We’re delighted to announce the release of Vulnerability-Lookup 2.2.0, packed with enhancements, new features, and bug fixes.
What’s New
-
Identity:
- Vulnerability-Lookup now has a beautiful new logo.
-
New Statistics Namespace: The API now offers a dedicated namespace for statistics. Two new endpoints are currently available:
/api/stats/vulnerability/most_sighted
/api/stats/vulnerability/most_commented
Both endpoints provide the option to return results in a Markdown table format. (7a2b8ed, d95b49c)
You can use the API output directly to generate PDF reports:
$ curl -s -X 'GET' 'https://vulnerability.circl.lu/api/stats/vulnerability/most_sighted?date_from=2024-07-01&output=markdown' | pandoc --from=markdown --to=pdf -o semestrial-report.pdf
- New Client for KEV Sightings: A new Python client, KevSight, is available to generate sightings for Vulnerability-Lookup using the Known Exploited Vulnerabilities (KEV) catalog. For more details, refer to the Vulnerability-Lookup documentation on sightings automation and the available clients.
Changes
-
API Enhancements:
- Numerous improvements and harmonization across the API while maintaining compatibility with previous versions. PyVulVulnerabilityLookup has been updated. (f9a03fb, 79cc46d)
-
Improved Views:
/recent
: Enhanced for greater consistency and readability./vuln
: Improved display for vulnerabilities from the CVE List v5 and NVD sources. The versions of the impacted products is now displayed in a third column. (9308772, 5f9826a, f71da45, 54ad96e, e8ae16e)- We have enhanced the layout and accessibility of various views as part of our ongoing commitment to creating software that is inclusive and usable for everyone.
-
Documentation:
-
Backend:
Fixes
-
Date Parameters in API:
- The
date_from
anddate_to
parameters in the API no longer have default values. It is now the client’s responsibility to specify these values. (036ca3a)
- The
-
CVE Lookup Endpoint:
- We fixed the API endpoint for searching CVEs by vendor and product. (0867fac)
Funding
The NGSOTI project is dedicated to training the next generation of Security Operation Center (SOC) operators, focusing on the human aspect of cybersecurity. It underscores the significance of providing SOC operators with the necessary skills and open-source tools to address challenges such as detection engineering, incident response, and threat intelligence analysis. Involving key partners such as CIRCL, Restena, Tenzir, and the University of Luxembourg, the project aims to establish a real operational infrastructure for practical training. This initiative integrates academic curricula with industry insights, offering hands-on experience in cyber ranges.
vulnerability-lookup is co-funded by CIRCL and by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or ECCC. Neither the European Union nor the granting authority can be held responsible for them.