fasten-project / vulnerability-producer

Gathers, enriches and publishes vulnerability information to a Kafka topic.
https://www.fasten-project.eu/
Apache License 2.0
6 stars 3 forks source link

Consider CIRCL CVE API for CVE data and updates #99

Open MagielBruntink opened 3 years ago

MagielBruntink commented 3 years ago

It seems possible to replace crawling of NVD, GHSA, and others with this API: https://circl.lu/services/cve-search/

This could greatly reduce complexity and enhance data quality. Vulnerable versions of CPEs are explicitely enumerated as well: https://cve.circl.lu/api/cve/CVE-2019-17571

mir-am commented 3 years ago

Nice finding! It'd be good to find out whether that server has an API rate limit or some sort.