🚧 DevGuard & this page is under active development. Visit the DevGuard Repo →
ConceptsDatabase

DevGuard Vulnerability Database:

DevGuard imports data from multiple sources to construct a robust and comprehensive database of vulnerabilities. The database is refreshed every six hours, ensuring that data is up-to-date. This page provides an overview of the primary sources that contribute to the DevGuard vulnerability database. You can access this vulnerability data on the L3montree website.

Primary Sources

  1. GitHub Exploits
    DevGuard integrates exploit data shared publicly on GitHub. This source provides information on real-world exploit implementations, enabling developers to understand the practical impact of vulnerabilities.

  2. EPSS (Exploit Prediction Scoring System)
    EPSS offers data-driven predictions on the likelihood of vulnerabilities being exploited in the wild. This helps prioritize vulnerabilities based on their exploitability.

  3. CVE List (Common Vulnerabilities and Exposures)
    The CVE List is a centralized catalog of publicly known security vulnerabilities. DevGuard leverages this to maintain a standardized reference for vulnerabilities.

  4. NVD (National Vulnerability Database)
    NVD enriches CVE entries with additional metadata such as severity scores (CVSS), impact metrics, and fix information, providing more context for vulnerability assessment.

  5. Exploit DB (Exploit Database)
    A curated archive of publicly available exploits, including proof-of-concept code. This serves as a valuable resource for understanding practical exploitation techniques.

  6. OSV (Open Source Vulnerabilities)
    OSV consolidates vulnerability data from various open-source projects, ensuring comprehensive coverage of issues in open-source ecosystems.

OSV Data Sources

The OSV component aggregates data from multiple specialized databases to cover a wide range of ecosystems:

  • GitHub Advisory Database: Security advisories published on GitHub.
  • PyPI Advisory Database: Vulnerabilities in Python packages.
  • Go Vulnerability Database: Issues in Go libraries and applications.
  • Rust Advisory Database: Security issues in Rust crates.
  • Global Security Database: General open-source vulnerabilities.
  • OSS-Fuzz: Vulnerabilities found via Google’s fuzzing project.
  • Rocky Linux and AlmaLinux: Security advisories from these Linux distributions.
  • Haskell Security Advisories: Vulnerabilities affecting Haskell libraries.
  • RConsortium Advisory Database: Security issues in R language packages.
  • OpenSSF Malicious Packages: Malicious open-source packages detected by the OpenSSF community.
  • Python Software Foundation Database: Security issues tracked by the Python Software Foundation.
  • Bitnami Vulnerability Database: Vulnerabilities in Bitnami-packaged applications.
  • Ubuntu: Security advisories from the Ubuntu ecosystem.

By consolidating data from these diverse and specialized sources, DevGuard ensures its vulnerability database remains up-to-date, relevant, and comprehensive for developers worldwide.

ArchitectureSecret Scanning