issues
search
fasten-project
/
vulnerability-producer
Gathers, enriches and publishes vulnerability information to a Kafka topic.
https://www.fasten-project.eu/
Apache License 2.0
6
stars
3
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Consistently mark the versions as vulnerable that are named in the version spec with =, ==, <=, and >= operators.
#136
MagielBruntink
closed
10 months ago
0
So Maven actually removed the vulnerable artifacts in CVE-2024-22233.…
#135
MagielBruntink
closed
10 months ago
0
Fix multi equals in version spec (again)
#134
MagielBruntink
closed
10 months ago
0
Adjusted version range computation to deal with multiple equals.
#133
MagielBruntink
closed
10 months ago
0
Ignore advisories from GHSA that are withdrawn.
#132
MagielBruntink
closed
10 months ago
0
Include full CPE configuration in vulnerability statement
#131
MagielBruntink
opened
1 year ago
0
Include base_cpe into (merged) vulnerability statements (hotfix).
#130
MagielBruntink
closed
1 year ago
0
Use IBM X-Force as a complimentary source
#129
mir-am
opened
2 years ago
0
The `published_date` field becomes empty for some vulnerabilities
#128
mir-am
opened
2 years ago
0
High memory consumption after running for several weeks
#127
mir-am
closed
2 years ago
2
Support CVEFixes as a vulnerability source
#126
mir-am
opened
2 years ago
1
Vulnerable version 2.13.2 of CVE-2020-36518 not detected due to data issues
#125
MagielBruntink
closed
2 years ago
3
Consider CWE IDs and VectorCVSS scores when merging vulnerabilities
#124
mir-am
closed
2 years ago
1
CVE-2021-44228 - Too many PURLs
#123
mir-am
opened
2 years ago
1
Use GH Advisory repository instead of GraphQL
#122
mir-am
opened
2 years ago
0
Use Multi-threading in Vulnerability Producer
#121
mir-am
closed
2 years ago
15
Add multi-threading support for getting vulnerabilities from various sources
#120
mir-am
closed
2 years ago
1
CVE-2019-2124 - Incorrect PURL mapping
#119
mir-am
opened
2 years ago
3
CVE-2020-0353 - Inconsistent PURL
#118
mir-am
opened
2 years ago
2
Supporting osv.dev's vulnerability database
#117
mir-am
opened
2 years ago
0
Merging vulnerabilities based on CVE id (if CVE id exist)
#116
cg122
opened
2 years ago
0
Added storing GHSA responses to disk, with CWE & CVSS data added.
#115
MagielBruntink
closed
2 years ago
0
Change CVE processing order to start approximately with most recent
#114
MagielBruntink
closed
2 years ago
0
Added authorized get requests for GitHub API
#113
MagielBruntink
closed
2 years ago
0
CVE-2020-35728 - mapping to purls more than NVD described
#112
cg122
opened
2 years ago
2
Sort vulnerability processing order by date, most recent ones first
#111
MagielBruntink
closed
2 years ago
1
Additional logging and http client improvements
#110
MagielBruntink
closed
2 years ago
0
More fixes
#109
MagielBruntink
closed
2 years ago
0
Fixes for purl mapping
#108
MagielBruntink
closed
2 years ago
0
CVE-2017-5402 - Vulnerability of non-maven product mapped to maven package
#107
cg122
opened
2 years ago
1
Consider using more functionality of the OWASP Dependecy Check tool
#106
MagielBruntink
opened
2 years ago
0
Weird mapping of CVE-1999-0373
#105
cg122
opened
2 years ago
0
Severity field in statements is just for CVSS2 and not very useful
#104
MagielBruntink
opened
2 years ago
0
CVE-2021-36373 and CVE-2021-36373 purl mapping are not precise.
#103
cg122
closed
2 years ago
1
Invalid CVE ids in the DB
#101
cg122
closed
2 years ago
1
CVE-2021-33813 purl mapping is incomplete.
#100
cg122
opened
3 years ago
1
Consider CIRCL CVE API for CVE data and updates
#99
MagielBruntink
opened
3 years ago
1
Found vulnerabilities changed for `org.apache.struts:struts2-core:2.0.5`
#98
cg122
opened
3 years ago
1
Unexpected (data source unknown) purls for CVE-2019-17571
#97
cg122
closed
2 years ago
2
WIP Revision of error handling and several crosscutting concerns
#96
MagielBruntink
closed
2 years ago
0
Keep purls as linked hash set to maintain ordering but preventing duplicates
#95
MagielBruntink
closed
3 years ago
0
WIP: investigation and fixes of the false positive purl issue #92
#94
MagielBruntink
closed
3 years ago
8
WIP: investigation and fixes of the false positive purl issue #92
#93
MagielBruntink
closed
3 years ago
0
Fix bug that generates purls for versions that did not have the vulnerability
#92
MagielBruntink
closed
3 years ago
3
Package Version Comparison Failure
#91
elanzini
closed
2 years ago
1
Producer crashes when parsing oss-fuzz-vulns, then restarts from scratch
#90
MagielBruntink
closed
3 years ago
2
Use a voting pool to infer PURLs
#89
elanzini
closed
3 years ago
0
Extracting repository url from links is buggy
#88
elanzini
closed
2 years ago
0
Make PURLs field a Set to avoid duplicates
#87
elanzini
closed
3 years ago
2
Exception while retrieving CPE versions - many errors in log
#86
MagielBruntink
closed
2 years ago
1
Next