Vulnerability-Lookup ==================== .. only:: html .. image:: https://img.shields.io/github/release/vulnerability-lookup/vulnerability-lookup.svg?style=flat-square :alt: Latest release :target: https://github.com/vulnerability-lookup/vulnerability-lookup/releases/latest :class: img-responsive .. image:: https://img.shields.io/github/license/vulnerability-lookup/vulnerability-lookup.svg?style=flat-square :alt: License :target: https://github.com/vulnerability-lookup/vulnerability-lookup/blob/main/LICENSE.md :class: img-responsive .. image:: https://img.shields.io/github/stars/vulnerability-lookup/vulnerability-lookup.svg?style=flat-square :alt: Stars :target: https://github.com/vulnerability-lookup/vulnerability-lookup/stargazers :class: img-responsive .. image:: https://img.shields.io/github/contributors/vulnerability-lookup/vulnerability-lookup.svg?style=flat-square :alt: Contributors :target: https://github.com/vulnerability-lookup/vulnerability-lookup/graphs/contributors :class: img-responsive .. toctree:: :caption: Architecture :maxdepth: 3 :hidden: architecture webservice streaming fulltextsearch .. toctree:: :caption: Technical considerations :maxdepth: 3 :hidden: prerequisites installation update notification sync command-line-interface logging .. toctree:: :caption: Usage :maxdepth: 3 :hidden: feeds api-v1 .. toctree:: :caption: Community :maxdepth: 3 :hidden: contributing Presentation ------------ `Vulnerability-Lookup `_ facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD). Vulnerability-Lookup is also a collaborative platform where users can comment on security advisories and create bundles. A Vulnerability-Lookup instance operated by `CIRCL `_ is available at https://vulnerability.circl.lu. Features ~~~~~~~~ - **Feeders**: Modular ingestion framework to import vulnerabilities from multiple sources. Default feeders are bundled and enabled out of the box. - **CVD process**: End-to-end management of **Security Advisories** and `Coordinated Vulnerability Disclosures `__. - **Local sources**: Support for adding instance-specific, custom vulnerability sources. - **Global CVE Allocation System**: Native integration with the `GCVE `__. - **KEV catalogs**: Per-instance management with synchronization of remote KEV catalogs (e.g. ENISA, CISA). - **Sightings**: Record and track vulnerability observations, including *seen*, *exploited*, *not exploited*, *confirmed*, *not confirmed*, *patched*, and *not patched*. - **Comments**: Add, review, and share analyst notes on advisories. - **Bundles**: Group related vulnerability advisories with contextual descriptions for easier tracking and analysis. - **Synchronization**: Optional synchronization of comments, bundles, sightings, and KEV entries between instances. - **RSS/Atom**: Subscribe to vulnerability updates and comments via RSS or Atom feeds. - **EPSS**: Integration with the Exploit Prediction Scoring System for improved risk prioritization. - **Watchlists**: Monitor vulnerabilities affecting specific products and receive email notifications. - **API**: Fast and comprehensive vulnerability lookup API, including cross-source correlation by vulnerability identifier. .. image:: _static/img/vulnerability-lookup.png :alt: High level architecture :target: _static/img/vulnerability-lookup.png Contributing ------------ If you are interested in contributing to Vulnerability-Lookup, take a look at `the official repository `_. Contact ------- `CIRCL - Computer Incident Response Center Luxembourg `_ - `info@circl.lu `_ License ------- Vulnerability-Lookup is licensed under `GNU Affero General Public License version 3 `_.