AppThreat's vulnerability database and package search library with a built-in file based storage. OSV, CVE, GitHub, npm are the primary sources of vulnerabilities.
Project description
Introduction
This repository contains a vulnerability database and a package search for OSV, NVD, GitHub, and NPM sources. Data on vulnerabilities is downloaded from the sources and stored in a custom file-based storage system with indexes that enables offline access and quick searches.
Installation
pip install h2-vulnerability-db
Usage
This package is ideal as a vulnerability management library. This is how h2-depscan, a dependency auditing tool, works. However, a limited cli capability with few features is available for testing this tool directly.
Cache vulnerability data
Cache from all sources
vdb --cache
Cache from just OSV
vdb --cache --only-osv
It is possible to customise the cache behaviour by increasing the historic data period to cache by setting the following environment variables.
- NVD_START_YEAR - Default: 2016. Supports upto 2002
- GITHUB_PAGE_COUNT - Default: 5. Supports upto 20
Periodic sync
To periodically sync the latest vulnerabilities and update the database cache.
vdb --sync
Basic search
It is possible to perform simple search using the cli.
vdb --search android:8.0
vdb --search google:android:8.0
vdb --search android:8.0,simplesamlphp:1.14.11
Syntax is package:version,package:version or vendor : package : version (Without space)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Hashes for h2-vulnerability-db-2.0.2.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 1208584364f9b6db235bbf3b9221cd7a44484552a986a7f9a49240625d3bf0c6 |
|
| MD5 | 2a8b7f8f1c89c1ab95f8e8bda9840419 |
|
| BLAKE2b-256 | 5f31c01228df8bc70e61df1360cf021225e462e98ba604dab0a8eb9dce3e69e1 |
