Skip to content

Releases: ra1nb0rn/search_vulns

Version 0.6.5

30 Jan 17:48
@ra1nb0rn ra1nb0rn
v0.6.5
d959053
Compare
Choose a tag to compare
Version 0.6.5 Latest
Latest

Changed

  • Do not run tests when updating resources in latest GitHub release.

Fixed

  • Fixed small bugs in cpe_search submodule.
  • Updated test cases.
  • Updated license years.
Assets 6
Loading

Version 0.6.4

20 Dec 17:25
@ra1nb0rn ra1nb0rn
v0.6.4
b6db6e7
Compare
Choose a tag to compare
Version 0.6.4

Added

  • Added equivalent CPE for inet clear reports.
  • Use GHSA DB specific information for last affected version.

Changed

  • Slightly modified behavior of browsing CPE dropdown in web app.

Fixed

  • Retrieval of GHSA vulnerabilities without a patched version.
  • Updated test cases.
Assets 6
Loading

Version 0.6.3

12 Nov 17:30
@ra1nb0rn ra1nb0rn
v0.6.3
d5d6d54
Compare
Choose a tag to compare
Version 0.6.3

Added

  • Added ability to search via vulnerability IDs (CVE and GHSA) (thanks @pommfresser).
  • Added badge with current version to web server.

Fixed

  • Fixed bug to add exploits to GHSA-only vulns.
  • Updated test cases.
  • Updated node packages.

Contributors

pommfresser
Assets 6
Loading

Version 0.6.2

24 Oct 17:34
@ra1nb0rn ra1nb0rn
v0.6.2
fe1d0a2
Compare
Choose a tag to compare
Version 0.6.2

Fixed

  • Updated test cases.
Assets 6
Loading

Version 0.6.1

17 Oct 22:11
@ra1nb0rn ra1nb0rn
v0.6.1
2a45bc9
Compare
Choose a tag to compare
Version 0.6.1

Added

  • Added equivalent CPEs.

Changed

  • Limited when NVD vuln description search is performed.
  • Removed bad CPE equivalence from Debian list.

Fixed

  • Updated test cases.
Assets 6
Loading

Version 0.6.0

04 Sep 18:15
@ra1nb0rn ra1nb0rn
v0.6.0
66ab51c
Compare
Choose a tag to compare
Version 0.6.0

Added

  • Integrated GitHub Security Advisory Database as data source.
  • Integrated VulnCheck's NVD++ with enhanced NVD information as data source.
  • Added very basic retrieval of NVD vulnerabilities via their vuln description text.
  • Add equivalent CPEs for Keycloak, NATS server and Nginx.
  • Equivalent CPEs are now also searched for via indirect connections (i.e. transitively).

Changed

  • Increased size of CVSS vectors in DB to accomodate longer CVSS 4.0 vectors.
  • The file structure was changed, such that the build code resides in its own directory.
  • Rejected CVEs without content are no longer stored in the local vuln DB.
  • Reworked C++ build code for NVD CVSS score to also accept secondary CVSS scores and CVSS 4.0.
  • Browsing the CPE dropdown in the web app now wraps around instead of staying fixed to beginning or end.

Fixed

  • Updated test cases.
  • Fixed processing of EoLD data and made it more resistant to formatting errors.
Assets 6
Loading

Version 0.5.7

25 Jul 17:33
@ra1nb0rn ra1nb0rn
v0.5.7
09fa4be
Compare
Choose a tag to compare
Version 0.5.7

Added

  • Added equivalent CPE for Ghostscript.
  • Added equivalent CPE for OwnCloud.
  • Added links to public web instance and blog posts to GitHub README.

Changed

  • search_vulns logo in web app now uses snake case.

Fixed

  • Updated test cases.
  • Fixed comparison of zero-extended versions, e.g. 21.0 !< 21.0.0
Assets 6
Loading

Version 0.5.6

08 Jul 20:10
@ra1nb0rn ra1nb0rn
v0.5.6
374fed0
Compare
Choose a tag to compare
Version 0.5.6

Fixed

  • Update test case.
  • Fix install script to terminate with error code if DB build fails.
Assets 6
Loading

Version 0.5.5

28 Jun 17:33
@ra1nb0rn ra1nb0rn
v0.5.5
8e68865
Compare
Choose a tag to compare
Version 0.5.5

Changed

  • Exclude endoflife.date tests from workflow that updates the release assets.

Fixed

  • Update WordPress test case for endoflife.date.
Assets 6
Loading

Version 0.5.4

24 Jun 18:43
@ra1nb0rn ra1nb0rn
v0.5.4
b124835
Compare
Choose a tag to compare
Version 0.5.4

Fixed

  • Updated several test cases.
Assets 6
Loading