cve-search is a vulnerability search engine and database manager designed to index, synchronize, and query CVE and CPE security vulnerability data. It functions as a security data warehouse that imports vulnerability feeds into a local database to enable fast, keyword-based discovery of security flaws. The project provides a web-based vulnerability browser and a programmatic JSON API for retrieving records and risk scores. It utilizes full-text indexing for vulnerability descriptions and implements an identity-verified security portal using the OpenID Connect standard for user authentication.
Dependency-Track is a software composition analysis tool and vulnerability management system designed to track dependencies and supply chain risk. It functions as a platform for ingesting and analyzing CycloneDX software bills of materials to identify known vulnerabilities and license compliance issues within third-party software components. The system distinguishes itself by mirroring external vulnerability databases locally to enable fast offline analysis and using VEX documents to differentiate between technical vulnerabilities and actual contextual risks. It also integrates with identity
The advisory database is a centralized repository and intelligence platform designed to aggregate, normalize, and track security vulnerability data across diverse open source software ecosystems. It functions as a unified source of truth for security advisories, providing machine-readable records that help developers and automated tools identify and manage threats within their software supply chains. The platform distinguishes itself by utilizing a version-controlled, git-based storage model that relies on pull-request-driven workflows for community curation and verification. By enforcing a s
WPScan is a security analysis utility and vulnerability scanner designed specifically for auditing WordPress installations and other content management systems. It functions as a web application security tool that identifies misconfigurations, outdated software, and security holes in core installations, plugins, and themes. The tool employs black-box scanning techniques to perform site component enumeration, identifying users, themes, and plugins by matching known file paths and response signatures. It matches these detected components against a database of known security flaws to analyze the
OSV is a distributed database and aggregator of open-source security advisories that uses a standardized vulnerability schema to track security flaws. It functions as a system for collecting and normalizing security data from diverse ecosystems into a single unified format, providing a web API for querying package vulnerabilities and submitting standardized records.
Die Hauptfunktionen von google/osv.dev sind: Vulnerability Aggregators, Ecosystem Normalizers, Dataset Distribution Services, Data Normalization, Schema-Driven Data Normalizers, External Data Ingestion, Vulnerability Detail Retrievals, CVE Vulnerability Search Engines.
Open-Source-Alternativen zu google/osv.dev sind unter anderem: cve-search/cve-search — cve-search is a vulnerability search engine and database manager designed to index, synchronize, and query CVE and CPE… dependencytrack/dependency-track — Dependency-Track is a software composition analysis tool and vulnerability management system designed to track… github/advisory-database — The advisory database is a centralized repository and intelligence platform designed to aggregate, normalize, and… wpscanteam/wpscan — WPScan is a security analysis utility and vulnerability scanner designed specifically for auditing WordPress… future-architect/vuls — Vuls is an agentless vulnerability scanner and CVE intelligence aggregator. It identifies security flaws in operating… strozfriedberg/windows-exploit-suggester — Windows-Exploit-Suggester is a security analysis tool designed to audit patch levels and identify vulnerabilities on…