I am highly interested in finding Django CVE PoCs which would be useful to justify internally (and externally) upgrading services running old unsupported versions of Django (or backporting the patches from the supported versions, if applicable). This repository contains the string "Django" 35 times. There are false positives, like this one, where the string "POC" was found in the CVE description but it's actually saying "No POC found"

https://github.com/trickest/cve/blob/967839a1f3dd2e43c3ca7af...

The string "No POC found" appears 34,948 times in this repository. This is concerning, given this repo has ~1000 CVEs per year, and 24 years!

The GitHub links for each CVE are very low value, unfortunately, the modal link seems to be to a "awesome CVE" or "CVE POC list" repository of no value whatsoever.

I'd really like a CVE database where you can search by software and version and see which CVEs apply to your version, their severity, and which have PoCs. Anybody else feeling this would be valuable ?

There is Exploit-DB which contains a list of PoC for a lot of services, if their count is to be believed its almost at 45k different PoC.

https://www.exploit-db.com/

I think this is more of a demonstration of what trickest can do.

I posted it because it made it onto GitHub trending and thought it shows the potential of what could be done by aggregating cve / POC data.

I had much the same thought as you, it would be great to have this in a curated database. I feel like someone might reply that such a thing already exists :)

Snyk is pretty good for your use case (I think). It often has PoCs or links to PoCs if they’re available for vulnerabilities associated with library / framework versions. Here’s the link to the vulnerabilities for Django:

https://snyk.io/vuln/pip:django

That already exists. I work on one version of that. Unless I've misunderstood you.

> I'd really like a CVE database where you can search by software and version and see which CVEs apply to your version, their severity, and which have PoCs.

You work on such a database? Please link it for the rest of us!

Just to be sure we are talking about the same thing, you want a nice GUI interface for the NVD API? In other words, this:

curl --verbose "https://services.nvd.nist.gov/rest/json/cve/1.0/CVE-2020-068..."

But you want a nice interface for that? We offer that at Virtalabs, though we specialize on ICS that are in hospitals:

https://www.virtalabs.com

You could grab quite a lot of this from the OVAL feeds that multiple distros offer.

Getting a verified POC is a much harder problem.

For a curated collection of CVE PoCs that is continuously updated by the bug bounty community, check out the projectdiscovery nuclei repo: https://github.com/projectdiscovery/nuclei-templates/tree/ma...

I would like to have a resource like this, but instead of the PoC I want to see the diff that fixed the flaw in the software.

Anything like that around? I know it isn't trivial.

I could see how to do this for some projects, like Django: get the list of their security updates. For each release, it lists the CVEs it fixes and the patch. The patch gives you the fix diff.

https://docs.djangoproject.com/en/4.0/releases/security/

Planning to do some ML training?

This is great! The title made me think of someone mocking badly described PoCs, but it's really a collection.

Seems a little spotty on finding popular PoCs for recent CVEs, but I think this is great for archiving purposes.

What is a CVE PoC?

An organization, "mitre" maintains a list of publicly disclosed vulnerabilities and assigns each vulnerability a unique ID, which is the "CVE" number. The PoC is a "proof of concept" that explains how it could be exploited practically.

So this is mapping both those things.

Thank you

Common Vulnerabilities and Exposures (CVE) + Proof of Concept

Thank you

Awesome work!