opencve vs vulnix

Our great sponsors

InfluxDB - Power Real-Time Data Analytics at Scale

WorkOS - The modern identity platform for B2B SaaS

SaaSHub - Software Alternatives and Reviews

Our great sponsors

opencve		vulnix
	Project
21	Mentions	4
1,618	Stars	397
3.2%	Growth	5.8%
4.4	Activity	1.2
9 days ago	Latest Commit	25 days ago
Python	Language	Python
GNU General Public License v3.0 or later	License	BSD 3-clause "New" or "Revised" License

The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

opencve

Posts with mentions or reviews of opencve. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-12-07.

Auth0 increases price by 300%
7 projects | /r/webdev | 7 Dec 2023
how to stay up to date with new CVEs?
1 project | /r/cybersecurity | 25 May 2023
Where do you get your information regarding new vulnerabilities and security risks?
2 projects | /r/sysadmin | 9 May 2023
PaperCut MF/NG vulnerability
1 project | /r/sysadmin | 20 Apr 2023

Don't like someone else running it? No problem, it's open source and you can run it yourself https://github.com/opencve/opencve
Tracking vulnerabilities that your company is effected by.
1 project | /r/cybersecurity | 14 Apr 2023

I use https://www.opencve.io you can make a account and then subscribe to different products and/or vendors to get automated updates via mail if there are new vulnerabilities that affect these products
Getting informed about exploits / CVEs
1 project | /r/sysadmin | 16 Mar 2023

www.opencve.io and filter on your vendors and hw models.
CVE sources
2 projects | /r/cybersecurity | 27 Dec 2022
CVE Vulnerability Tracking
2 projects | /r/AskNetsec | 18 Nov 2022

Check out OpenCVE, I find it as an excellent tool.
zero-day exploit notifications
3 projects | /r/cybersecurity | 19 Aug 2022

https://www.opencve.io/ - Site that allows you to be emailed of new CVEs by subscribing to different products and vendors.
CVE Search
1 project | /r/cybersecurity | 24 May 2022

https://www.opencve.io/ is something to use as well.

vulnix

Posts with mentions or reviews of vulnix. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-11-09.

Is NixOS a thing?
2 projects | /r/devops | 9 Nov 2022

it is very easy to scan your entire dependency tree for known vulnerabilities for Nix, all the way up to a whole OS
What Are Your Most Used Self Hosted Applications?
50 projects | news.ycombinator.com | 4 May 2022

Initially I spent a lot of time as I used it as an opportunity to learn Nix/NixOS. I used Nix intentionally as it's a rolling release and also it's declarative and intended for reproducible deployments, so I don't need to deal with an OS like Ubuntu that slowly gets crufty and out of date and needs a clean-up or upgrade or complete re-install. And if I do need to re-install, it should be mostly a one-liner.
For security there are these scanners:
https://github.com/flyingcircusio/vulnix
https://github.com/andir/nix-vulnerability-scanner
I also run all services in docker and my network uses VLANs behind an OPNSense firewall. I use Wireguard as a pinch point into my network to access most services. So I'm not too worried about the security aspect.
Upgrading on Nix is pretty easy - just bump your lock file and it will get the latest packages, assuming you are on the unstable channel. But unstable does break on occasion. You an also use the latest stable release of Nix and selectively choose unstable packages, which is probably the way to go. I rarely need to fix anything - it's pretty stable. It only starts eating time when I want to add or upgrade some element to the system, but I always make sure to never do any action that isn't captured in Nix config and backed up, so that I don't have to come back and figure out what exactly I did or how something works again. It's been fine. Nix has a pretty steep learning curve, but considering its power, I think it's absolutely worth it.
Is there an easy way to see changes made by `nixos-rebuild switch`?
2 projects | /r/NixOS | 14 Dec 2021

Along with the results of the diff the comment also provides the results of running vulnix
vulnix: Vulnerability (CVE) Scanner for Nix/NixOS
1 project | news.ycombinator.com | 25 Aug 2021

What are some alternatives?

When comparing opencve and vulnix you can also consider the following projects:

grype - A vulnerability scanner for container images and filesystems

nix-alien - Run unpatched binaries on Nix/NixOS

vulnmine - Vulnmine searches for vulnerable hosts using MS SCCM host / software inventory data with NIST NVD Vulnerability feed data.

awesome-selfhosted - A list of Free Software network services and web applications which can be hosted on your own servers

CVE-2021-37740 - PoC for DoS vulnerability CVE-2021-37740 in firmware v3.0.3 of SCN-IP100.03 and SCN-IP000.03 by MDT. The bug has been fixed in firmware v3.0.4.

nix.dev - Official documentation for getting things done with Nix.

openvas-scanner - This repository contains the scanner component for Greenbone Community Edition.

Joplin - Joplin - the secure note taking and to-do app with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.

DependencyCheck - OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

expbox - Vulnerability Exploitation Code Collection Repository

faraday - Open Source Vulnerability Management Platform

cyberowl - A daily updated summary of the most frequent types of security advisories currently being reported from different sources.