6 Repos
Programmatic interfaces used to query known security vulnerabilities for software components.
Distinct from API-Specific Vulnerability Reporting: Distinct from API-Specific Vulnerability Reporting which focuses on vulnerabilities within the API itself, not using an API to find vulnerabilities in other software.
Explore 6 awesome GitHub repositories matching security & cryptography · Vulnerability Database APIs. Refine with filters or upvote what's useful.
WPScan is a security analysis utility and vulnerability scanner designed specifically for auditing WordPress installations and other content management systems. It functions as a web application security tool that identifies misconfigurations, outdated software, and security holes in core installations, plugins, and themes. The tool employs black-box scanning techniques to perform site component enumeration, identifying users, themes, and plugins by matching known file paths and response signatures. It matches these detected components against a database of known security flaws to analyze the
Provides API-based lookups to a remote security database to identify flaws in detected plugins and themes.
Faraday is a vulnerability management platform and security tool aggregator designed to centralize security findings from multiple scanners into a single dashboard. It utilizes a relational security database to catalog hosts, services, and security flaws, enabling users to track remediation and analyze organizational risk. The platform distinguishes itself through a plugin-based system that normalizes diverse security tool outputs into a unified data model. It supports deep integration with a wide array of scanners and CLI tools, intercepting shell command output or parsing report files to ag
Enables programmatic CRUD operations on vulnerability objects and the attachment of evidence files to findings.
Windows-Exploit-Suggester is a security analysis tool designed to audit patch levels and identify vulnerabilities on Windows hosts. It functions as a vulnerability scanner and patch level auditor that compares installed system hotfixes against Microsoft security bulletins to detect missing updates. The project maps these missing security updates to known public exploits and available Metasploit modules. It uses a vulnerability database interface to download and query external security bulletin data, linking specific unpatched vulnerabilities to viable exploit vectors. The tool's capabilities
Provides an interface to query external security bulletin data to determine target exploitability.
Dependency-Track is a software composition analysis tool and vulnerability management system designed to track dependencies and supply chain risk. It functions as a platform for ingesting and analyzing CycloneDX software bills of materials to identify known vulnerabilities and license compliance issues within third-party software components. The system distinguishes itself by mirroring external vulnerability databases locally to enable fast offline analysis and using VEX documents to differentiate between technical vulnerabilities and actual contextual risks. It also integrates with identity
Queries public vulnerability database APIs using Package URLs to detect known security risks.
cve-search is a vulnerability search engine and database manager designed to index, synchronize, and query CVE and CPE security vulnerability data. It functions as a security data warehouse that imports vulnerability feeds into a local database to enable fast, keyword-based discovery of security flaws. The project provides a web-based vulnerability browser and a programmatic JSON API for retrieving records and risk scores. It utilizes full-text indexing for vulnerability descriptions and implements an identity-verified security portal using the OpenID Connect standard for user authentication.
Provides a programmatic JSON API for retrieving vulnerability records and risk scores for external security platforms.
OSV is a distributed database and aggregator of open-source security advisories that uses a standardized vulnerability schema to track security flaws. It functions as a system for collecting and normalizing security data from diverse ecosystems into a single unified format, providing a web API for querying package vulnerabilities and submitting standardized records. The project distinguishes itself through a security advisory distribution service that supports bulk dataset exports via cloud storage buckets and incremental synchronization of security record updates. It also employs sandbox-bas
Offers a programmatic web interface for querying package vulnerabilities and submitting standardized security records.