About CVEs

The Common Vulnerabilities and Exposures (CVEs) program catalogs publicly disclosed information-security vulnerabilities.

This catalog contains one so-called CVE Record for each vulnerability. Each record has an identifier (CVE ID) in the format "CVE-YYYY-NNNN"; that is the prefix "CVE", a 4-digit year and then a 4+digit number, separated by "-" (dashes).

About this crate

This crate implements a CveId type for syntactically valid CVE IDs. It does not implement other fields of a CVE Record.

The crate does not implement other semantic rules, e.g.

• CVEs were first assigned with start of the program in 1999
• the first number each year is 1

Syntactically "CVE-0000-0000" and "CVE-9999-9999999999999999999" are valid.

use cve_id::{CveId, CveYear};

let cve_min = CveId::new(0.try_into()?, 0);
let cve_first = "CVE-1999-0001".parse::<CveId>()?;
let cve_max = CveId::new(CveYear::new(9999)?, 9_999_999_999_999_999_999);

assert!(CveId::from_str("CAN-1999-0067").is_err());
assert!(CveId::from_str("CVE-1900-0420")?.is_example_or_test());

Features

• serde — Enable serializing and deserializing CveId using serde v1
• schemars — Enable JSON schema for CveId using schemars v1

Typesafe Common Vulnerabilities and Exposures (CVE) Identifier

use cve_id::{CveId, CveYear};

fn cveid_example() -> Result<(), Box<dyn std::error::Error>> {
    let cve_id = CveId::from_str("CVE-1999-0001")?;

    assert_eq!(cve_id.year(), 1999);
    assert_eq!(cve_id.number(), 1);
    assert_eq!(cve_id.to_string(), "CVE-1999-0001");

    const CVE_TEST_YEAR: CveYear = {
        let Ok(year) = CveYear::new(1900) else {
            panic!("not a valid CVE year")
        };
        year
    };
    const CVE_TEST_ID: CveId = CveId::new(CVE_TEST_YEAR, 42);
    assert!(CVE_TEST_ID.is_example_or_test());

    Ok(())
}