AppThreat's vulnerability database and package search library with a built-in file based storage. OSV, CVE, GitHub, npm are the primary sources of vulnerabilities.

Navigation

Verified details

These details have been verified by PyPI
Owner

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers
Report project as malware

Project description

Introduction

This repo is a vulnerability database and package search for sources such as Aqua Security vuln-list, OSV, NVD, GitHub, and NPM. Vulnerability data are downloaded from the sources and stored in a custom file based storage with indexes to allow offline access and quick searches.

Vulnerability Data sources

  • Linux vuln-list (Forked from AquaSecurity)
  • OSV
  • NVD
  • GitHub
  • NPM

Linux distros

  • AlmaLinux
  • Debian
  • Alpine
  • Amazon Linux
  • Arch Linux
  • RHEL/CentOS
  • Rocky Linux
  • Ubuntu
  • OpenSUSE/SLES
  • Photon

Installation

pip install appthreat-vulnerability-db

Usage

This package is ideal as a library for managing vulnerabilities. This is used by dep-scan, a free open-source dependency audit tool. However, there is a limited cli capability available with few features to test this tool directly.

Download pre-built database

Use the ORAS cli to download a pre-built database containing all application and OS vulnerabilities.

export VDB_HOME=$HOME/vdb
oras pull ghcr.io/ngcloudsec/vdb:v1 -o $VDB_HOME

Cache vulnerability data

Cache application vulnerabilities

vdb --cache

Typical size of this database is over 1.1 GB.

Cache application and OS vulnerabilities

vdb --cache-os

Note the size of the database with OS vulnerabilities is over 3.1 GB.

Cache from just OSV

vdb --cache --only-osv

It is possible to customise the cache behaviour by increasing the historic data period to cache by setting the following environment variables.

  • NVD_START_YEAR - Default: 2018. Supports upto 2002
  • GITHUB_PAGE_COUNT - Default: 2. Supports upto 20

Periodic sync

To periodically sync the latest vulnerabilities and update the database cache.

vdb --sync

Basic search

It is possible to perform simple search using the cli.

vdb --search android:8.0

vdb --search google:android:8.0

vdb --search android:8.0,simplesamlphp:1.14.11

Syntax is package:version,package:version or vendor : package : version (Without space)

Project details

Verified details

These details have been verified by PyPI
Owner

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

6.6.1

6.6.0

6.5.1

6.5.0

6.4.4

6.4.3

6.4.2

6.4.1

6.4.0

6.3.1

6.3.0

6.2.3

6.2.2

6.2.1

6.2.0

6.1.1

6.1.0

6.0.14

6.0.13

6.0.12

6.0.11

6.0.10

6.0.9

6.0.8

6.0.7

6.0.6

6.0.5

6.0.4

6.0.3

6.0.2

6.0.1

6.0.0

6.0.0rc3 pre-release

6.0.0rc2 pre-release

5.8.2

5.8.1

5.8.0

5.7.8

5.7.7

5.7.6

5.7.5

5.7.4

5.7.3

5.7.1

5.7.0

5.6.8

5.6.7

5.6.6

5.6.4

5.6.3

5.6.2

5.6.1

5.6.0

5.5.10

5.5.9

5.5.8

5.5.7

5.5.6

5.5.5

5.5.4

5.5.3

5.5.2

5.5.1

5.5.0

5.5.0b1 pre-release

5.4.3

5.4.2

5.4.1

5.4.0

5.2.5

5.2.4

5.2.3

5.2.2

5.2.1

5.2.1a0 pre-release

5.2.0

5.1.4

5.1.3

5.1.2

5.1.1

5.1.0

5.0.4

5.0.3

5.0.2

5.0.1

5.0.0

4.3.1

4.3.0

4.2.1

4.2.0

4.1.12

4.1.11

This version

4.1.10

4.1.9

4.1.8

4.1.7

4.1.6

4.1.5

4.1.4

4.1.3

4.1.2

4.1.1

4.1.0

4.0.7

4.0.6

4.0.5

4.0.4

4.0.3

4.0.2

4.0.1

4.0.0

3.0.2

3.0.1

3.0.0

2.1.0

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

1.7.2

1.7.1

1.7.0

1.6.11

1.6.10

1.6.9

1.6.8

1.6.7

1.6.6

1.6.5

1.6.4

1.6.3

1.6.2

1.6.1

1.6.0

1.5.2

1.5.1

1.5.0

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.7

1.3.6

1.3.5

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

1.2.4

1.2.3

1.2.2

1.2.1

1.2.0

1.1.3

1.1.2

1.1.1

1.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

appthreat-vulnerability-db-4.1.10.tar.gz (39.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

appthreat_vulnerability_db-4.1.10-py3-none-any.whl (47.2 kB view details)

Uploaded Python 3

File details

Details for the file appthreat-vulnerability-db-4.1.10.tar.gz.

File metadata

File hashes

Hashes for appthreat-vulnerability-db-4.1.10.tar.gz
Algorithm Hash digest
SHA256 a3805296338fac1b236412f5838b060fcd8d07604ba6d431202bedb26d38e070
MD5 363e8d5a2132f93d0f3a13e1ae5a682e
BLAKE2b-256 7fb2c8bef4ef9297245f4d22ee27b6221e5680617335b2680b14b2aeadf2c89e

See more details on using hashes here.

File details

Details for the file appthreat_vulnerability_db-4.1.10-py3-none-any.whl.

File metadata

File hashes

Hashes for appthreat_vulnerability_db-4.1.10-py3-none-any.whl
Algorithm Hash digest
SHA256 848f32ea2b7d5fe44ecf1255467905a13d4c442e304a9d6a27197f73304e87b8
MD5 4da90e182dab97ab90586457c685a7e2
BLAKE2b-256 134d1b01cc6a0cae442460817fad7a560ce68642d540c9286e128891c4472a41

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page