Your company here, and a link to your site. Click to find out more.

pullcves - Man Page

Update the local cvechecker CVE database and version matching rules


pullcves pull or pullcves cleancache


The pullcves script will download the CVE entries from the Internet and store them in the local cvechecker databases. It will also download the latest version matching rules from the Internet and load them up in the cvechecker database. It uses the wget tool for the downloads and xsltproc for the XML conversions.

If cleancache is used, it will clean its internal cache. This will effectively remove the downloaded XML (and generated CSV) files, causing the next pull to redownload and reimport everything.

The pullcves script uses the configuration file of cvechecker for the paths of the various locations using the same logic (if CVECHECKER_CONFFILE is set as environment variable, then it has to point to a valid configuration file; if the environment variable is not set, it ties ~/.cvechecker.rc, /usr/local/etc/cvechecker.conf and /etc/cvechecker.conf in that order).


The command is simply pullcves pull or pullcves cleancache.

Return Codes

The returncode of pullcves depends on the actions it performed.

In case of pull:

  • A returncode of 0 means that the CVE database and version matching rules were already up to date
  • A returncode of 1 means that the CVE database is updated
  • A returncode of 2 means that the version matching rules are updated
  • A returncode of 3 means that both the CVE database and version matching rules are updated


pullcves is part of the cvechecker tool. pullcves was written by Sven Vermeulen <sven.vermeulen@siphos.be>.


17 August 2013 August 17, 2013 pullcves Manual