vulnerability-lookup/vulnerability-lookup

mirror of https://github.com/cve-search/vulnerability-lookup.git synced 2024-12-28 08:21:34 +00:00

Vulnerability Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD).

cvd cvd-policy cve vulnerability-databases

Find a file

Cédric Bonhomme 7c2923999d Some checks failed CodeQL / Analyze (push) Has been cancelled Details Deploy Jekyll with GitHub Pages dependencies preinstalled / build (push) Has been cancelled Details MyPy / Python 3.10 sample (push) Has been cancelled Details MyPy / Python 3.11 sample (push) Has been cancelled Details MyPy / Python 3.12 sample (push) Has been cancelled Details API Test / Python 3.10 sample (push) Has been cancelled Details API Test / Python 3.11 sample (push) Has been cancelled Details API Test / Python 3.12 sample (push) Has been cancelled Details API Test / Python 3.13 sample (push) Has been cancelled Details Models Tests / Python 3.10 sample (push) Has been cancelled Details Models Tests / Python 3.11 sample (push) Has been cancelled Details Models Tests / Python 3.12 sample (push) Has been cancelled Details Deploy Jekyll with GitHub Pages dependencies preinstalled / deploy (push) Has been cancelled Details chg: [models] The UUID of the author of a bundle and of a comment is now dumped as json.		2024-12-23 22:59:03 +01:00
.github	chg: [gh workflow] copy the default stream.json file for the Pub/Sub service (not mandatory)	2024-12-09 22:07:24 +01:00
bin	new: Vulnrichment importer (as meta for CVE)	2024-12-16 15:54:58 +01:00
cache	chg: Bump deps, add support for valkey, new kvrocks	2024-05-13 11:28:57 +02:00
config	Merge branch 'main' into pubsub	2024-12-09 22:02:14 +01:00
docs	chg: [documentation] Improved documentation related to the feeds.	2024-12-22 17:52:20 +01:00
etc	new: Use generic framework	2023-05-16 16:53:37 +02:00
logs	updated .gitignore	2024-07-03 13:21:27 +02:00
storage	chg: Bump kvrocks config, support docker.	2024-12-09 14:35:59 +01:00
tests	chg: [website] Returns a HTTP code 409 on duplicate sightings.	2024-11-19 09:35:37 +01:00
tools	add vulnerability-lookup.nse script, works similar to vulners.nse but uses the CIRCL https://vulnerability.circl.lu/api/ service	2024-12-19 15:33:35 +01:00
vulnerabilitylookup	chg: [format] new vulnerability-lookup: container for enrichment metada such as sightings, comments, bundles, and meta used in the API (/vulnerability endpoint). The impacted vulnerability_templates.html template has been udated appropriately.	2024-12-18 15:57:26 +01:00
website	chg: [models] The UUID of the author of a bundle and of a comment is now dumped as json.	2024-12-23 22:59:03 +01:00
.editorconfig	chg: [website] Added more comments and cleaned code.	2024-07-09 13:52:32 +02:00
.gitignore	chg: Updated .gitignore to ingore /data	2024-09-18 12:08:58 +02:00
.gitmodules	new: Vulnrichment importer (as meta for CVE)	2024-12-16 15:54:58 +01:00
.pre-commit-config.yaml	chg: harmonized indentation in pre-commit.yaml file.	2024-07-16 10:36:06 +02:00
.readthedocs.yaml	chg: [documentation] Added .readthedocs.yaml	2024-04-26 00:12:56 +02:00
AUTHORS	chg: [documentation] Updated documentation.	2024-07-16 09:37:56 +02:00
CHANGELOG.md	chg: [RELEASE] Updated CHANGELOG.	2024-12-17 09:43:58 +01:00
CODE_OF_CONDUCT.md	chg: [configuration] Skip validation of web service config if not able to load reference configuration.	2024-07-29 10:20:28 +02:00
LICENSE.md	new: [LICENSE] AGPL because AGPL	2023-05-01 17:04:02 +02:00
mypy.ini	new: CWE and CAPEC importers	2024-12-09 21:17:12 +01:00
new_source.md	new: Notes for adding a new source	2024-12-09 12:56:34 +01:00
poetry.lock	chg: Updaed dependencies and CHANGELOG.	2024-12-16 11:05:13 +01:00
pyproject.toml	chg: [RELEASE] Bumped version number.	2024-12-17 09:39:37 +01:00
README.md	chg: [RELEASE] Bumped version number.	2024-12-17 09:39:37 +01:00
SECURITY.md	chg: [documentation] Added SECURITY.md file and CHANGELOG.md file in order to simply list notables changes between releases.	2024-07-22 16:07:55 +02:00

