About

search_vulns can be used to search for known vulnerabilities in software. To achieve this, the tool utilizes a locally built vulnerability database, currently containing:

• CVE information from the National Vulnerability Database (NVD)
• Enhanced NVD information from VulnCheck NVD++
• Exploit information from the Exploit-DB (EDB)
• Exploit information from PoC-in-GitHub
• Vulnerability information from the GitHub Security Advisory Database
• Software currency information from endoflife.date

Using the search_vulns tool, this local information can be queried, either by providing software titles like 'Apache 2.4.39' or by providing a CPE 2.3 string like cpe:2.3:a:sudo_project:sudo:1.8.2:*:*:*:*:*:*:*.

search_vulns can either be used as a CLI tool or via a web server. It is recommended to use the CLI tool for automated workflows that might be resource-constrained. Otherwise, using the web server is recommended, because it offers more features and flexibility. This includes the ability to achieve more complete results. Also, the presentation of results is clearer and results can be exported for further use.

License Information About search_vulns

• search_vulns is licensed under the MIT license, see here.
• This product uses the NVD API but is not endorsed or certified by the NVD.
• Data from VulnCheck NVD++ is used, which is considered fair use but requires attribution, see here.
• Data from the Exploit-DB is used, which is licensed under the GPLv2 license, see here.
• Data from PoC-in-GitHub is used, which does not provide a license. However, it is published on GitHub and thereby permits usage according to GitHub's Terms of Service.
• Data from the GitHub Security Advisory Database is used, which is licensed under the Creative Commons Attribution 4.0 International license, see here.
• Data from endoflife.date is used, which is licensed under the MIT License, see here.
• The web frontend uses Tailwind CSS, which is licensed under the MIT License, see here.
• The web frontend uses DaisyUI, which is licensed under the MIT License, see here.
• The web frontend uses jQuery, which is licensed under the MIT License, see here.
• The web frontend uses FontAwesome Free icons, which are GPL friendly and permit usage, see here.
• The web frontend uses highlight.js, which is licensed under the BSD 3-Clause, see here.
• The web frontend uses highlightjs-line-numbers.js, which is licensed under the MIT License, see here.
• The web frontend uses highlightjs-copy, which is licensed under the Unlicense License, see here.
• The web frontend uses highlightjs-highlight-lines.js, which is licensed under the MIT License, see here.
• The web frontend uses MathJax, which is licensed under the Apache 2.0 License, see here.