vulnerablecode
vulnerablecode copied to clipboard
nexB
[WIP] Support Advisory Comparison in VulnTotal
- Add debug flag --vers to display equivalent normalized versions for corresponding native ranges.
- Add debug flag --no-compare to run the CLI without comparison.
- Auto-adjust text table width based on the terminal width.
- Minor bug fixes and improvements in existing DataSources.
Depends on: https://github.com/nexB/univers/pull/108 Resolves #1136, resolves #822
Note: Workflows is failing as https://github.com/nexB/univers/pull/108 is not yet merged in univers
Preview
❯ vulntotal "pkg:pypi/[email protected]" --vers -e github -e vulnerablecode -e safetydb
PURL: pkg:pypi/[email protected]
Active DataSources: GITHUB, SAFETYDB, VULNERABLECODE
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE | DATASOURCE | ALIASES | AFFECTED | FIXED | SCORE |
+=================+===============+===============+====================+====================+========+
| CVE-2024-22195 | VULNERABLECOD | CVE-2024- | 2.0 2.0rc1 2.1 | 3.1.3 | 100 |
| | E | 22195 | 2.10 2.10.1 | | |
| | | GHSA-h5c8- | 2.10.2 2.10.3 | | |
| | | rqwp-cp95 | 2.1.1 2.11.0 | | |
| | | | 2.11.1 2.11.2 | | |
| | | | 2.11.3 2.2 2.2.1 | | |
| | | | 2.3 2.3.1 2.4 | | |
| | | | 2.4.1 2.5 2.5.1 | | |
| | | | 2.5.2 2.5.3 | | |
| | | | 2.5.4 2.5.5 2.6 | | |
| | | | 2.7 2.7.1 2.7.2 | | |
| | | | 2.7.3 2.8 2.8.1 | | |
| | | | 2.9 2.9.1 2.9.2 | | |
| | | | 2.9.3 2.9.4 | | |
| | | | 2.9.5 2.9.6 | | |
| | | | 3.0.0 3.0.0a1 | | |
| | | | 3.0.0rc1 3.0.0rc2 | | |
| | | | 3.0.1 3.0.2 | | |
| | | | 3.0.3 3.1.0 | | |
| | | | 3.1.1 3.1.2 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | vers:pypi/3.1.3 | |
| | | | |<=3.1.2 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE-2024-22195 | SAFETYDB | CVE-2024- | <3.1.3 | | 67 |
| | | 22195 | | | |
| | | pyup.io-64227 | | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | [] | |
| | | | |<=3.1.2 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE-2024-22195 | GITHUB | CVE-2024- | < 3.1.3 | 3.1.3 | 100 |
| | | 22195 | | | |
| | | GHSA-h5c8- | | | |
| | | rqwp-cp95 | | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | vers:pypi/3.1.3 | |
| | | | |<=3.1.2 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE-2020-28493 | VULNERABLECOD | CVE-2020- | 2.0 2.0rc1 2.1 | 2.11.3 | 100 |
| | E | 28493 | 2.10 2.10.1 | | |
| | | GHSA-g3rq- | 2.10.2 2.10.3 | | |
| | | g295-4j3m | 2.1.1 2.11.0 | | |
| | | PYSEC-2021-66 | 2.11.1 2.11.2 | | |
| | | SNYK-PYTHON-J | 2.2 2.2.1 2.3 | | |
| | | INJA2-1012994 | 2.3.1 2.4 2.4.1 | | |
| | | | 2.5 2.5.1 2.5.2 | | |
| | | | 2.5.3 2.5.4 | | |
| | | | 2.5.5 2.6 2.7 | | |
| | | | 2.7.1 2.7.2 | | |
| | | | 2.7.3 2.8 2.8.1 | | |
| | | | 2.9 2.9.1 2.9.2 | | |
| | | | 2.9.3 2.9.4 | | |
| | | | 2.9.5 2.9.6 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | vers:pypi/2.11.3 | |
| | | | |<=2.11.2 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE-2020-28493 | SAFETYDB | CVE-2020- | <2.11.3 | | 67 |
| | | 28493 | | | |
| | | pyup.io-39525 | | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | [] | |
| | | | |<=2.11.2 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE-2020-28493 | GITHUB | CVE-2020- | < 2.11.3 | 2.11.3 | 100 |
| | | 28493 | | | |
| | | GHSA-g3rq- | | | |
| | | g295-4j3m | | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | vers:pypi/2.11.3 | |
| | | | |<=2.11.2 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE-2019-10906 | VULNERABLECOD | CVE-2019- | 2.0 2.0rc1 2.1 | 2.10.1 | 100 |
| | E | 10906 | 2.10 2.1.1 2.2 | | |
| | | GHSA-462w- | 2.2.1 2.3 2.3.1 | | |
| | | v97r-4m45 | 2.4 2.4.1 2.5 | | |
| | | PYSEC-2019- | 2.5.1 2.5.2 | | |
| | | 217 | 2.5.3 2.5.4 | | |
| | | | 2.5.5 2.6 2.7 | | |
| | | | 2.7.1 2.7.2 | | |
| | | | 2.7.3 2.8 2.8.1 | | |
| | | | 2.9 2.9.1 2.9.2 | | |
| | | | 2.9.3 2.9.4 | | |
| | | | 2.9.5 2.9.6 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | vers:pypi/2.10.1 | |
| | | | |<=2.10 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE-2019-10906 | SAFETYDB | CVE-2019- | >=0,<2.10.1 | | 67 |
| | | 10906 | | | |
