vulnerablecode
vulnerablecode copied to clipboard
nexB
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase...
See https://issuetracker.google.com/issues?q=status:open componentid:1836411&s=created_time:desc
Various AboutCode applications (such as DejaCode) depend (or will depend) on the Risk value calculated by VulnerableCode. The details of that calculation, both the how and the why, need to...
See: - https://github.com/ossf/malicious-packages/tree/main/osv/malicious
See https://zenodo.org/records/7029359 and https://github.com/secureIT-project/CVEfix
### Solution: How to collect fix commits? There are many ways listed in this issue by @elanzini and inputs from @copernico: - https://github.com/aboutcode-org/vulnerablecode/issues/207#issue-642333849 I would reformulate the sources as 1....
We should support tracking fix commits explicitly to support next steps with reachability analysis. At a high level we need these: - [x] https://github.com/aboutcode-org/vulnerablecode/issues/207 - [x] https://github.com/aboutcode-org/vulnerablecode/issues/1696 Somme issues that...
We should have a code pipeline and models to continuously automatically collect commits and patches that introduce or fix a vulnerability to support reachability analysis. There is already some base...
> IMO we should treat fix commit data as advisory, but special advisory. As brought up by @keshav-space we can accomodate the changes in impacted package data model as well....
Vulnerable Code version: 36.1.3, v36.1.1 and possibly all others System: OpenShift Hi team, I have noticed recently that our NVD importer is not working anymore, it gives me this error:...
