{"id":14263145,"url":"https://github.com/aboutcode-org/vulnerablecode","last_synced_at":"2026-04-10T17:41:06.910Z","repository":{"id":37735526,"uuid":"91780998","full_name":"aboutcode-org/vulnerablecode","owner":"aboutcode-org","description":"A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode  Docs at https://vulnerablecode.readthedocs.org/","archived":false,"fork":false,"pushed_at":"2026-04-08T00:05:56.000Z","size":31081,"stargazers_count":658,"open_issues_count":775,"forks_count":301,"subscribers_count":20,"default_branch":"main","last_synced_at":"2026-04-08T01:29:45.203Z","etag":null,"topics":["cpe","cve","cvss","nvd","ossindex","osv","package-url","purl","security","security-tools","snyk","vulndb","vulnerability","vulnerability-database","vulnerability-databases","vulnerability-detection","vulnerability-identification","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"https://public.vulnerablecode.io","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aboutcode-org.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGELOG.rst","contributing":null,"funding":null,"license":null,"code_of_conduct":"CODE_OF_CONDUCT.rst","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS.rst","dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"aboutcode-org","open_collective":"aboutcode","custom":"https://causes.benevity.org/causes/056-5528680976845_a486"}},"created_at":"2017-05-19T07:56:17.000Z","updated_at":"2026-04-06T13:43:07.000Z","dependencies_parsed_at":"2023-10-03T10:56:18.385Z","dependency_job_id":"81986b84-1a4a-4e17-922f-688cde68e55c","html_url":"https://github.com/aboutcode-org/vulnerablecode","commit_stats":{"total_commits":1960,"total_committers":49,"mean_commits":40.0,"dds":0.7673469387755102,"last_synced_commit":"3cee7717864c54c50b865cefc7d6c18d7a8783b7"},"previous_names":["aboutcode-org/vulnerablecode"],"tags_count":63,"template":false,"template_full_name":null,"purl":"pkg:github/aboutcode-org/vulnerablecode","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aboutcode-org%2Fvulnerablecode","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aboutcode-org%2Fvulnerablecode/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aboutcode-org%2Fvulnerablecode/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aboutcode-org%2Fvulnerablecode/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aboutcode-org","download_url":"https://codeload.github.com/aboutcode-org/vulnerablecode/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aboutcode-org%2Fvulnerablecode/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31560476,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-08T14:31:17.711Z","status":"ssl_error","status_checked_at":"2026-04-08T14:31:17.202Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cpe","cve","cvss","nvd","ossindex","osv","package-url","purl","security","security-tools","snyk","vulndb","vulnerability","vulnerability-database","vulnerability-databases","vulnerability-detection","vulnerability-identification","vulnerability-scanners"],"created_at":"2024-08-22T13:02:17.389Z","updated_at":"2026-04-08T15:00:51.278Z","avatar_url":"https://github.com/aboutcode-org.png","language":"Python","funding_links":["https://github.com/sponsors/aboutcode-org","https://opencollective.com/aboutcode","https://causes.benevity.org/causes/056-5528680976845_a486"],"categories":["Python"],"sub_categories":[],"readme":"==============\nVulnerableCode\n==============\n\nVulnerableCode is a database of software package vulnerabilities with Web UI and API.\n\nWhy Use VulnerableCode?\n=======================\n\nVulnerableCode provides a Web UI and API to access a database of known software package \nvulnerabilities with comprehensive information from upstream and downstream public \nsources including packages affected by a vulnerability and packages that fix a \nvulnerability. \n\nThere is a `public VulnerableCode database \u003chttps://public.vulnerablecode.io/\u003e`_ \nand the project also provides the tools to build your own instance of the database.\n\nGetting Started\n===============\n\nInstructions to get you up and running on your local machine are at `Getting Started \u003chttps://vulnerablecode.readthedocs.io/en/stable/\u003e`_\n\nThe VulnerableCode documentation also provides:\n\n- prerequisites for installing the software.\n- an introduction to the user interface.