vulnerablecode
vulnerablecode copied to clipboard
nexB
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase...
Today we have this (problematic entries are in bold) - Package - UI- affected by vulnerabilities, **fixed by vulnerabilities** -> replace by **fixing vulnerabilities** - Models- affected_by, fixing -> do...
See https://www.npmjs.com/package/fontwesome for an example
Fixes https://github.com/nexB/vulnerablecode/issues/1214 . I'm not familiar with either this project nor python, so I'm unsure if this is a good solution. However, it solved the issue I described in the...
Vulnerability reachability is to check if vulnerable code is reachable or not. This is important to help triage vulnerabilities. Some of the things to consider: - [ ] Collecting introducing/fix...
https://github.com/piercing-index/cloud-vulnerabilities has scoring for cloud vulnerabilities.
We should collect the data of https://github.com/wiz-sec/open-cvdb and https://www.cloudvulndb.org/ by @korniko98 ... They have vulnerabilities known to be exploited at cloud providers. License seems is CC-BY. There are no PURL...
Either we compute the repo home homepage or we fetch it from PurlDB, but with a PURL like `pkg:npm/[email protected]` I would like a link to https://www.npmjs.com/package/log4js/v/6.4.0 and other PURL-related links....
Example: PyPI does not contain `[email protected]` (https://pypi.org/project/Django/#history), but it does exist on the official Django release website (https://docs.djangoproject.com/en/4.1/releases/1.11.19/)
