yavdb

yavdb

16 Stars

Yet Another Vulnerability Database

rtfpessoa
Vulnerable-labs
May 27, 2025
16 stars
View on GitHub
Share on:
X LinkedIn Facebook WhatsApp Telegram Reddit Email
Category
Vulnerable-labs
GitHub Stars
16
Project Added On
May 27, 2025
Contributors
3

README.md

View on GitHub

Yet Another Vulnerability Database

Codacy Badge
Codacy Badge
CircleCI

The Free and Open Source vulnerability database.

This database aims to aggregate multiple sources of vulnerabilities for the most common package managers helping
developers identify and fix know vulnerabilities in their apps.

The sources for this database include
Rubysec,
~~snyk,~~ (removed)
Friends of PHP,
Magento Related Security Advisories,
Victims CVE Database,
RustSec

Prerequisites

  • Ruby 2.3 or newer

Installation

gem install yavdb

TODO:

Tests

Features/Improvements

  • [ ] Support non semver versions
  • [ ] Merge duplicates
  • [ ] Scrape NVD for other package manager vulnerabilities
  • [ ] Find more sources

Help

Commands:  
  yavdb download                                                            # Download a previously generated database from the official yavdb repository into yavdb-path.  
    Options: p, [--yavdb-path=YAVDB-PATH]  # Default: <HOME>/.yavdb/yavdb  
  yavdb generate                                                            # Crawl several sources and generate a local database in database-path.  
    Options: p, [--database-path=DATABASE-PATH]  # Default: <PWD>/database  
  yavdb help [COMMAND]                                                      # Describe available commands or one specific command  
  yavdb list --package-manager=PACKAGE-MANAGER --package-name=PACKAGE-NAME  # List vulnerabilities from database-path of package-name for package-manager.     
    Options: p, [--database-path=DATABASE-PATH]  # Default: <HOME>/.yavdb/yavdb/database

Options:  
  [--verbose], [--no-verbose]

Development

After checking out the repo, run bin/setup to install dependencies.
Then, run bundle exec rake spec to run the tests.
You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install.
To release a new version, update the version number in version.rb, and then run bundle exec rake release,
which will create a git tag for the version,
push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/rtfpessoa/yavdb.
This project is intended to be a safe, welcoming space for collaboration,
and contributors are expected to adhere to the Contributor Covenant code of conduct.

Copyright

Copyright (c) 2017-present Rodrigo Fernandes.
See LICENSE for details.

Tool Information

Author

rtfpessoa

Project Added On

May 27, 2025

License

Open Source

Tags

cocoapods composer database dependencies go hacktoberfest java javascript maven node npm nuget packagist php pip pypi ruby rubygems security vulnerabilities
View on GitHub

Related Tools

IWA-Java

IWA-Java

Insecure Web + API application with example Fortify integrations into many DevSecOps and CICD platforms

Stable
IWA-DotNet

IWA-DotNet

Insecure Web Application - .NET version

Stable
damn-vulnerable-MCP-server

damn-vulnerable-MCP-server

Damn Vulnerable MCP Server

Stable
View more Vulnerable-labs tools