vulnerability-db
vulnerability-db copied to clipboard
AppThreat
Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.0, purl, and vers.
https://github.com/cisagov/vulnrichment This could populate our override_data field!
Initially, could be a contrib script. Based on the cve, we can first identify the namespace and name aliases. Then we can attempt to come up with a generalizer algorithm...
The `cve_index` table currently contains many `vers` ranges with redundant constraints.  As per `vers` specification: > These pairs of contiguous constraints with these comparators are redundant and invalid (ignoring...
Since vdb6 is based on sqlite, it would be nice to create examples for integration in various languages like go, dotnet etc and add them to the contrib folder or...
The individual data sources are getting converted to CVE 4.0 format first and then upgraded to CVE 5.0. Instead, we could rewrite the sources to use the CVE schema models...
We need a poc to experiment with better identification for c/c++ libraries with vulnerabilities. With a local vuln-list [repo](https://github.com/AppThreat/vuln-list), I am getting good hits from inside the NVD directory. ```...
We would like to explore donating vdb to owasp depscan project. This would make the aggregate database owned by a foundation rather than a private company.
When running the VDB inside a Docker container (through `depscan` image), we got the following exception: ``` Performing regular scan for / using plugin bom Traceback (most recent call last):...
/-/npm/v1/security/advisories/bulk https://github.com/AppThreat/vulnerability-db/blob/master/vdb/lib/config.py#L36