RPM CVE Count
A CLI tool to count the number of known CVEs for a given list of RPM packages by querying the Red Hat OSIDB database.
Features
- Batch processing: Query multiple packages from a file
- Impact filtering: Filter by CVE severity (CRITICAL, IMPORTANT, MODERATE, LOW)
- Date filtering: Count only CVEs created after a specific date
- CSV output: Easy to import into spreadsheets or process with other tools
Prerequisites
- Red Hat VPN: Must be connected to access the OSIDB database
- Go 1.21+: For building from source
Installation
Install the latest version:
go install gitlab.com/redhat/hummingbird/tools/rpm-cve-count@latest
Or build from source:
git clone https://gitlab.com/redhat/hummingbird/tools.git
cd tools/rpm-cve-count
go build
Usage
rpm-cve-count -file <package-file> [-after <date>] [-impact <level>]
Options
| Option | Description | Required |
|---|---|---|
-file |
Read packages from file (one per line) | Yes |
-after |
Count CVEs created after date (YYYY-MM-DD) | No |
-impact |
Filter by impact: CRITICAL, IMPORTANT, MODERATE, LOW | No |
Examples
Create a file with package names (one per line):
# packages.txt
kernel
systemd
openssl
glibc
Count all CVEs for the packages:
$ rpm-cve-count -file packages.txt
kernel,342
systemd,87
openssl,156
glibc,234
Count only CRITICAL CVEs:
$ rpm-cve-count -file packages.txt -impact CRITICAL
kernel,23
systemd,5
openssl,18
glibc,12
Count CVEs created after a specific date:
$ rpm-cve-count -file packages.txt -after 2024-01-01
kernel,45
systemd,12
openssl,28
glibc,31
Combine filters to count CRITICAL CVEs from the last year:
$ rpm-cve-count -file packages.txt -impact CRITICAL -after 2024-01-01
kernel,8
systemd,2
openssl,5
glibc,3
Save results to CSV:
rpm-cve-count -file packages.txt > results.csv
Output Format
CSV format with two columns:
- Package name
- CVE count
Development
# Build
go build
# Run tests
go test ./...
# Install locally
go install
License
This project is licensed under the GNU General Public License v3.0 or later - see the LICENSE file for details.