Can you get in touch with the guys at OWASP Dependency Check? It's one of their more mature projects, and it essentially does a lot of what you described and then some, including for Python projects.
Most CVEs have a pretty good descriptions. For example CVE-2016-6186[1]:
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
It doesn't seem to be loading all the data when you browse the "human" site. Stops at ftw.mail (if there's a way to go on to the next page, it isn't obvious)
This is awesome. What a great service! Just curious, what stack did you use for the human browsable site and database? I am looking for a quick data reporting stack like this that is hopefully easy to set up in Python. Any advice?
It's a bit dirty, but was the right tool for the job. If you are working on a larger project, I'd probably use some template language like mustache to render the elements.
Really cool stuff. I love it! Thank you for making this.
A side note anyone using Django should keep up to date. If you see the list of versions and the related packages which have known vulnerabilities you will realize keeping up to date is critical.
[+] [-] eganist|9 years ago|reply
https://www.owasp.org/index.php/OWASP_Dependency_Check
I can make a connection between you and Jeremy Long (head of the project) if you'd like. He's also on twitter as @ctxt
[+] [-] jacknews|9 years ago|reply
[+] [-] SubiculumCode|9 years ago|reply
Unless insucure is a Python package I do not know about.
[+] [-] pekk|9 years ago|reply
[+] [-] svisser|9 years ago|reply
[+] [-] jayfk|9 years ago|reply
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
[1] http://www.cvedetails.com/cve/CVE-2016-6186/
[+] [-] Twirrim|9 years ago|reply
[+] [-] daveguy|9 years ago|reply
[+] [-] jayfk|9 years ago|reply
It's a bit dirty, but was the right tool for the job. If you are working on a larger project, I'd probably use some template language like mustache to render the elements.
[+] [-] vinayan3|9 years ago|reply
A side note anyone using Django should keep up to date. If you see the list of versions and the related packages which have known vulnerabilities you will realize keeping up to date is critical.
[+] [-] x1798DE|9 years ago|reply
[+] [-] jayfk|9 years ago|reply
Edit: Switched to S3 to load the data.
[+] [-] unknown|9 years ago|reply
[deleted]