| | | pyup.io-54679 | | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | [] | |
| | | | |<=2.10 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE-2019-10906 | GITHUB | CVE-2019- | < 2.10.1 | 2.10.1 | 100 |
| | | 10906 | | | |
| | | GHSA-462w- | | | |
| | | v97r-4m45 | | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | vers:pypi/2.10.1 | |
| | | | |<=2.10 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE-2016-10745 | VULNERABLECOD | CVE-2016- | 2.0 2.0rc1 2.1 | 2.8.1 | 100 |
| | E | 10745 | 2.1.1 2.2 2.2.1 | | |
| | | GHSA- | 2.3 2.3.1 2.4 | | |
| | | hj2j-77xm- | 2.4.1 2.5 2.5.1 | | |
| | | mc5v | 2.5.2 2.5.3 | | |
| | | PYSEC-2019- | 2.5.4 2.5.5 2.6 | | |
| | | 220 | 2.7 2.7.1 2.7.2 | | |
| | | | 2.7.3 2.8 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | vers:pypi/2.8.1 | |
| | | | |<=2.8 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE-2016-10745 | SAFETYDB | CVE-2016- | <2.8.1 | | 67 |
| | | 10745 | | | |
| | | pyup.io-47572 | | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | [] | |
| | | | |<=2.8 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE-2016-10745 | GITHUB | CVE-2016- | < 2.8.1 | 2.8.1 | 100 |
| | | 10745 | | | |
| | | GHSA- | | | |
| | | hj2j-77xm- | | | |
| | | mc5v | | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | vers:pypi/2.8.1 | |
| | | | |<=2.8 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE-2014-1402 | VULNERABLECOD | CVE-2014-1402 | 2.0 2.0rc1 2.1 | 2.7.2 | 100 |
| | E | GHSA-8r7q- | 2.1.1 2.2 2.2.1 | | |
| | | cvjq-x353 | 2.3 2.3.1 2.4 | | |
| | | PYSEC-2014-8 | 2.4.1 2.5 2.5.1 | | |
| | | | 2.5.2 2.5.3 | | |
| | | | 2.5.4 2.5.5 2.6 | | |
| | | | 2.7 2.7.1 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | vers:pypi/2.7.2 | |
| | | | |<=2.7.1 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE-2014-1402 | SAFETYDB | CVE-2014-1402 | <2.7.2 | | 67 |
| | | pyup.io-25866 | | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | [] | |
| | | | |<=2.7.1 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE-2014-1402 | GITHUB | CVE-2014-1402 | < 2.7.2 | 2.7.2 | 100 |
| | | GHSA-8r7q- | | | |
| | | cvjq-x353 | | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | vers:pypi/2.7.2 | |
| | | | |<=2.7.1 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE-2014-0012 | VULNERABLECOD | CVE-2014-0012 | 2.0 2.0rc1 2.1 | 2.7.3 | 100 |
| | E | GHSA-fqh9- | 2.1.1 2.2 2.2.1 | | |
| | | 2qgg-h84h | 2.3 2.3.1 2.4 | | |
| | | PYSEC-2014-82 | 2.4.1 2.5 2.5.1 | | |
| | | | 2.5.2 2.5.3 | | |
| | | | 2.5.4 2.5.5 2.6 | | |
| | | | 2.7 2.7.1 2.7.2 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | vers:pypi/2.7.3 | |
| | | | |<=2.7.2 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE-2014-0012 | SAFETYDB | CVE-2014-0012 | >=0,<2.7.3 | | 100 |
| | | pyup.io-54674 | | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | [] | |
| | | | |<=2.7.2 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE-2014-0012 | GITHUB | CVE-2014-0012 | < 2.7.2 | 2.7.2 | 0 |
| | | GHSA-fqh9- | | | |
| | | 2qgg-h84h | | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | vers:pypi/2.7.2 | |
| | | | |<=2.7.1 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE-2024-34064 | SAFETYDB | CVE-2024- | <3.1.4 | | 100 |
| | | 34064 | | | |
| | | pyup.io-71591 | | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | [] | |
| | | | |<=3.1.3 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE-2024-34064 | GITHUB | CVE-2024- | < 3.1.4 | 3.1.4 | 100 |
| | | 34064 | | | |
| | | GHSA-h75v- | | | |
| | | 3vvj-5mfj | | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | vers:pypi/3.1.4 | |
| | | | |<=3.1.3 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| CVE-2019-8341 | SAFETYDB | CVE-2019-8341 | >=0 | | NA |
| | | pyup.io-70612 | | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
| | | | vers:pypi/>=2.0rc1 | [] | |
| | | | |<=3.1.4 | | |
+-----------------+---------------+---------------+--------------------+--------------------+--------+
@keshav-space if this PR is ready to be merged, feel free to merge. If it's WIP feel free to close this and open it once it's ready