\n- how to use the API.\n- tutorials for adding new pipelines to import and improve advisories.\n- extensive reference information about VulnerableCode data.\n- guidelines for contributing to code development.\n\nBuild and tests status\n======================\n\n|Build Status| |Code License| |Data License| |Python 3.8+| |stability-wip| |Gitter chat|\n\n\n.. |Build Status| image:: https://github.com/nexB/vulnerablecode/actions/workflows/main.yml/badge.svg?branch=main\n   :target: https://github.com/nexB/vulnerablecode/actions?query=workflow%3ACI\n.. |Code License| image:: https://img.shields.io/badge/Code%20License-Apache--2.0-green.svg\n   :target: https://opensource.org/licenses/Apache-2.0\n.. |Data License| image:: https://img.shields.io/badge/Data%20License-CC--BY--SA--4.0-green.svg\n   :target: https://creativecommons.org/licenses/by-sa/4.0/legalcode \n.. |Python 3.8+| image:: https://img.shields.io/badge/python-3.8+-green.svg\n   :target: https://www.python.org/downloads/release/python-380/\n.. |stability-wip| image:: https://img.shields.io/badge/stability-work_in_progress-lightgrey.svg\n.. |Gitter chat| image:: https://badges.gitter.im/gitterHQ/gitter.png\n   :target: https://gitter.im/aboutcode-org/vulnerablecode\n\n\nBenefits of VulnerableCode\n==========================\n\nVulnerableCode is a free and open database of open source software package\nvulnerabilities **because open source software vulnerability data and tools\nshould be free and open source themselves**.\n\n- Vulnerability databases have been **traditionally proprietary** even though they\n  are mostly about free and open source software. \n\n- Vulnerability databases also often contain a lot of lesser value data which\n  means a lot of false positive signals that require extensive expert reviews.\n\n- Vulnerability databases are also mostly about vulnerabilities first and software\n  packages second, making it difficult to find if and when a vulnerability applies\n  to a piece of code. VulnerableCode's focus is on software packages first where\n  a Package URL (PURL) is a key and natural identifier for packages; this makes it\n  easier to find a package and whether it is vulnerable.\n\nPURLs were designed initially for ScanCode and VulnerableCode. PURL is\nnow a `standard \u003chttps://github.com/package-url/purl-spec\u003e`_ for vulnerability management \nand package references.\n\nThe VulnerableCode tech stack is Python, Django, PostgreSQL, nginx and Docker and\nseveral libraries.\n\nSupport\n=======\n\nIf you have a specific problem, suggestion or bug, please submit a\n`GitHub issue \u003chttps://github.com/aboutcode-org/vulnerablecode/issues\u003e`_.\n\nFor quick questions or socializing, join the AboutCode community discussions on `Slack \u003chttps://join.slack.com/t/aboutcode-org/shared_invite/zt-3li3bfs78-mmtKG0Qhv~G2dSlNCZW2pA\u003e`_.\n\nInterested in commercial suppport? Contact the `AboutCode team \u003cmailto:hello@aboutcode.org\u003e`_.\n\nLicense\n=======\n\n* `Apache-2.0 \u003capache-2.0.LICENSE\u003e`_ is the overall license.\n* `CC-BY-SA-4.0 \u003ccc-by-sa-4.0.LICENSE\u003e`_ applies to reference datasets.\n* There are multiple secondary permissive or copyleft licenses (LGPL, MIT,\n  BSD, GPL 2/3, etc.) for third-party components and test suite code and data.\n\n\nAcknowledgements, Funding, Support and Sponsoring\n=================================================\n\nThis project is funded, supported and sponsored by:\n\n- Generous support and contributions from users like you!\n- the European Commission NGI programme\n- the NLnet Foundation \n- the Swiss State Secretariat for Education, Research and Innovation (SERI)\n- Google, including the Google Summer of Code and the Google Seasons of Doc programmes\n- Mercedes-Benz Group\n- Microsoft and Microsoft Azure\n- AboutCode ASBL\n- nexB Inc. \n\n\n\n|europa|   |dgconnect| \n\n|ngi|   |nlnet|   \n\n|aboutcode|  |nexb|\n\n\n\nThis project was funded through the NGI0 PET Fund, a fund established by NLnet with financial\nsupport from the European Commission's Next Generation Internet programme, under the aegis of DG\nCommunications Networks, Content and Technology under grant agreement No 825310.