vulnerablecode
vulnerablecode copied to clipboard
nexB
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase...
Fixes: #1093 This adds cwe data to following importers: - debian - fireeye - apache_httpd
Let's focus on the Package-related endpoints for now as those are the ones used to collect vulnerability data in DejaCode. Those tests were run on a clean install of VCIO...
See https://public.vulnerablecode.io/vulnerabilities/VCID-3hng-483x-aaar?search=CVE-2024-39891 Vulnerability VCID-3hng-483x-aaar shows a relationship to CVE-2024-39891 but there are no Packages and there is no KEV reference to the corresponding entry in the Known Exploited Vulnerabilities Catalog....
These are not meant for public consumption.
./manage.py import vulnerabilities.importers.apache_tomcat.ApacheTomcatImporter Importing data using vulnerabilities.importers.apache_tomcat.ApacheTomcatImporter 'M5' is not a valid SemverVersion InvalidVersion("'M5' is not a valid ") 'M1' is not a valid SemverVersion InvalidVersion("'M1' is not a valid...
Objective: Evaluate severity, exploitability, and context factors to calculate a vulnerability risk score in VulnerableCode. Use that risk score to trigger the setting of vulnerability policy values on Product Inventory...
The initial commit in this PR adds CSS for the collapsed (< 1024px) responsive Bulma navbar and adjusts some template nesting. Substantive work on matching affected and fixed-by Packages to...
We need to improve the API results we return for unknown package versions that are in a vulnerable range. Say I have this setup: - package A has known versions...
See https://github.com/DFE-Digital/github-actions/blob/c2496b01d15df41d9c6759feff5e6413d7576533/.github/policy-as-code/typosquatting.txt#L66 by @pritchyspritch