github / advisory-databaseLinks
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
☆1,957Updated this week
Alternatives and similar repositories for advisory-database
Users that are interested in advisory-database are comparing it to the libraries listed below
Sorting:
- Pilot program for CVE submission through GitHub. CVE Record Submission via Pilot PRs ending 6/30/2023☆1,489Updated 3 months ago
- Open source vulnerability DB and triage service.☆1,979Updated this week
- Global Security Database☆317Updated last year
- Open Source Package Analysis☆841Updated 4 months ago
- This repository is used for the development of the CVE JSON record format. Releases of the CVE JSON record format will also be published …☆348Updated last week
- CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security☆8,706Updated this week
- Binaries for the CodeQL CLI☆872Updated last week
- GitHub App to set and enforce security policies☆1,357Updated last week
- Actions for running CodeQL analysis☆1,342Updated last week
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,402Updated last week
- An extension for Visual Studio Code that adds rich language support for CodeQL☆470Updated this week
- A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.☆1,571Updated 3 years ago
- Supply-chain Levels for Software Artifacts☆1,717Updated last week
- Starter workspace to use with the CodeQL extension for Visual Studio Code.☆544Updated last week
- CVE cache of the official CVE List in CVE JSON 5 format☆2,228Updated this week
- OpenSSF Scorecard - Security health metrics for Open Source☆5,053Updated this week
- The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnera…☆1,499Updated last week
- A community sourced list of log4j-affected software☆1,127Updated 2 years ago
- The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.☆1,870Updated last week
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆423Updated this week
- Open Source Vulnerability schema.☆206Updated last week
- OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for …☆1,163Updated last week
- A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby☆869Updated this week
- The CodeQL extractor and libraries for Go.☆465Updated 2 years ago
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆975Updated this week
- Paranoid's library contains implementations of checks for well known weaknesses on cryptographic artifacts.☆795Updated 2 months ago
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆578Updated 5 months ago
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆851Updated 2 years ago
- This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.☆929Updated last week
- ClusterFuzzLite - Simple continuous fuzzing that runs in CI.☆498Updated 9 months ago