vulnerablecode
vulnerablecode copied to clipboard
nexB
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase...
See https://mattermost.com/security-updates/
See https://hackerone.com/reports/274267 for example
@boathor created a great data sources list We should import all data sources listed in https://github.com/BoaThor/CVE-Resources (we do already import several) See also: - https://github.com/BoaThor/CVE-Resources/issues/1 - https://github.com/BoaThor/CVE-Resources/issues/3
- Have one off pipelines instead of migrations. - Have a primary and replica DB that we can shuffle around.
Given a sample Suse score https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml: ``` CVE-2024-35255: cvss: - version: 3.1 score: 5.5 vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N - version: 4 score: 6.8 vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N ``` The version 4 cvss is not...
Upstream Source: https://github.com/vmware/photon/wiki/Security-Advisories (CC BY-SA 4.0.) Republished in OSV at https://github.com/captn3m0/photon-os-advisories, enriched using https://packages.vmware.com/photon/photon_cve_metadata/ Sample advisory URL: https://captnemo.in/photon-os-advisories/advisories/PHSA-2024-4.0-0685.json
Source: https://www.freexian.com/lts/extended/updates/ Republished in OSV format at https://github.com/captn3m0/debian-elts-advisories/ I'm happy to add a index JSON as well, if needed - but it would probably be easier to ingest via the...
Incorrect `Ranges overlap` and `identical boundaries` error while collecting Maven advisories. ```shell ERROR 2024-09-02 09:53:33.477 parse_yaml_file: affected_range is not parsable: '[3.0.0,3.1.1),(,2.3.4)' for: pkg:maven/org.apache.hive/hive-exec error: VersionRangeParseError('Ranges overlap: [3.0.0,3.1.1),(,2.3.4)') Traceback (most recent...
Today, the VulnerabilityReference model is entirely tied to the Vulnerability model and not reusable. We need to design improved references to support exploits and enhance the way we handle references...