vulnerablecode
vulnerablecode copied to clipboard
nexB
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase...
### What does this PR do? - Skips OSVDB-prefixed references when processing Metasploit data - Strips "URL-" prefix from references and extracts commit links if present - Ensures commit links...
https://github.com/aboutcode-org/vulnerablecode/blob/dcb0511c73283654ab8a4ca340b71d6d9c5a16b9/vulnerabilities/pipelines/enhance_with_metasploit.py#L73 https://public.vulnerablecode.io/vulnerabilities/VCID-5drb-ng7e-aaaj?search=CVE-2013-0233 Missing a commit fix like this: **https://github.com/rails/rails/commit/26e13c3ca71cbc7859cc4c51e64f3981865985d8** ``` "references": [ "CVE-2013-0233", "OSVDB-89642", "BID-57577", "URL-http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/", "URL-http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html", "URL-https://github.com/rails/rails/commit/921a296a3390192a71abeec6d9a035cc6d1865c8", "URL-https://github.com/rails/rails/commit/26e13c3ca71cbc7859cc4c51e64f3981865985d8" ], ``` - Related issue: #1697
We are adding support for formal fix commits tracking in: - https://github.com/aboutcode-org/vulnerablecode/issues/1695 We should then collect existing fix commit datasets. Here is a running list: - [ ] @copernico project-kb...
Their readme lists adopters https://github.com/rustsec/advisory-db
This API URL is no longer valid https://github.com/nexB/vulnerablecode/blob/170c21e5af51c7308d89769b92f0c597e5e36fc9/vulnerabilities/package_managers.py#L567-L570 ```python ERROR:vulnerabilities.package_managers:Error while fetching 'https://conan.io/center/api/ui/details?name=openssl&user=_&channel=_': 404 ```
Solves #1953 and #1902 * Add PyPa live pipeline importer to fetch advisories affecting a single PURL * Add tests for PyPa live importer to test different scenarios and mock...
We have some data but we do not support handling them yet per: - https://github.com/aboutcode-org/vulnerablecode/issues/769
It would be useful to support querying or filtering by VERS or some simplified range expression representation. This is based on a discussion with @rjb4standards in: - https://github.com/package-url/vers-spec/issues/30#issuecomment-3244057088
> We should import https://github.com/CVEProject/cvelistV5/ directly and make this the true, correct data source for the CVEs. NVD should be demoted to something entirely secondary. > > Also there are...
* Add GitHub OSV Live V2 Importer * Add tests for the GitHub OSV Live V2 Importer * Tested functionally using the Live Evaluation API in #1969