Search: [vulnerabilities]

Thu 02 Dec 2021 03:58:23 PM PST

Community driven open database of vulnerability exploitation in the wild. We believe that exploitation information is about safety and it should be easy to access and not be behind paywalls. Get alerts on new reports of exploitation via RSS, Twitter, grab our docker image, the hourly database exports or get the full exploited list in the API.

CVE https://cve.mitre.org/

Mon 26 Jul 2021 01:41:27 PM PDT

The mission of the CVE Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.

GitHub - roottusk/vapi: vAPI is a Vulnerable Adversely Programmed Interface which is Self-Hostable PHP Interface that demonstrates OWASP API Top 10 in the means of Exercises. https://github.com/roottusk/vapi

Thu 10 Sep 2020 06:58:33 PM PDT

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable PHP Interface that demonstrates OWASP API Top 10 in the means of Exercises. Requires PHP, Apache, MySQL, and probably a man-in-the-middle proxy.

securego/gosec: Golang security checker https://github.com/securego/gosec

Mon 10 Sep 2018 11:09:06 AM PDT

Static security analyzer for Golang code. Checks against the Golang AST. Tries to verify some best practices (no hardcoded credentials, listening on 0.0.0.0 by default, things like that. Has all of the usual CLI options you'd hope it has.

cve-search http://cve-search.org/

Sun 15 Apr 2018 11:11:55 PM PDT

Toolset to perform local searches for known vulnerabilities in the CVE database. Set up your own mirror or use their public API or RSS feed to run arbitrary searches.

F/OSS software that you can download, install, and use to set up your own mirror. Uses MongoDB, but nobody's perfect.

Maybe I can write a search plugin for Searx?

Exploits Database by Offensive Security http://www.exploit-db.com/

Tue 20 Mar 2018 01:44:32 AM PDT

Offensive Security Training has taken over where Milw0rm left off in their archival of live exploits, vulnerability descriptions, attacks, and whitepapers.

NVD - Home https://nvd.nist.gov/

Tue 20 Mar 2018 12:03:00 AM PDT

National Vulnerability Database.

coreos/clair: Vulnerability Static Analysis for Containers https://github.com/coreos/clair

Mon 19 Mar 2018 11:38:07 PM PDT

Clair is a FOSS utility for conducting static security analysis of Linux containers, Docker containers in particular. Clair continually updates its internal index of known vulnerabilities so it can keep constant watch over what it monitors. Has a modular architecture to make it easier to extend the project without having to fork() it. Also designed to fit into a CI/CD pipeline to monitor in-house containers as they're built. Plugs into Kubernetes. Requires Postgres. Written in Go. sysadmin infosec scanner scanning

Links per page

Filters