Skip to content
Vulndb is a vulnerability database and package search for sources such as NVD, GitHub, ...
Python
Branch: master
Clone or download
Cannot retrieve the latest commit at this time.
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Setup matrix Feb 1, 2020
test Npm audit integration Feb 3, 2020
vulndb Npm audit integration Feb 3, 2020
.flake8 More progress Jan 28, 2020
.gitignore
LICENSE Initial commit Jan 20, 2020
README.md Update README.md Feb 2, 2020
pytest.ini
requirements-dev.txt More progress Jan 28, 2020
requirements.txt Temp commit Jan 31, 2020
setup.py Npm audit integration Feb 3, 2020

README.md

Introduction

Vulndb is a vulnerability database and package search for sources such as NVD, GitHub and so on. It uses a built-in file based storage to allow offline access.

Installation

pip install appthreat-vulndb

Usage

This package is ideal as a library for managing vulnerabilities. This is used by dep-scan, a free open-source dependency audit tool. However, there is a limited cli capability available with few features to test this tool directly.

Cache vulnerability data

vdb --cache

It is possible to customise the cache behaviour by increasing the historic data period to cache by setting the following environment variables.

  • NVD_START_YEAR - Default: 2016. Supports upto 2002
  • GITHUB_PAGE_COUNT - Default: 5. Supports upto 20

Periodic sync

To periodically sync the latest vulnerabilities and update the database cache.

vdb --sync

Basic search

It is possible to perform simple search using the cli.

vdb --search android:8.0

vdb --search google:android:8.0

vdb --search android:8.0,simplesamlphp:1.14.11

Syntax is package:version,package:version or vendor : package : version (Without space)

You can’t perform that action at this time.