vulnerablecode
vulnerablecode copied to clipboard
nexB
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase...
A "range string" is not an actional data point, it's not conveniant to be used for sorting, filtering, etc... A better data in the API would be the `min_score` and...
issue #95 Collect exploit pointers: - exploitdb issue #1529 - metasploit issue #1539 I think it's best to handle these issues in a single pull request, as they're all closely...
This PR improves the "export" command for FederatedCode 1. the export now uses less memory and does not load the whole DB at once 2. we no longer export DB...
https://public.vulnerablecode.io/api/cpes -> Server Error (500)
From https://github.com/aboutcode-org/dejacode/issues/94#issuecomment-2298445423 by @tdruez > > Could you tell me the PURL types from the list that are not supported (no data available) by VCIO? Excluding those will reduce the...
The API for a vulnerability returns score like this: ```JSON { "reference_url": "https://github.com/log4js-node/streamroller/pull/87", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE",...
The vulnerability https://public.vulnerablecode.io/vulnerabilities/VCID-aqmt-fmm5-aaad is missing the affected versions `0.7.1.fix1` and `0.7.4.svn.r2010`. See the details here: https://github.com/pypa/advisory-database/blob/e56e7a79124764436c8b64e07d4ee7ab7f6b5605/vulns/ipython/PYSEC-2022-12.yaml. Additionally, the vulnerability https://public.vulnerablecode.io/vulnerabilities/VCID-zdzp-uhzh-aaar also affects the `jw.util` package version `-class.-jw.util.version.Version-`, as stated here:...
Hi, I tried to reproduce the tutorial case from https://go.dev/doc/tutorial/govulncheck with golang.org/x/[email protected] but did not get a hit in VulnerableCode, even if I tried some variations to create the PURL...
Package API lookup/ endpoint should be GET and NOT POST