AppThreat's vulnerability database and package search library with a built-in file based storage. OSV, CVE, GitHub, npm are the primary sources of vulnerabilities.

Navigation

Verified details

These details have been verified by PyPI
Owner

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Team AppThreat
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

Introduction

This repo is a vulnerability database and package search for sources such as Aqua Security vuln-list, OSV, NVD, GitHub, and NPM. Vulnerability data are downloaded from the sources and stored in a custom file based storage with indexes to allow offline access and quick searches.

Vulnerability Data sources

  • Linux vuln-list (Forked from AquaSecurity)
  • OSV (1)
  • NVD (2)
  • GitHub
  • NPM

1 - We exclude linux and oss-fuzz feeds by default. Set the environment variable OSV_INCLUDE_FUZZ to include them.

2 - We exclude hardware (h) by default. Set the environment variable NVD_EXCLUDE_TYPES to exclude additional types such as OS (o) or application (a). An empty value means include all categories. Comma separated values are allowed. Eg: o,h

Linux distros

  • AlmaLinux
  • Debian
  • Alpine
  • Amazon Linux
  • Arch Linux
  • RHEL/CentOS
  • Rocky Linux
  • Ubuntu
  • OpenSUSE/SLES
  • Photon
  • Chainguard
  • Wolfi OS

Installation

pip install appthreat-vulnerability-db

Usage

This package is ideal as a library for managing vulnerabilities. This is used by dep-scan, a free open-source dependency audit tool. However, there is a limited cli capability available with few features to test this tool directly.

Download pre-built database

Use the ORAS cli to download a pre-built database containing all application and OS vulnerabilities.

export VDB_HOME=$HOME/vdb
oras pull ghcr.io/appthreat/vdb:v5 -o $VDB_HOME

Cache vulnerability data

Cache application vulnerabilities

vdb --cache

Typical size of this database is over 1.1 GB.

Cache application and OS vulnerabilities

vdb --cache-os

Note the size of the database with OS vulnerabilities is over 3.1 GB.

Cache from just OSV

vdb --cache --only-osv

It is possible to customise the cache behaviour by increasing the historic data period to cache by setting the following environment variables.

  • NVD_START_YEAR - Default: 2018. Supports upto 2002
  • GITHUB_PAGE_COUNT - Default: 2. Supports upto 20

Periodic sync

To periodically sync the latest vulnerabilities and update the database cache.

vdb --sync

Basic search

It is possible to perform simple search using the cli.

vdb --search android:8.0

vdb --search google:android:8.0

vdb --search android:8.0,simplesamlphp:1.14.11

vdb --search pkg:pypi/xml2dict@0.2.2

Syntax is package:version,package:version or vendor : package : version (Without space)

Project details

Verified details

These details have been verified by PyPI
Owner

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Team AppThreat
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

6.6.1

6.6.0

6.5.1

6.5.0

6.4.4

6.4.3

6.4.2

6.4.1

6.4.0

6.3.1

6.3.0

6.2.3

6.2.2

6.2.1

6.2.0

6.1.1

6.1.0

6.0.14

6.0.13

6.0.12

6.0.11

6.0.10

6.0.9

6.0.8

6.0.7

6.0.6

6.0.5

6.0.4

6.0.3

6.0.2

6.0.1

6.0.0

6.0.0rc3 pre-release

6.0.0rc2 pre-release

5.8.2

5.8.1

5.8.0

5.7.8

5.7.7

5.7.6

5.7.5

5.7.4

5.7.3

5.7.1

5.7.0

5.6.8

5.6.7

5.6.6

5.6.4

5.6.3

5.6.2

5.6.1

5.6.0

5.5.10

5.5.9

5.5.8

5.5.7

5.5.6

5.5.5

5.5.4

5.5.3

5.5.2

5.5.1

5.5.0

This version

5.5.0b1 pre-release

5.4.3

5.4.2

5.4.1

5.4.0

5.2.5

5.2.4

5.2.3

5.2.2

5.2.1

5.2.1a0 pre-release

5.2.0

5.1.4

5.1.3

5.1.2

5.1.1

5.1.0

5.0.4

5.0.3

5.0.2

5.0.1

5.0.0

4.3.1

4.3.0

4.2.1

4.2.0

4.1.12

4.1.11

4.1.10

4.1.9

4.1.8

4.1.7

4.1.6

4.1.5

4.1.4

4.1.3

4.1.2

4.1.1

4.1.0

4.0.7

4.0.6

4.0.5

4.0.4

4.0.3

4.0.2

4.0.1

4.0.0

3.0.2

3.0.1

3.0.0

2.1.0

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

1.7.2

1.7.1

1.7.0

1.6.11

1.6.10

1.6.9

1.6.8

1.6.7

1.6.6

1.6.5

1.6.4

1.6.3

1.6.2

1.6.1

1.6.0

1.5.2

1.5.1

1.5.0

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.7

1.3.6

1.3.5

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

1.2.4

1.2.3

1.2.2

1.2.1

1.2.0

1.1.3

1.1.2

1.1.1

1.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

appthreat-vulnerability-db-5.5.0b1.tar.gz (43.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

appthreat_vulnerability_db-5.5.0b1-py3-none-any.whl (51.0 kB view details)

Uploaded Python 3

File details

Details for the file appthreat-vulnerability-db-5.5.0b1.tar.gz.

File metadata

File hashes

Hashes for appthreat-vulnerability-db-5.5.0b1.tar.gz
Algorithm Hash digest
SHA256 5d5300113994f01fc0aef3fcf1a0a4e6d25a725d6aed6f3b1f990eac1544a6b1
MD5 0630db21076a3bd37444386ec95dd7bc
BLAKE2b-256 be46f9c0e56f18b935aa853221e5d1ec3b1204c9b57a077f4a4d3b100c472a7d

See more details on using hashes here.

File details

Details for the file appthreat_vulnerability_db-5.5.0b1-py3-none-any.whl.

File metadata

File hashes

Hashes for appthreat_vulnerability_db-5.5.0b1-py3-none-any.whl
Algorithm Hash digest
SHA256 a49abea3f54589bd84820971ec7f99b255d417046e96581c979fa477958dc45e
MD5 f3e9b84fd7cfc90474b9255aa2278af7
BLAKE2b-256 8094faafc478c07ae7ac1d0a2e5b588e1db4b162a7477677e9e11cfd80ecf6d9

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page