fasten-project vulnerability-producer issues

fasten-project / vulnerability-producer

Gathers, enriches and publishes vulnerability information to a Kafka topic.

https://www.fasten-project.eu/

Apache License 2.0

6 stars 3 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Consistently mark the versions as vulnerable that are named in the version spec with =, ==, <=, and >= operators.

#136 MagielBruntink closed 9 months ago
0
So Maven actually removed the vulnerable artifacts in CVE-2024-22233.…

#135 MagielBruntink closed 9 months ago
0
Fix multi equals in version spec (again)

#134 MagielBruntink closed 9 months ago
0
Adjusted version range computation to deal with multiple equals.

#133 MagielBruntink closed 9 months ago
0
Ignore advisories from GHSA that are withdrawn.

#132 MagielBruntink closed 9 months ago
0
Include full CPE configuration in vulnerability statement

#131 MagielBruntink opened 1 year ago
0
Include base_cpe into (merged) vulnerability statements (hotfix).

#130 MagielBruntink closed 1 year ago
0
Use IBM X-Force as a complimentary source

#129 mir-am opened 2 years ago
0
The `published_date` field becomes empty for some vulnerabilities

#128 mir-am opened 2 years ago
0
High memory consumption after running for several weeks

#127 mir-am closed 2 years ago
2
Support CVEFixes as a vulnerability source

#126 mir-am opened 2 years ago
1
Vulnerable version 2.13.2 of CVE-2020-36518 not detected due to data issues

#125 MagielBruntink closed 2 years ago
3
Consider CWE IDs and VectorCVSS scores when merging vulnerabilities

#124 mir-am closed 2 years ago
1
CVE-2021-44228 - Too many PURLs

#123 mir-am opened 2 years ago
1
Use GH Advisory repository instead of GraphQL

#122 mir-am opened 2 years ago
0
Use Multi-threading in Vulnerability Producer

#121 mir-am closed 2 years ago
15
Add multi-threading support for getting vulnerabilities from various sources

#120 mir-am closed 2 years ago
1
CVE-2019-2124 - Incorrect PURL mapping

#119 mir-am opened 2 years ago
3
CVE-2020-0353 - Inconsistent PURL

#118 mir-am opened 2 years ago
2
Supporting osv.dev's vulnerability database

#117 mir-am opened 2 years ago
0
Merging vulnerabilities based on CVE id (if CVE id exist)

#116 cg122 opened 2 years ago
0
Added storing GHSA responses to disk, with CWE & CVSS data added.

#115 MagielBruntink closed 2 years ago
0
Change CVE processing order to start approximately with most recent

#114 MagielBruntink closed 2 years ago
0
Added authorized get requests for GitHub API

#113 MagielBruntink closed 2 years ago
0
CVE-2020-35728 - mapping to purls more than NVD described

#112 cg122 opened 2 years ago
2
Sort vulnerability processing order by date, most recent ones first

#111 MagielBruntink closed 2 years ago
1
Additional logging and http client improvements

#110 MagielBruntink closed 2 years ago
0
More fixes

#109 MagielBruntink closed 2 years ago
0
Fixes for purl mapping

#108 MagielBruntink closed 2 years ago
0
CVE-2017-5402 - Vulnerability of non-maven product mapped to maven package

#107 cg122 opened 2 years ago
1
Consider using more functionality of the OWASP Dependecy Check tool

#106 MagielBruntink opened 2 years ago
0
Weird mapping of CVE-1999-0373

#105 cg122 opened 2 years ago
0
Severity field in statements is just for CVSS2 and not very useful

#104 MagielBruntink opened 2 years ago
0
CVE-2021-36373 and CVE-2021-36373 purl mapping are not precise.

#103 cg122 closed 2 years ago
1
Invalid CVE ids in the DB

#101 cg122 closed 2 years ago
1
CVE-2021-33813 purl mapping is incomplete.

#100 cg122 opened 2 years ago
1
Consider CIRCL CVE API for CVE data and updates

#99 MagielBruntink opened 2 years ago
1
Found vulnerabilities changed for `org.apache.struts:struts2-core:2.0.5`

#98 cg122 opened 2 years ago
1
Unexpected (data source unknown) purls for CVE-2019-17571

#97 cg122 closed 2 years ago
2
WIP Revision of error handling and several crosscutting concerns

#96 MagielBruntink closed 2 years ago
0
Keep purls as linked hash set to maintain ordering but preventing duplicates

#95 MagielBruntink closed 3 years ago
0
WIP: investigation and fixes of the false positive purl issue #92

#94 MagielBruntink closed 3 years ago
8
WIP: investigation and fixes of the false positive purl issue #92

#93 MagielBruntink closed 3 years ago
0
Fix bug that generates purls for versions that did not have the vulnerability

#92 MagielBruntink closed 3 years ago
3
Package Version Comparison Failure

#91 elanzini closed 2 years ago
1
Producer crashes when parsing oss-fuzz-vulns, then restarts from scratch

#90 MagielBruntink closed 3 years ago
2
Use a voting pool to infer PURLs

#89 elanzini closed 3 years ago
0
Extracting repository url from links is buggy

#88 elanzini closed 2 years ago
0
Make PURLs field a Set to avoid duplicates

#87 elanzini closed 3 years ago
2
Exception while retrieving CPE versions - many errors in log

#86 MagielBruntink closed 2 years ago
1