SQLite referencing

I am currently pulling data from an XML via elementtree and then placing it into an SQLite database. The database consists of 3 tables, hosts, vulns and cves.

The hosts table holds a unique id, a IP address and netbios name. The vulns table holds a unique id, a pluginID, pluginName, severity and a descriptiong (yes this is nessus output). The cve table holds all the cves associated with the vulns identified for each host.

The problem I am having is how do I tie all of this data together. The cves have been put in a table of there own because each host has multiple vulnerabilities which in tern have multiple cves. I know you can reference other tables and I have attempted to, but to no avail (refs can bee seen in table creation below). If anyone could point me in the correct direction that would be great.

Current Code

def create_db():
    db = sqlite3.connect('database.sqlite')
    cursor = db.cursor()
    cursor.execute('''drop table if exists hosts''')
    cursor.execute('''drop table if exists vulns''')
    cursor.execute('''drop table if exists cves''')
    db.commit()
    cursor.execute('''CREATE TABLE hosts(id INTEGER PRIMARY KEY, operating_system TEXT, host_ip TEXT, netbios_name TEXT)
''')
    cursor.execute('''CREATE TABLE vulns(vuln_id INTEGER PRIMARY KEY, pluginID TEXT, pluginName TEXT, severity INTEGER, description TEXT)''')
    cursor.execute('''CREATE TABLE cves(cve_id INTEGER PRIMARY KEY references hosts(host_ip), pluginID TEXT, cve TEXT)''')
    db.commit()
    db.close()

Database Example Tables