News
Vulnerability-Lookup 2.3.0 released
🎉 We’re really excited to unveil Vulnerability-Lookup 2.3.0—our festive Christmas Release! 🎄🎁 It includes new features, new importers, improvements and fixes. ✨ What’s New Pub/Sub Mechanism: A streaming service implemented using a Publish/Subscribe (Pub/Sub) pattern powered by Valkey. Available channels: vulnerability, comment, bundle, and sighting. For more details, see the documentation (#92). FediVuln now supports streaming information from a Valkey Pub/Sub service or an authenticated HTTP event-stream (both provided by Vulnerability-Lookup internals) to the Fediverse. Templates are used to render statuses, with the appropriate template selected based on the channel where the event originates. CISA Vulnrichment importer (as meta for CVE): The CISA Vulnrichment project is the public repository of CISA’s enrichment of public CVE records through CISA’s ADP (Authorized Data Publisher) container. In this phase of the project, CISA is assessing new and recent CVEs and adding key Stakeholder-Specific Vulnerability Categorization (SSVC) decision points. Once scored, some higher-risk CVEs will also receive enrichment of CWE and/or CVSS data points, where possible. The web interface will highlight this information related to the CVEs in the next release More information. (#42)
December 17, 2024
Vulnerability-Lookup 2.2.0 released
We’re delighted to announce the release of Vulnerability-Lookup 2.2.0, packed with enhancements, new features, and bug fixes. What’s New Identity: Vulnerability-Lookup now has a beautiful new logo. New Statistics Namespace: The API now offers a dedicated namespace for statistics. Two new endpoints are currently available: /api/stats/vulnerability/most_sighted /api/stats/vulnerability/most_commented Both endpoints provide the option to return results in a Markdown table format. (7a2b8ed, d95b49c) You can use the API output directly to generate PDF reports:
November 28, 2024
Vulnerability-Lookup 2.1.0 released
We’re thrilled to announce the release of version 2.1.0 of the Vulnerability-Lookup project! This update introduces new features primarily focused on vulnerability sightings, improvements and fixes. News A new API endpoint allows sightings to be created programmatically. Using dedicated tools, we gather observations from three main sources: The Fediverse with FediVuln, a client to collect vulnerability-related information from the Fediverse MISP with VulnerabilityLookupSighting, a client that retrieves vulnerability observations from a MISP server and pushes them to a Vulnerability Lookup instance RSS and Atom feeds Combined sightings for bundles: The page displaying bundle details now shows the combined sightings for all vulnerabilities within the bundle (48610fc) New RSS/Atom endpoints for sightings have been added, allowing parameters such as the sighting source to be used and the id of a vulnerability. This enables users to subscribe to activity on unpublished vulnerabilities. (6020294) Provide the possibility to comment not yet published vulnerabilities (f88f239) Changes Make drawBarChartHomePage faster (fa95945) Added a function in order to provide a small description about the vulnerabilities listed in the bundle page (8f04be1) Various enhancements to the home page and the charts based on user sightings Improved the API and the OpenAPI Swagger documentation Various improvements were made to the user interface Fixes Fixed an issue in the Marshalling for the Sightings in the API (5ccdbe2) Fixed the title of the RSS/Atom feed (311d2c4) Keep non-sensitive case search even if our ids are lowercase. (9fae6ea)
November 14, 2024