We help IT Professionals succeed at work.

Software Vulnerabilities

Hi All,

If we want to identify vulnerabilities in Open source softwares what is the way to do it? What are the free websites available that can help in informing  on the existing vulnerabilities of that software ?

Regards,
Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
CVE databases do contain vulnerability information for plenty of open source software. Not every single one, but should prove help. Also, are you using a vulnerability scanner?

NIST's NVD is probably a bit better than some others in terms of HOW it lets you search.
madunixExecutive IT Director, MVE
CERTIFIED EXPERT
Most Valuable Expert 2019

Commented:
The attacker might look up possible vulnerabilities for the software by checking the National Vulnerability Database (NVD), Common Vulnerabilities and Exposures (CVE) database, or Offensive Security's Exploit Database (https://www.exploit-db.com/aboutexploit-db/).
https://www.us-cert.gov/ncas/current-activity
https://www.rapid7.com/db/search?utf8
https://www.exploit-db.com/
http://www.cvedetails.com/
Exec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
Adding on is the whitesource db, which search for information on your vulnerabilities by either CVE or project name. With coverage for over 200 programming languages and vulnerabilities sourced from the NVD, a wide variety of security advisories, bug trackers. Note that as WS db extends beyond the limits of the NVD, some of the vulnerabilities listed come with a “WS” designation, signifying that they are without a CVE ID.

https://vuln.whitesourcesoftware.com/

Another is having a list of common package known vulnerabilities as the db.

https://snyk.io/vuln