\n\n|ngizeropet|  https://nlnet.nl/project/VulnerableCode/\n\n\nThis project was funded through the NGI0 Discovery Fund, a fund established by NLnet with financial\nsupport from the European Commission's Next Generation Internet programme, under the aegis of DG\nCommunications Networks, Content and Technology under grant agreement No 825322.\n\n|ngidiscovery| https://nlnet.nl/project/vulnerabilitydatabase/\n\n\nThis project was funded through the NGI0 Core Fund, a fund established by NLnet with financial\nsupport from the European Commission's Next Generation Internet programme, under the aegis of DG\nCommunications Networks, Content and Technology under grant agreement No 101092990.\n\n|ngizerocore| https://nlnet.nl/project/VulnerableCode-enhancements/\n\n\nThis project is funded through the NGI0 Entrust Fund, a fund established by NLnet with financial\nsupport from the European Commission's Next Generation Internet programme, under the aegis of DG\nCommunications Networks, Content and Technology under grant agreement No 101069594.\n\n|ngizeroentrust| https://nlnet.nl/project/FederatedSoftwareMetadata/\n\n\nThis project was funded through the NGI0 Commons Fund, a fund established by NLnet with financial\nsupport from the European Commission's Next Generation Internet programme, under the aegis of DG\nCommunications Networks, Content and Technology under grant agreement No 101135429. Additional\nfunding is made available by the Swiss State Secretariat for Education, Research and Innovation\n(SERI). \n\n|ngizerocommons| |swiss| https://nlnet.nl/project/FederatedCodeNext/\n\nThis project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial\nsupport from the European Commission's Next Generation Internet programme, under the aegis of DG\nCommunications Networks, Content and Technology under grant agreement No 101069594. \n\n|ngizeroentrust| https://nlnet.nl/project/CRAVEX/\n\n\n\n.. |nlnet| image:: https://nlnet.nl/logo/banner.png\n    :target: https://nlnet.nl\n    :height: 50\n    :alt: NLnet foundation logo\n\n.. |ngi| image:: https://ngi.eu/wp-content/uploads/thegem-logos/logo_8269bc6efcf731d34b6385775d76511d_1x.png\n    :target: https://ngi.eu35\n    :height: 50\n    :alt: NGI logo\n\n.. |nexb| image:: https://nexb.com/wp-content/uploads/2022/04/nexB.svg\n    :target: https://nexb.com\n    :height: 30\n    :alt: nexB logo\n\n.. |europa| image:: https://ngi.eu/wp-content/uploads/sites/77/2017/10/bandiera_stelle.png\n    :target: http://ec.europa.eu/index_en.htm\n    :height: 40\n    :alt: Europa logo\n\n.. |aboutcode| image:: https://aboutcode.org/wp-content/uploads/2023/10/AboutCode.svg\n    :target: https://aboutcode.org/\n    :height: 30\n    :alt: AboutCode logo\n\n.. |swiss| image:: https://www.sbfi.admin.ch/sbfi/en/_jcr_content/logo/image.imagespooler.png/1493119032540/logo.png\n    :target: https://www.sbfi.admin.ch/sbfi/en/home/seri/seri.html\n    :height: 40\n    :alt: Swiss logo\n\n.. |dgconnect| image:: https://commission.europa.eu/themes/contrib/oe_theme/dist/ec/images/logo/positive/logo-ec--en.svg\n    :target: https://commission.europa.eu/about-european-commission/departments-and-executive-agencies/communications-networks-content-and-technology_en\n    :height: 40\n    :alt: EC DG Connect logo\n\n.. |ngizerocore| image:: https://nlnet.nl/image/logos/NGI0_tag.svg\n    :target: https://nlnet.nl/core\n    :height: 40\n    :alt: NGI Zero Core Logo\n\n.. |ngizerocommons| image:: https://nlnet.nl/image/logos/NGI0_tag.svg\n    :target: https://nlnet.nl/commonsfund/\n    :height: 40\n    :alt: NGI Zero Commons Logo\n\n.. |ngizeropet| image:: https://nlnet.nl/image/logos/NGI0PET_tag.svg\n    :target: https://nlnet.nl/PET\n    :height: 40\n    :alt: NGI Zero PET logo\n\n.. |ngizeroentrust| image:: https://nlnet.nl/image/logos/NGI0Entrust_tag.svg\n    :target: https://nlnet.nl/entrust\n    :height: 38\n    :alt: NGI Zero Entrust logo\n\n.. |ngiassure| image:: https://nlnet.nl/image/logos/NGIAssure_tag.svg\n    :target: https://nlnet.nl/image/logos/NGIAssure_tag.svg\n    :height: 32\n    :alt: NGI Assure logo\n\n.. |ngidiscovery| image:: https://nlnet.nl/image/logos/NGI0Discovery_tag.svg\n    :target: https://nlnet.nl/discovery/\n    :height: 40\n    :alt: NGI Discovery logo\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faboutcode-org%2Fvulnerablecode","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faboutcode-org%2Fvulnerablecode","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faboutcode-org%2Fvulnerablecode/lists"}