Software vulnerabilities and CVE are usually relying on many third-parties sources for cross-references, additional information or validation.
We recently introduced VIA4CVE - Vulnerability Information Aggregator for CVEs.
VIA4CVE is an aggregator of the known vendor vulnerabilities database to support the expansion of information with CVEs. VIA4CVE is a companion to cve-search.
VIA4CVE generates a compiled JSON file containing the CVE which all the known references.
The following references are already included:
- D2sec
- ExploitDB
- Information Assurance Vulnerability Alert - (IAVM)
- Microsoft Bulletins
- Open Vulnerability and Assesment Language - (OVAL)
- RedHat information including packages associated to vulnerabilities
- MITRE Reference Key/Maps - source MITRE reference Key/Maps
- Saint exploit information
- MITRE Vendor statements Collection
- VMWare Security Advisories
A raw feed of VIA4CVE is also available at https://www.cve-search.org/feeds/via4.json.
VIA4CVE is a companion to the cve-search core software.
We welcome software and hardware vendors to inform us about new sources.