We’re delighted to announce the release of Vulnerability-Lookup 2.7.0,
packed with new features, enhancements, and bug fixes.
What’s New
Vendor and Product Management
Added support for extending or aliasing CPE names, allowing vendor and product names to be mapped.
This addresses the issue of CPE fragmentation or inconsistency, where an organization might have multiple vendor names,
or a single product is referenced by different CPE identifiers (e.g., "cpe:/a:oracle:java" vs. "cpe:/a:sun:java" for the same product).
The solution introduces organizations as unified containers, consolidating known CPE vendor names under a single entity.
Related products are linked to this entity. Additionally, a curated list of CPE product name
synonyms helps resolve naming discrepancies.
A point of contact (email/URL) can be added to an organization.
Public pages
Management pages
New notifications for users
Organization Membership
Users can now be part of one or multiple organizations in Vulnerability-Lookup.
New API endpoints
Introduced new endpoints to retrieve information about organizations and products.
It is as well possible to get all CPE information related to a product or an organization, as a JSON file.
(/organization/<uuid>/export_cpe_information and /product/<uuid>/export_cpe_information)
An example of export is available here:
To see the full rundown of the changes, users can visit the changelog on GitHub:
Thank you very much to all the contributors and testers!
Feedback and Support
If you encounter issues or have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us!
Follow us on Fediverse/Mastodon
You can follow us on Mastodon and get real time informationa about security advisories:
Hackathon
Join our upcoming Hackathon and contribute to Vulnerability-Lookup!
When: 8th & 9th April in Luxembourg
Where: www.parc-hotel.lu (120 Route d’Echternach L-1453 Luxembourg)