Yet Another Vulnerability Database
The Free and Open Source vulnerability database.
This database aims to aggregate multiple sources of vulnerabilities for the most common package managers helping developers identify and fix know vulnerabilities in their apps.
- Ruby 2.3 or newer
gem install yavdb
- Support non semver versions
- Merge duplicates
- Scrape NVD for other package manager vulnerabilities
- Find more sources
Commands: yavdb download # Download a previously generated database from the official yavdb repository into yavdb-path. Options: p, [--yavdb-path=YAVDB-PATH] # Default: <HOME>/.yavdb/yavdb yavdb generate # Crawl several sources and generate a local database in database-path. Options: p, [--database-path=DATABASE-PATH] # Default: <PWD>/database yavdb help [COMMAND] # Describe available commands or one specific command yavdb list --package-manager=PACKAGE-MANAGER --package-name=PACKAGE-NAME # List vulnerabilities from database-path of package-name for package-manager. Options: p, [--database-path=DATABASE-PATH] # Default: <HOME>/.yavdb/yavdb/database Options: [--verbose], [--no-verbose]
After checking out the repo, run
bin/setup to install dependencies.
bundle exec rake spec to run the tests.
You can also run
bin/console for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run
bundle exec rake install.
To release a new version, update the version number in
version.rb, and then run
bundle exec rake release,
which will create a git tag for the version,
push git commits and tags, and push the
.gem file to rubygems.org.
Bug reports and pull requests are welcome on GitHub at https://github.com/rtfpessoa/yavdb. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.
Copyright (c) 2017-present Rodrigo Fernandes. See LICENSE for details.