GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → AppThreat → vulnerability-db

AppThreat / vulnerability-db

Licence: MIT license
Vulnerability database and package search for sources such as OSV, NVD, GitHub and npm.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

clicvenvdvulnerability-detectionscavulnerability-database

Projects that are alternatives of or similar to vulnerability-db

vulnerablecode
A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
Stars: ✭ 269 (+647.22%)
Mutual labels:  cve, vulnerability-detection, vulnerability-database
fabric8-analytics-vscode-extension
Red Hat Dependency Analytics extension
Stars: ✭ 125 (+247.22%)
Mutual labels:  cve, nvd
patton-cli
The knife of the Admin & Security auditor
Stars: ✭ 42 (+16.67%)
Mutual labels:  cve, vulnerability-detection
Bootstomp
BootStomp: a bootloader vulnerability finder
Stars: ✭ 303 (+741.67%)
Mutual labels:  cve, vulnerability-detection
Hellraiser
Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.
Stars: ✭ 413 (+1047.22%)
Mutual labels:  cve, vulnerability-detection
dep-scan
Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!
Stars: ✭ 346 (+861.11%)
Mutual labels:  cve, sca
Vfeed
The Correlated CVE Vulnerability And Threat Intelligence Database API
Stars: ✭ 826 (+2194.44%)
Mutual labels:  cve, vulnerability-detection
Cve Search
cve-search - a tool to perform local searches for known vulnerabilities
Stars: ✭ 1,765 (+4802.78%)
Mutual labels:  cve, vulnerability-detection
Patrowlhears
PatrowlHears - Vulnerability Intelligence Center / Exploits
Stars: ✭ 89 (+147.22%)
Mutual labels:  cve, vulnerability-detection
vulndb-data-mirror
A simple Java command-line utility to mirror the entire contents of VulnDB.
Stars: ✭ 36 (+0%)
Mutual labels:  cve, sca
Vulnogram
Vulnogram is a tool for creating and editing CVE information in CVE JSON format
Stars: ✭ 103 (+186.11%)
Mutual labels:  cve, nvd
pwn-pulse
Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)
Stars: ✭ 126 (+250%)
Mutual labels:  cve
CVE-2021-27928
CVE-2021-27928 MariaDB/MySQL-'wsrep provider' 命令注入漏洞
Stars: ✭ 53 (+47.22%)
Mutual labels:  cve
dirtycow
radare2 IO plugin for Linux and Android. Modifies files owned by other users via dirtycow Copy-On-Write cache vulnerability
Stars: ✭ 93 (+158.33%)
Mutual labels:  cve
CVE-2019-8449
CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4
Stars: ✭ 66 (+83.33%)
Mutual labels:  cve
minecraft-log4j-honeypot
Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam
Stars: ✭ 89 (+147.22%)
Mutual labels:  cve
PyParser-CVE
Multi source CVE/exploit parser.
Stars: ✭ 25 (-30.56%)
Mutual labels:  cve
Vehicle-Security-Toolkit
汽车/安卓/固件/代码安全测试工具集
Stars: ✭ 367 (+919.44%)
Mutual labels:  cve
Bugs-feed
Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...
Stars: ✭ 90 (+150%)
Mutual labels:  cve
cvss-calculator
A Java library for calculating CVSSv2 and CVSSv3 scores and vectors
Stars: ✭ 27 (-25%)
Mutual labels:  nvd
View All Similar Projects ➔

Introduction

This repo is a vulnerability database and package search for sources such as OSV, NVD, GitHub, and NPM. Vulnerability data are downloaded from the sources and stored in a custom file based storage with indexes to allow offline access and quick searches.

Installation

pip install appthreat-vulnerability-db

Usage

This package is ideal as a library for managing vulnerabilities. This is used by dep-scan, a free open-source dependency audit tool. However, there is a limited cli capability available with few features to test this tool directly.

Cache vulnerability data

Cache from all sources

vdb --cache

Cache from just OSV

vdb --cache --only-osv

It is possible to customise the cache behaviour by increasing the historic data period to cache by setting the following environment variables.

  • NVD_START_YEAR - Default: 2016. Supports upto 2002
  • GITHUB_PAGE_COUNT - Default: 5. Supports upto 20

Periodic sync

To periodically sync the latest vulnerabilities and update the database cache.

vdb --sync

Basic search

It is possible to perform simple search using the cli.

vdb --search android:8.0

vdb --search google:android:8.0

vdb --search android:8.0,simplesamlphp:1.14.11

Syntax is package:version,package:version or vendor : package : version (Without space)

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].