-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nvdlib.searchCVE occasionally times out #26
Comments
Hi, Can you please provide the entire error output when the timeout occurs? Thanks Edit: |
Code: #Get the details of the CVE from NVD Database using nvdlib Error Message: Filter: During handling of the above exception, another exception occurred: Traceback (most recent call last): During handling of the above exception, another exception occurred: Traceback (most recent call last): |
Thank you for the output. Could you please see if you still experience the issue after adding Example: This will add a 12 second delay to the search. NVD has firewall rules in place that could be dropping the connection (or putting up a 404) because it believes your IP address to be going over the rate limit. NVDLib has built-in rate limiting, but it can be bypassed unintentionally by stopping and starting code repeatedly that makes searches. |
Still getting timeout error - #Get the details of the CVE from NVD Database using nvdlib /Error message: Now running first-api-epss.py During handling of the above exception, another exception occurred: Traceback (most recent call last): During handling of the above exception, another exception occurred: Traceback (most recent call last): |
I get the same error. Could be a srv issue? |
Attached is a compressed wheel file that contains an update to allow a custom timeout parameter. By default it set to 30 seconds, but you can enter a custom value. I tested it when setting the value to 60 and it seems to work for me, but please try it and see if it resolves your issue. If it works, then I will release this version. Example: To install the wheel, you must first right click and extract the contents, then navigate to the same directory as the wheel file and run the following. You might need to first uninstall the current nvdlib by running I believe this is caused by the NVD server taking too long to reply, which isn't an issue as long as we an define an appropriate timeout. |
I'll try it today, thx! |
I tried nvdlib 0.7.5 and with timeout = 60 and some other settings as well and still get read timeout errors and HTTP 503 errors. However, I emailed the nvd today and got this response which seems to confirm that the problem is on the nvd side: "Thank you for notifying the NVD. We are aware of sporadic errors being provided to users of the APIs and are investigating the root cause for resolution. We apologize for the inconvenience during this time." |
Thanks for reaching out to them. I will keep this issue open in the mean time so people can find updates. |
We've been getting persistent timeouts like this
Since Wednesday July 5th. I upgraded to 0.7.4 today but that did not change the behaviour. I then found this discussion and see the issue is likely on the nvd side. Do those on the thread think it is worth adjusting the timeout (which is 6) etc. or just waiting until we hear the the problem on the nvd side is resolved. |
From the evidence in this thread, changing the timeout does not make any difference. It will be best to wait for an update from NVD. |
@vehemont thanks for confirming. |
using nvdlib 0.7.4, for around 10 days it is not working for me and now I tested this |
Yes. That is the issue we are experiencing at this time. Feel free to reach out to the NVD and inform them the issue is still occurring. |
Update from NVD on timeout / 503 errors on 7-17-2023: "We are aware of the root cause for the issue and are working to find appropriate resolutions that will have minimal impact to the userbase while improving reliability of the site and search. We do not have a timeline for this currently and appreciate your patience during this period." |
I will push out an update disabling the keyword and keyword exact match options. I will re-enable them once the issue is resolved. Update from the NVD:
|
@vehemont I assume it 0.7.5 that I should wait for in terms of the above? |
NVD released news regarding this issue. NVDLib should be back in functioning order. I don't think any changes will need to be made to NVDLib but I'll do some testing and find out.
|
Yes it is working now again |
Seems to be working for the nodejs automation, thanks for this issue and the updates. |
I'm using nvdlib-0.7.4 and occasionally I get a time out error from urllib3 when executing:
r = nvdlib.searchCVE(cveId=s2,key='xyz',verbose=True,delay=6)
Timeout is currently set to 30
Is there a way I can increase the timeout?
Thanks
The text was updated successfully, but these errors were encountered: