cybersecurity

5299 readers

5 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks

tweedge

Vulnerability-Lookup 2.20.0 (no.lastname.nz)

submitted 8 hours ago by cm0002@no.lastname.nz to c/cybersecurity

0 comments fedilink hide all child comments

Just in time for the end of the year, we’re happy to share our final release before the holidays: Vulnerability-Lookup 2.20.0 🎄

What's New

GCVE (Global CVE Allocation System): Relationships

We’ve updated the bundled Vulnogram interface to better support the GCVE ecosystem. Vulnerability-Lookup now allows you to define and manage relationships between vulnerabilities, in line with the GCVE BCP-05 specification.

Commit: 2f39bf8

This is a first step toward implementing full GCVE BCP-05 compliance.

Displaying relationships of a vulnerability

https://vulnerability.circl.lu/vuln/GCVE-1-2025-0032

In this case, opposes indicates that the GNA does not agree with the status or validity of the referenced vulnerability. This can be used when a GCVE published by another GNA is considered not to be a vulnerability for the product in question (e.g., the behavior is expected, or the scenario describes a discouraged or unsupported configuration).

Editing relationships with the Vulnogram UI

Sightings Visualization

Understanding how vulnerabilities are observed in the wild just got easier. We’ve added a new Heat Map to visualize vulnerability sightings over time, featuring built-in filters for dates and sighting types.

Commit: 56a66e0

Examples

https://vulnerability.circl.lu/vuln/CVE-2025-61757#sightings

https://vulnerability.circl.lu/vuln/CVE-2018-13379#sightings

Sighting correlations

https://vulnerability.circl.lu/vuln/CVE-2025-59718#sightingsCorrelations

Changes

Authentication: Allowed password recovery triggers based on case-insensitive usernames. #290

Vulnerability Disclosure: A guidance message is now displayed to unauthenticated users when attempting to submit a new disclosure. (90787db)

Product API: product.find_vulnerabilities now returns more comprehensive results. (a31f6c3)

https://vulnerability.circl.lu/vuln/GCVE-1-2025-0041

Fixes

Data Ingestion: Fixed an issue to ignore temporary files in ossf/malicious-packages. (6bc93b1)

Website: Fixed the routing path used to delete vulnerability disclosures. (e2ecb2a)

Website: Updated vulnerability ID requirements to be optional for disclosures. (5bd5353)

Changelog

For the full list of changes, check the GitHub release:
v2.20.0 Release Notes

Thank you to all our contributors and testers!

Feedback and Support

If you encounter any issues or have suggestions, please open a ticket on our GitHub repository:
GitHub Issues

Follow Us on the Fediverse

Stay updated on security advisories in real-time by following us on Mastodon:
@vulnerability_lookup

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here