[Buildroot] [PATCH 1/1] cve-check: fix CVE URL format

[Buildroot] [PATCH 1/1] cve-check: fix CVE URL format

[Fabien Lehoussel via buildroot]

Update NVD source to full URL format following CycloneDC 1.6
specification [1].

Before: "url": "https://nvd.nist.gov/"
After:  "url": "https://nvd.nist.gov/vuln/detail/CVE-XXXX"

[1] https://cyclonedx.org/docs/1.6/json/#vulnerabilities_items_source_url

Signed-off-by: Fabien Lehoussel <fabien.lehoussel@smile.fr>
---
 support/scripts/cve-check | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/support/scripts/cve-check b/support/scripts/cve-check
index ff14e4b238..bcd970bad8 100755
--- a/support/scripts/cve-check
+++ b/support/scripts/cve-check
@@ -131,7 +131,7 @@ def nvd_cve_to_cdx_vulnerability(nvd_cve):
         "description": cve_api_get_lang_from_list(nvd_cve.get("descriptions", [])) or "",
         "source": {
             "name": "NVD",
-            "url": "https://nvd.nist.gov/"
+            "url": f"https://nvd.nist.gov/vuln/detail/{nvd_cve['id']}"
         },
         **({
             "published": nvd_cve["published"],
-- 
2.43.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/1] cve-check: fix CVE URL format

[Thomas Perale via buildroot]

Thanks Fabien.

Acked-By: Thomas Perale <thomas.perale@mind.be>

In reply of:
> Update NVD source to full URL format following CycloneDC 1.6
> specification [1].
> 
> Before: "url": "https://nvd.nist.gov/"
> After:  "url": "https://nvd.nist.gov/vuln/detail/CVE-XXXX"
> 
> [1] https://cyclonedx.org/docs/1.6/json/#vulnerabilities_items_source_url
> 
> Signed-off-by: Fabien Lehoussel <fabien.lehoussel@smile.fr>

> ---
>  support/scripts/cve-check | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/support/scripts/cve-check b/support/scripts/cve-check
> index ff14e4b238..bcd970bad8 100755
> --- a/support/scripts/cve-check
> +++ b/support/scripts/cve-check
> @@ -131,7 +131,7 @@ def nvd_cve_to_cdx_vulnerability(nvd_cve):
>          "description": cve_api_get_lang_from_list(nvd_cve.get("descriptions", [])) or "",
>          "source": {
>              "name": "NVD",
> -            "url": "https://nvd.nist.gov/"
> +            "url": f"https://nvd.nist.gov/vuln/detail/{nvd_cve['id']}"
>          },
>          **({
>              "published": nvd_cve["published"],
> -- 
> 2.43.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/1] cve-check: fix CVE URL format

[Romain Naour via buildroot]

Hello Fabien, Thomas, All,

Le 24/02/2026 à 15:08, Thomas Perale via buildroot a écrit :
> Thanks Fabien.
> 
> Acked-By: Thomas Perale <thomas.perale@mind.be>

Applied to master, thanks.

Best regards,
Romain


> 
> In reply of:
>> Update NVD source to full URL format following CycloneDC 1.6
>> specification [1].
>>
>> Before: "url": "https://nvd.nist.gov/"
>> After:  "url": "https://nvd.nist.gov/vuln/detail/CVE-XXXX"
>>
>> [1] https://cyclonedx.org/docs/1.6/json/#vulnerabilities_items_source_url
>>
>> Signed-off-by: Fabien Lehoussel <fabien.lehoussel@smile.fr>
> 
>> ---
>>  support/scripts/cve-check | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/support/scripts/cve-check b/support/scripts/cve-check
>> index ff14e4b238..bcd970bad8 100755
>> --- a/support/scripts/cve-check
>> +++ b/support/scripts/cve-check
>> @@ -131,7 +131,7 @@ def nvd_cve_to_cdx_vulnerability(nvd_cve):
>>          "description": cve_api_get_lang_from_list(nvd_cve.get("descriptions", [])) or "",
>>          "source": {
>>              "name": "NVD",
>> -            "url": "https://nvd.nist.gov/"
>> +            "url": f"https://nvd.nist.gov/vuln/detail/{nvd_cve['id']}"
>>          },
>>          **({
>>              "published": nvd_cve["published"],
>> -- 
>> 2.43.0
>>
>> _______________________________________________
>> buildroot mailing list
>> buildroot@buildroot.org
>> https://lists.buildroot.org/mailman/listinfo/buildroot
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/1] cve-check: fix CVE URL format

[Thomas Perale via buildroot]

In reply of:
> Update NVD source to full URL format following CycloneDC 1.6
> specification [1].
> 
> Before: "url": "https://nvd.nist.gov/"
> After:  "url": "https://nvd.nist.gov/vuln/detail/CVE-XXXX"
> 
> [1] https://cyclonedx.org/docs/1.6/json/#vulnerabilities_items_source_url
> 
> Signed-off-by: Fabien Lehoussel <fabien.lehoussel@smile.fr>

Applied to 2026.02.x & 2025.02.x. Thanks

> ---
>  support/scripts/cve-check | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/support/scripts/cve-check b/support/scripts/cve-check
> index ff14e4b238..bcd970bad8 100755
> --- a/support/scripts/cve-check
> +++ b/support/scripts/cve-check
> @@ -131,7 +131,7 @@ def nvd_cve_to_cdx_vulnerability(nvd_cve):
>          "description": cve_api_get_lang_from_list(nvd_cve.get("descriptions", [])) or "",
>          "source": {
>              "name": "NVD",
> -            "url": "https://nvd.nist.gov/"
> +            "url": f"https://nvd.nist.gov/vuln/detail/{nvd_cve['id']}"
>          },
>          **({
>              "published": nvd_cve["published"],
> -- 
> 2.43.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot