github / advisory-database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
☆1,865Updated this week
Alternatives and similar repositories for advisory-database:
Users that are interested in advisory-database are comparing it to the libraries listed below
- OpenSSF Scorecard - Security health metrics for Open Source☆4,878Updated this week
- CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security☆8,270Updated this week
- GitHub App to set and enforce security policies☆1,302Updated this week
- Binaries for the CodeQL CLI☆813Updated last week
- Open source vulnerability DB and triage service.☆1,838Updated last week
- Actions for running CodeQL analysis☆1,257Updated this week
- Pilot program for CVE submission through GitHub. CVE Record Submission via Pilot PRs ending 6/30/2023☆1,463Updated this week
- Vulnerability scanner written in Go which uses the data provided by https://osv.dev☆7,376Updated last week
- Resources related to GitHub Security Lab☆1,465Updated 4 months ago
- OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for …☆1,105Updated this week
- Open Source Package Analysis☆833Updated 3 weeks ago
- Starter workspace to use with the CodeQL extension for Visual Studio Code.☆521Updated last week
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆903Updated this week
- Global Security Database☆318Updated last year
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆839Updated last year
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,355Updated this week
- This repository is used for the development of the CVE JSON record format. Releases of the CVE JSON record format will also be published …☆316Updated last month
- An extension for Visual Studio Code that adds rich language support for CodeQL☆453Updated last week
- DevSecOps, ASPM, Vulnerability Management. All on one platform.☆3,992Updated this week
- NVD, Ubuntu, Alpine☆428Updated this week
- ClusterFuzzLite - Simple continuous fuzzing that runs in CI.☆481Updated 5 months ago
- Helping allocate resources to secure the critical open source projects we all depend on.☆352Updated 6 months ago
- Supply-chain Levels for Software Artifacts☆1,663Updated this week
- A community sourced list of log4j-affected software☆1,125Updated 2 years ago
- Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…☆3,006Updated this week
- Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own in…☆3,685Updated this week
- A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.☆1,567Updated 2 years ago
- OpenSSF Security Tooling Working Group☆309Updated 11 months ago
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆733Updated last week
- Find regular expressions which are vulnerable to ReDoS (Regular Expression Denial of Service)☆804Updated last year