github / advisory-database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
☆1,825Updated this week
Alternatives and similar repositories for advisory-database:
Users that are interested in advisory-database are comparing it to the libraries listed below
- Open source vulnerability DB and triage service.☆1,765Updated this week
- Pilot program for CVE submission through GitHub. CVE Record Submission via Pilot PRs ending 6/30/2023☆1,406Updated this week
- Open Source Package Analysis☆824Updated last week
- Supply-chain Levels for Software Artifacts☆1,619Updated this week
- GitHub App to set and enforce security policies☆1,290Updated this week
- Binaries for the CodeQL CLI☆793Updated last week
- OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for …☆1,071Updated this week
- Global Security Database☆315Updated 10 months ago
- An extension for Visual Studio Code that adds rich language support for CodeQL☆443Updated this week
- The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.☆1,728Updated this week
- Resources related to GitHub Security Lab☆1,452Updated 2 months ago
- Gather and update all available and newest CVEs with their PoC.☆6,795Updated this week
- This repository is used for the development of the CVE JSON record format. Releases of the CVE JSON record format will also be published …☆283Updated last week
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆549Updated last week
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆384Updated last week
- A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby☆737Updated this week
- ClusterFuzzLite - Simple continuous fuzzing that runs in CI.☆471Updated 3 months ago
- A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.☆1,568Updated 2 years ago
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆833Updated last year
- Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.☆1,104Updated last year
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,335Updated this week
- Granular, Actionable Adversary Emulation for the Cloud☆1,940Updated last week
- LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Reque…☆1,447Updated 10 months ago
- Starter workspace to use with the CodeQL extension for Visual Studio Code.☆515Updated last week
- Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…☆681Updated this week
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆645Updated this week
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆684Updated this week
- NVD, Ubuntu, Alpine☆423Updated this week
- Open Source Vulnerability schema.☆194Updated last week
- Vulnerability scanner written in Go which uses the data provided by https://osv.dev☆6,580Updated this week