vulnerablecode
vulnerablecode copied to clipboard
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase...
https://github.com/nexB/vulnerablecode/pull/782 added support for the NVD importer, but other importers have this information too and should be enhanced to report it.
issue: #1473 ![image](https://github.com/nexB/vulnerablecode/assets/29133904/0f242bb5-a41e-4930-a19c-0aaaea877e2d) ![image](https://github.com/nexB/vulnerablecode/assets/29133904/851141b4-38d8-4fb9-b6a6-b5e7e1bb58c8)
Fix issue #1238 Some vulnerabilities missing the cvssv3.1 & cvssv3 scores but have other severity data. So I need to manually locate the data and add them to the database....
We need to consolidate the `Fixed by packages` tab and the `Affected packages` tab in the `Vulnerability details` page into a single tab with a table in which the rows...
There is new 'raw' public data from Apache: - an index at https://cveprocess.apache.org/publicjson - individual vulnerabilities at e.g., https://cveprocess.apache.org/publicjson/CVE-2020-17513 The detail files are in CVE-json v4.0 or v5.0 format depending...
While working on the SUSE Oval importer, I've been exploring the Debian and Ubuntu OVAL importers and noticed that in one set of test files, we are reporting `potrace` as...
In some case it may be possible to infer new package URLs from collected references. In this [CVE-2014-1904.pdf](https://github.com/nexB/vulnerablecode/files/5895902/CVE-2014-1904.pdf) we have these: - https://github.com/spring-projects/spring-framework/commit/741b4b229ae032bd17175b46f98673ce0bd2d485 - https://github.com/spring-projects/spring-framework/commit/75e08695a04980dbceae6789364717e9d8764d58 - https://github.com/spring-projects/spring-framework.git/741b4b229ae032bd17175b46f98673ce0bd2d485 - https://github.com/spring-projects/spring-framework.git/75e08695a04980dbceae6789364717e9d8764d58 1....
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.18 to 1.26.19. Release notes Sourced from urllib3's releases. 1.26.19 🚀 urllib3 is fundraising for HTTP/2 support urllib3 is raising ~$40,000 USD to release HTTP/2 support and...
We should extract interesting data from CVE and other vulnerabilities body. This is based on this research https://rp.os3.nl/2020-2021/p06/report.pdf and https://rp.os3.nl/2020-2021/p06/presentation.pdf by Bart van Dongen and @armijnhemel See also for related...
We should extract unpublished vulnerabilities from commit histories and issue trackers - [ ] Parse issues and trackers such as github issues. See https://github.com/nexB/vulnerablecode/issues/251 - [ ] Parse CHANGELOGs. See...