of course, you can clone/fork the repository as you want.
cedric
joined 4 years ago
We released version 1.5.0 of the Vulnerability Lookup project! π (https://github.com/cve-search/vulnerability-lookup/)
This update brings significant new features, improvements, and fixes.
π Notable Changes
We've integrated the Japan Database of Vulnerability Countermeasure Information (JVN DB), correlating security advisories from multiple sources (including NVD, GitHub, and CSAF, etc.) already available in Vulnerability Lookup.
You can now assign tags to comments directly on the website. These tags are stored in the comment's meta field and utilize the MISP Project taxonomy for vulnerabilities. Explore the taxonomy here.
We've enhanced the API to allow users to filter comments and bundles based on data available in the meta JSON field of the objects. This paves the way for leveraging more taxonomies in the future.
More details in the release notes.
Thank you very much to all the contributors and testers! π
As always, feel free to create an account on the main instance operated by CIRCL.
We eagerly await your contributions! π
Release 1.3.0 (26-07-2024)
Improvements
- Vulnerability Details Page Enhancements: We've significantly enhanced the vulnerabilities details page. It now presents more relevant information and the layout has been substantially improved for a better user experience.
- API Enhancements: Various improvements have been made to the API for better performance and functionality.
- UI Enhancements: Edition/action buttons are now hidden when not logged in (#57).
- Importer Improvements: Enhancements have been made to various importers (37d3a6d).
Fixes
- Custom Vulnerability Display Bug: Fixed an issue where custom vulnerabilities were not displayed correctly (#58).
- New Vulnerability Creation Issue: Resolved the problem where new vulnerabilities couldn't be created without a CVE number (#56).
- Webservice Sorting Fix: Fixed the sorting issue of contributors versus users (46195d1).
- Minor Fixes: Various minor fixes have been implemented to improve overall stability and performance.
And do not hesitate to create an account to contribute and share your thoughts on the security advisories: https://vulnerability.circl.lu
Funding
The NGSOTI project is dedicated to training the next generation of Security Operation Center (SOC) operators, focusing on the human aspect of cybersecurity. It underscores the significance of providing SOC operators with the necessary skills and open-source tools to address challenges such as detection engineering, incident response, and threat intelligence analysis. Involving key partners such as CIRCL, Restena, Tenzir, and the University of Luxembourg, the project aims to establish a real operational infrastructure for practical training. This initiative integrates academic curricula with industry insights, offering hands-on experience in cyber ranges.
vulnerability-lookup is co-funded by CIRCL and by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or ECCC. Neither the European Union nor the granting authority can be held responsible for them.
view more: next βΊ
hello,
Thank you very much for your reply and the information. I'll have a look at your links.
Actually, I am simply looking for various information about vulnerabilities. The goal is not to find announcements of vulnerabilities. This is part of the "Vulnerability Lookup" project: https://vulnerability.circl.lu/ where we gather "sightings": https://vulnerability.circl.lu/sightings
A sighting can have various sources such as: GitHub Gist, Pastebin, Fediverse, Telegram channels, etc. So yes... here my questions is about sightings from the Fediverse. For now I am happy with this simple tool to monitor the Fediverse: https://github.com/CIRCL/FediVuln
It is able to find status related to security vulnerabilities and generate sightings in our "Vulnerability Lookup" project. That's it ;-)
thank you !