Release 2.0.0

News

• Sightings: enable users to add observations to vulnerabilities with different types of sightings, such as: seen, exploited, not exploited, confirmed, not confirmed, patched, and not patched. (#76)

Changes

• Enhanced the homepage with simple charts displaying trending vulnerabilities based on user sightings. (ba7a64d, 946eaaf)
• The dump command can now export the sightings. (d070c58)
• Added a UUID attribute to the User model. A migration script will generate UUIDs for all existing users. (713a9a8)
• Improved /recent view for CSAF vulnerabilities. (f31b56)
• Improved /recent view for JVNDB vulnerabilities. (478faaf)
• Improved /recent view for OpenSSF Malicious Packages vulnerabilities. (1a2728d)
• Improved /recent view for PySec vulnerabilities. (f5d8b21)
• Improved /recent view for GitHub vulnerabilities. (e60b81a)
• Various graphical and accessibility improvements.

Fixes

• Get bigger chunks of variot data at a time (e9e6fce)
• [CISA feed] Exception when storing CWE entries as list (78236d5)

Funding

The NGSOTI project is dedicated to training the next generation of Security Operation Center (SOC) operators, focusing on the human aspect of cybersecurity. It underscores the significance of providing SOC operators with the necessary skills and open-source tools to address challenges such as detection engineering, incident response, and threat intelligence analysis. Involving key partners such as CIRCL, Restena, Tenzir, and the University of Luxembourg, the project aims to establish a real operational infrastructure for practical training. This initiative integrates academic curricula with industry insights, offering hands-on experience in cyber ranges.

vulnerability-lookup is co-funded by CIRCL and by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or ECCC. Neither the European Union nor the granting authority can be held responsible for them.