get started immediately with the demo database:
pyvfeed --download-demo-db
pyvfeed --information CVE-2021-44228
pyvfeed --risk CVE-2021-44228
pyvfeed --advisory CVE-2021-44228
pyvfeed --mitre CVE-2021-44228
pyvfeed --lang python
Full source code and documentation are available on GitHub https://github.com/vfeedio/pyvfeed
Changelog Summary
| Area | Change |
|---|---|
| CVSS 4.0 | Added to --risk, --lang, --pkgs, --information |
| CVE Metadata | Triage flags (vuln_status, has_exploits, risk_score, etc.) appended to all CVE outputs |
--advisory | New command — top advisories per CVE |
--mitre | New command — CWE/CAPEC/ATT&CK chain |
--schema | New command — print DB schema |
--download-demo-db | SHA-256 update check; skip if already current |
--set-dbfile | Persistent DB path via .pyvfeedrc |
--db | Per-run DB path override |
| CLI | Full rewrite — grouped argparse, build_parser() / main() |
| Python support | Lowered to Python 3.8+ |
| PyPI | First public release — pip install pyvfeed |
| Schema | schema-v2.0.json published |
vFeed threat intelligence data feeds continue to embrace NIST NVD 2.0 schema, CISA schemas, CVSS4, and EPSS4 scoring. Our correlated database tracks over 930K affected packages and 93K known exploits — providing the context defenders need to prioritize what matters.

Click here to schedule your demo with vFeed Threat Intel today!