github / advisory-databaseLinks
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
☆2,019Updated this week
Alternatives and similar repositories for advisory-database
Users that are interested in advisory-database are comparing it to the libraries listed below
Sorting:
- Open source vulnerability DB and triage service.☆2,338Updated last week
- Open Source Package Analysis☆853Updated 6 months ago
- Binaries for the CodeQL CLI☆885Updated last week
- CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security☆8,859Updated this week
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆1,001Updated last week
- Global Security Database☆314Updated last year
- A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.☆1,573Updated 3 years ago
- Resources related to GitHub Security Lab☆1,538Updated 2 weeks ago
- Actions for running CodeQL analysis☆1,394Updated this week
- Supply-chain Levels for Software Artifacts☆1,742Updated this week
- An extension for Visual Studio Code that adds rich language support for CodeQL☆479Updated last week
- OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for …☆1,172Updated 2 weeks ago
- This repository is used for the development of the CVE JSON record format. Releases of the CVE JSON record format will also be published …☆363Updated 3 weeks ago
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆845Updated last week
- Starter workspace to use with the CodeQL extension for Visual Studio Code.☆553Updated last week
- GitHub App to set and enforce security policies☆1,363Updated last week
- CVE cache of the official CVE List in CVE JSON 5 format☆2,278Updated this week
- A community sourced list of log4j-affected software☆1,124Updated 2 years ago
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆852Updated 2 years ago
- The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.☆1,906Updated this week
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆389Updated this week
- Modern CLI for exploring vulnerability data with powerful search, filtering, and analysis capabilities.☆2,125Updated 2 weeks ago
- NVD, Ubuntu, Alpine☆442Updated this week
- Gather and update all available and newest CVEs with their PoC.☆7,281Updated last week
- Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)☆836Updated last year
- Community curated list of templates for the nuclei engine to find security vulnerabilities.☆11,072Updated this week
- 🦄🔒 Awesome list of secrets in environment variables 🖥️☆897Updated 3 years ago
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆434Updated this week
- Quickly discover exposed hosts on the internet using multiple search engines.☆2,712Updated last week
- ClusterFuzzLite - Simple continuous fuzzing that runs in CI.☆504Updated 10 months ago