github / advisory-database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
☆1,709Updated this week
Related projects: ⓘ
- Open source vulnerability DB and triage service.☆1,488Updated this week
- Pilot program for CVE submission through GitHub. CVE Record Submission via Pilot PRs ending 6/30/2023☆1,313Updated this week
- Open Source Package Analysis☆721Updated last week
- Global Security Database☆305Updated 4 months ago
- CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security☆7,521Updated this week
- Resources related to GitHub Security Lab☆1,392Updated last month
- Binaries for the CodeQL CLI☆738Updated this week
- An extension for Visual Studio Code that adds rich language support for CodeQL☆419Updated this week
- A community sourced list of log4j-affected software☆1,118Updated last year
- Vulnerability scanner written in Go which uses the data provided by https://osv.dev☆6,117Updated this week
- Semgrep rules registry☆772Updated this week
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,257Updated this week
- Granular, Actionable Adversary Emulation for the Cloud☆1,750Updated this week
- GitHub App to set and enforce security policies☆1,240Updated this week
- A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.☆1,561Updated 2 years ago
- OpenSSF Scorecard - Security health metrics for Open Source☆4,404Updated this week
- Gather and update all available and newest CVEs with their PoC.☆6,452Updated this week
- CVE cache of the official CVE List in CVE JSON 5 format☆705Updated this week
- This repository is used for the development of the CVE JSON record format. Releases of the CVE JSON record format will also be published …☆245Updated last month
- Supply-chain Levels for Software Artifacts☆1,521Updated this week
- ClusterFuzzLite - Simple continuous fuzzing that runs in CI.☆454Updated 3 months ago
- Actions for running CodeQL analysis☆1,134Updated this week
- An OOB interaction gathering server and client library☆3,322Updated this week
- Starter workspace to use with the CodeQL extension for Visual Studio Code.☆480Updated last week
- The CodeQL extractor and libraries for Go.☆464Updated last year
- CLI tool and library for generating a Software Bill of Materials from container images and filesystems☆6,015Updated this week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆790Updated last year
- API Security Project aims to present unique attack & defense methods in API Security field☆1,335Updated 6 months ago
- RedEye is a visual analytic tool supporting Red & Blue Team operations☆2,647Updated 10 months ago
- A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby☆675Updated 3 weeks ago