If we want to identify vulnerabilities in Open source softwares what is the way to do it? What are the free websites available that can help in informing on the existing vulnerabilities of that software ?
Regards,
SoftwareVulnerabilitiesSecurity
Last Comment
btan
8/22/2022 - Mon
masnrock
CVE databases do contain vulnerability information for plenty of open source software. Not every single one, but should prove help. Also, are you using a vulnerability scanner?
NIST's NVD is probably a bit better than some others in terms of HOW it lets you search.
madunix
The attacker might look up possible vulnerabilities for the software by checking the National Vulnerability Database (NVD), Common Vulnerabilities and Exposures (CVE) database, or Offensive Security's Exploit Database (https://www.exploit-db.com/aboutexploit-db/). https://www.us-cert.gov/ncas/current-activity https://www.rapid7.com/db/search?utf8 https://www.exploit-db.com/ http://www.cvedetails.com/
NIST's NVD is probably a bit better than some others in terms of HOW it lets you search.