Giters

AppThreat / vulnerability-db

Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.0, purl, and vers.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

purl prefix data quality issues

prabhu opened this issue · comments

commented 
CVE-2019-19985 | icegram | icegram | email_subscribers_\&_newsletters | vers:icegram/<4.2.3 | pkg:generic/icegram/email_subscribers_\&_newsletters

pkg:generic/icegram/email_subscribers_\&_newsletters

CVE-2019-17384 | eleopard | animate_it\ | animate_it\! | vers:eleopard/<2.3.6 | pkg:generic/animate_it\/animate_it\!
commented 
CVE-2019-17384 | eleopard | animate_it\ | animate_it\! | vers:eleopard/<2.3.6 | pkg:generic/animate_it\/animate_it\!
commented 
CVE-2019-14686 | trendmicro | trendmicro | antivirus_\+_security_2019 | vers:trendmicro/15.0 | pkg:generic/trendmicro/antivirus_\+_security_2019
commented 
CVE-2019-15996 | cisco | dna_spaces | dna_spaces\ | vers:cisco/_connector | pkg:generic/dna_spaces/dna_spaces\
commented

https://github.com/AppThreat/vuln-list/blob/main/nvd/2021/CVE-2021-27434.json

cpe:2.3:a:unified-automation:.net_based_opc_ua_client\\/server_sdk:*:*:*:*:*:*:*:*

results in

pkg:generic/.net_based_opc_ua_client\/server_sdk
commented

This mostly affects the NVD source. While CPE can contain special characters such as brackets, & and commas, this needs to be cleaned up before conversion to a purl prefix. This cleaning logic can be exposed to calling applications to perform normalization.

pkg:generic/[gwa]_autoresponder_project/[gwa]_autoresponder
pkg:generic/acowebs/product_labels_for_woocommerce_(sale_badges)

pkg:generic/active_directory_integration_/_ldap_integration

pkg:generic/amadercode/dropshipping_&_affiliation_with_amazon

pkg:generic/bitcoin_/_altcoin_payment_gateway_for_woocommerce

pkg:generic/call&book_mobile_bar_project/call&book_mobile_bar

pkg:generic/camsbiometrics/zkteco,_essl,_cams_biometrics_integration_module

pkg:generic/cancel_order_request_/_return_order_/_repeat_order_/_reorder_for_woocommerce

pkg:generic/clinic's_patient_management_system_project/clinic's_patient_management_system
pkg:generic/codesys/control_rte_(for_beckhoff_cx)_sl
pkg:generic/codesys/control_rte_(sl)


pkg:generic/codesys/hmi
pkg:generic/codesys/hmi_(sl)
pkg:generic/codesys/hmi_sl


pkg:generic/display_post_meta,_term_meta,_comment_meta,_and_user_meta_project/display_post_meta,_term_meta,_comment_meta,_and_user_meta

pkg:generic/doctor's_appointment_system_project/doctor's_appointment_system
pkg:generic/doctor_appointment_system_project/doctor_appointment_system
pkg:generic/f(x)_toc_project/f(x)_toc

pkg:generic/felixmoira/popup_more_popups,_lightboxes,_and_more_popup_modules

pkg:generic/i2_pros_&_cons_project/i2_pros_&_cons
commented

There are instances where the vers string includes brackets.

vers:cisco/2.0\(0.249\)
vers:cisco/10.4\(2\)
vers:cisco/2.1\(0.474\)
vers:cisco/2.2\(1.145\)
vers:cisco/2.4\(0.247\)
vers:cisco/2.1\(0.474\)
vers:cisco/2.1\(0.904\)
vers:cisco/2.2\(0.470\)
vers:cisco/2.3\(0.298\)
vers:cisco/2.1\(0.904\)
vers:cisco/2.1\(102.103\)