README.md

Vulnerability-Lookup

Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD). Vulnerability-Lookup is also a collaborative platform where users can comment on security advisories and create bundles.

A Vulnerability-Lookup instance operated by CIRCL is available at https://vulnerability.circl.lu.

Features

API: A comprehensive and fast lookup API for searching vulnerabilities and identifying correlations by vulnerability identifier.
Feeders: Modular system to import vulnerabilities from different sources.
CVD process: Creation, edition and fork/copy of Security Advisories with the vulnogram editor. Support of local vulnerability source per Vulnerability-Lookup instance.
Sightings: Users have the possibility to add observations to vulnerabilities with different types of sightings, such as: seen, exploited, not exploited, confirmed, not confirmed, patched, and not patched.
Comments: Ability to add, review and share comments on vulnerability advisories.
Bundles: Possibility to create bundles of vulnerability advisories with a description.
RSS/Atom: An extensive RSS and Atom support for vulnerabilities and comments.
EPSS: Integration of the Exploit Prediction Scoring System.

The official documentation is available here.

Sources and Feeders

CISA Known exploited vulnerability DB (via HTTP).
NIST NVD CVE importer (via API 2.0).
CVEProject - cvelist (via git submodule repository).
Cloud Security Alliance - GSD-Database (via git submodule repository).
GitHub Advisory Database (via git submodule repository).
PySec Advisory Database (via git submodule repository).
OpenSSF Malicious Packages (via git submodule repository)
Additional sources via CSAF including CERT-Bund, CISA, Cisco, nozominetworks, Open-Xchange, Red Hat, Sick, Siemens, NCSC-NL.
VARIoT IoT vulnerabilities database.
JVN iPedia, Japan database of vulnerability countermeasure information.
Tailscale security bulletins.
CWE (Common Weakness Enumeration) and CAPEC (Common Attack Pattern Enumeration and Classification)

Sighting Sources

Vulnerability-Lookup facilitates the recording of vulnerability sightings, regardless of whether they have been published by a source. A suite of sighting clients is already available to support this functionality:

Fediverse - A sighting client to gather vulnerability-related information from the Fediverse
MISP - A sighting client that retrieves vulnerability observations from a MISP server and pushes them to a Vulnerability-Lookup instance
Nuclei - A sighting client designed to retrieve vulnerability-related information from the Nuclei Git repository of templates.
Exploit-DB - A client that retrieves vulnerability observations from Exploit-DB and pushes them to a Vulnerability-Lookup instance
CISA KEV - Known Exploited Vulnerabilities (KEV) catalog
RSS - Newspipe is a web news aggregator capable to detect various types of security advisories within articles.

If you want to create your own sigthing tool, it's recommended to use PyVulnerabilityLookup, a Python library to access Vulnerability-Lookup via its REST API.

Installation

Requirements

Recent version of Python 3.10
Recent version of Poetry
Kvrocks database

Installation instructions are available in the documentation.

Architecture

License

Vulnerability-Lookup is free software released under the "GNU Affero General Public License v3.0".

Copyright (c) 2023-2024 Computer Incident Response Center Luxembourg (CIRCL)
Copyright (c) 2023-2024 Alexandre Dulaunoy - https://github.com/adulau
Copyright (c) 2023-2024 Raphaël Vinot - https://github.com/Rafiot
Copyright (c) 2024 Cédric Bonhomme - https://github.com/cedricbonhomme