vulnerablecode
vulnerablecode copied to clipboard
nexB
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase...
We need to decide what we want to do wrt. licenses for data. See https://cve.mitre.org/about/termsofuse.html for instance for the CVE/NVD. There are a few ways to think about this: 1....
https://git.launchpad.net/ubuntu-cve-tracker has some possibly interesting data in Deb822 format (that debian-inspector can parse nicely) See https://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2007-1923 It is not clear if this is supplementary and valuable data though we reference...
See https://errata.almalinux.org/ There is no license declaration. This is some JS app and there is one big JSON with everything on it at https://errata.almalinux.org/8/errata.json
This is a RH derivative (following CentOS changes) see https://rockylinux.org https://errata.rockylinux.org/ has the list ... same look as Alma linux #750 but different API https://errata.rockylinux.org/api/advisories and https://errata.rockylinux.org/api/advisories/RLSA-2022:2199
https://www.redhat.com/security/data/oval/ http://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml https://www.redhat.com/security/data/metrics/ See also the API such as at https://access.redhat.com/hydra/rest/securitydata/cvrf.json https://access.redhat.com/documentation/en-us/red_hat_security_data_api/1.0/html/red_hat_security_data_api/index and https://access.redhat.com/articles/221883
https://github.com/vmware/photon/wiki/Security-Advisories See also: - JSON https://packages.vmware.com/photon/photon_cve_metadata/ - and Oval https://packages.vmware.com/photon/photon_oval_definitions/
See https://github.com/microsoft/CBL-MarinerVulnerabilityData This comes as a big oval dataset under an MIT license https://github.com/microsoft/CBL-Mariner is a Linux distro running on Azure
See https://github.com/golang/vulndb/blob/master/reports/ This is a follow up from #466
This is a placeholder to put a proper roadmap here We have some elements there in SCTK as an example https://github.com/nexB/scancode-toolkit/blob/develop/ROADMAP.rst And the goal of this issue is to create...