vulnerablecode icon indicating copy to clipboard operation
vulnerablecode copied to clipboard

Published 20 hours ago verified publisher icon nexB

store publicly available vuldb.com identifiers

Open armijnhemel opened this issue 2 years ago • 2 comments

Several CVEs have a reference to an identifier as used by vuldb in the description field, for example CVE-2022-4877:

The identifier of this vulnerability is VDB-217444.

Storing this extra data might be useful.

armijnhemel avatar Jan 06 '23 15:01 armijnhemel

See also https://github.com/nexB/vulnerablecode/issues/1199 ... Since the data upstream is not open source, I will have to reach out to clarify if this is acceptable, though I think this is may be OK when we are getting it from another source?

pombredanne avatar Mar 07 '24 10:03 pombredanne

See also #1199 ... Since the data upstream is not open source, I will have to reach out to clarify if this is acceptable, though I think this is may be OK when we are getting it from another source?

What you are saying doesn't make sense at all to me. VulDB added it to the CVE report themselves. I would then assume that it would fall under the data license of the CVE database. If not it would be very easy to hold open databases hostages: just say of some identifier "oh but this isn't open" and publish it in the open database.

armijnhemel avatar Mar 10 '24 16:03 armijnhemel