{"id":13649792,"url":"https://github.com/rtfpessoa/yavdb","last_synced_at":"2025-04-22T15:30:49.121Z","repository":{"id":52441469,"uuid":"87656286","full_name":"rtfpessoa/yavdb","owner":"rtfpessoa","description":"Yet Another Vulnerability Database","archived":true,"fork":false,"pushed_at":"2021-07-23T13:41:33.000Z","size":22536,"stargazers_count":14,"open_issues_count":3,"forks_count":7,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-09-09T17:05:07.780Z","etag":null,"topics":["cocoapods","composer","database","dependencies","go","hacktoberfest","java","javascript","maven","node","npm","nuget","packagist","php","pip","pypi","ruby","rubygems","security","vulnerabilities"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rtfpessoa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-04-08T18:45:18.000Z","updated_at":"2023-03-29T15:48:43.000Z","dependencies_parsed_at":"2022-08-26T01:01:36.831Z","dependency_job_id":null,"html_url":"https://github.com/rtfpessoa/yavdb","commit_stats":null,"previous_names":[],"tags_count":24,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rtfpessoa%2Fyavdb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rtfpessoa%2Fyavdb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rtfpessoa%2Fyavdb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rtfpessoa%2Fyavdb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rtfpessoa","download_url":"https://codeload.github.com/rtfpessoa/yavdb/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223900372,"owners_count":17222028,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cocoapods","composer","database","dependencies","go","hacktoberfest","java","javascript","maven","node","npm","nuget","packagist","php","pip","pypi","ruby","rubygems","security","vulnerabilities"],"created_at":"2024-08-02T02:00:25.483Z","updated_at":"2024-11-10T00:31:44.440Z","avatar_url":"https://github.com/rtfpessoa.png","language":"Ruby","funding_links":[],"categories":["OWASP Top 10"],"sub_categories":["SQL Injection"],"readme":"# Yet Another Vulnerability Database\n\n[![Codacy Badge](https://api.codacy.com/project/badge/Grade/00298529610b41f4a6ec380550ea45de)](https://www.codacy.com/app/rtfpessoa/yavdb?utm_source=github.com\u0026amp;utm_medium=referral\u0026amp;utm_content=rtfpessoa/yavdb\u0026amp;utm_campaign=Badge_Grade)\n[![Codacy Badge](https://api.codacy.com/project/badge/Coverage/00298529610b41f4a6ec380550ea45de)](https://www.codacy.com/app/rtfpessoa/yavdb?utm_source=github.com\u0026utm_medium=referral\u0026utm_content=rtfpessoa/yavdb\u0026utm_campaign=Badge_Coverage)\n[![CircleCI](https://circleci.com/gh/rtfpessoa/yavdb.svg?style=svg)](https://circleci.com/gh/rtfpessoa/yavdb)\n\nThe Free and Open Source vulnerability database.\n\nThis database aims to aggregate multiple sources of vulnerabilities for the most common package managers helping \ndevelopers identify and fix know vulnerabilities in their apps.\n\nThe sources for this database include \n[Rubysec](https://rubysec.com/),\n~~[snyk](https://snyk.io/),~~ (removed)\n[Friends of PHP](https://github.com/FriendsOfPHP/security-advisories),\n[Magento Related Security Advisories](https://github.com/victims/victims-cve-db),\n[Victims CVE Database](https://github.com/victims/victims-cve-db),\n[RustSec](https://github.com/RustSec/advisory-db)\n\n## Prerequisites\n\n* Ruby 2.3 or newer\n\n## Installation\n\n```sh\ngem install yavdb\n```\n\n## TODO:\n\n#### Tests\n    \n* Sources\n    - [ ] [Rubysec](lib/yavdb/sources/ruby_advisory.rb)\n    - [ ] [OSSIndex](lib/yavdb/sources/ossindex.rb)\n    - [ ] [Friends of PHP and Magento Related Security Advisories](lib/yavdb/sources/friends_of_php.rb)\n    - [ ] [Victims CVE Database](lib/yavdb/sources/victims.rb)\n* Others\n    - [ ] [Advisory](lib/yavdb/dtos/advisory.rb)\n\n#### Features/Improvements\n\n- [ ] Support non semver versions\n- [ ] Merge  duplicates\n- [ ] Scrape [NVD](https://nvd.nist.gov/) for other package manager vulnerabilities\n- [ ] Find more sources\n\n### Help\n\n    Commands:\n      yavdb download                                                            # Download a previously generated database from the official yavdb repository into yavdb-path.\n        Options: p, [--yavdb-path=YAVDB-PATH]  # Default: \u003cHOME\u003e/.yavdb/yavdb\n      yavdb generate                                                            # Crawl several sources and generate a local database in database-path.\n        Options: p, [--database-path=DATABASE-PATH]  # Default: \u003cPWD\u003e/database\n      yavdb help [COMMAND]                                                      # Describe available commands or one specific command\n      yavdb list --package-manager=PACKAGE-MANAGER --package-name=PACKAGE-NAME  # List vulnerabilities from database-path of package-name for package-manager.   \n        Options: p, [--database-path=DATABASE-PATH]  # Default: \u003cHOME\u003e/.yavdb/yavdb/database\n    \n    Options:\n      [--verbose], [--no-verbose]\n\n## Development\n\nAfter checking out the repo, run `bin/setup` to install dependencies.\nThen, run `bundle exec rake spec` to run the tests.\nYou can also run `bin/console` for an interactive prompt that will allow you to experiment.\n\nTo install this gem onto your local machine, run `bundle exec rake install`.\nTo release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`,\nwhich will create a git tag for the version,\npush git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).\n\n## Contributing\n\nBug reports and pull requests are welcome on GitHub at https://github.com/rtfpessoa/yavdb.\nThis project is intended to be a safe, welcoming space for collaboration,\nand contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.\n\n## Copyright\n\nCopyright (c) 2017-present Rodrigo Fernandes.\nSee [LICENSE](https://github.com/rtfpessoa/yavdb/blob/master/LICENSE) for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frtfpessoa%2Fyavdb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frtfpessoa%2Fyavdb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frtfpessoa%2Fyavdb/lists"}