Welcome to Vulners¶
Vulners.com is a security database containing descriptions for a large amount of software vulnerabilities in a machine-readable format. Cross-references between bulletins and continuously updating database keep you abreast of the latest security threats. These documentation pages will answer any questions you may have.
Lucene-based queries¶
Vulners database is based on search engine with Lucene queries which you can use in your queries:
- AND
"apache" AND "vulnerabilities"
- OR
"apache" OR "Lucene"
- NOT
NOT type:"robot"
- Boolean Operators
- Grouping
(Lucene OR apache) AND website
- Special characters
+ - && || ! ( ) { } [ ] ^ " ~ * ? : \
- Range Searches
status:[400 TO 499]
Below are some basic examples that will make it clearer.
Examples and search snippets¶
-
Your website unpatched vulnerabilities at the Openbugbounty:
type:openbugbounty AND title:"your-domain-here.com" AND openbugbounty.patchStatus:unpatched
-
Software vulnerabilities, Firefox as example:
type:openbugbounty AND title:"your-domain-here.com" AND openbugbounty.patchStatus:unpatched
-
Software vulnerabilities, for exact version. Nginx 1.11.0 vulnerabilities:
affectedSoftware.name:nginx AND affectedSoftware.version:"1.11.0"
-
Software vulnerabilities, wildcard version, CVSS score range. Nginx 1.9* and CVSS score between 7 to 10:
affectedSoftware.name:nginx AND affectedSoftware.version:1.9* AND cvss.score:[7 TO 10]
-
Package vulnerabilities in some OS. Installed packages vulnerabilities for any PHP in SUSE:
affectedPackage.packageName:php* AND type:suse order:published
-
Search for php4 vulnerabilities in SUSE and CentOS or php4 exploits excluding OpenVAS and Nessus plugins:
-
Looking for affected CVE number in collection. OpenWRT vulnerabilities for CVE-2016-0799:
-
Extension vulnerabilities in TYPO3. Vulnerable div2007 extension for TYPO3:
-
AWS Credentials leakage in Android Google Play repository:
-
Nmap NSE scripts updates:
-
Most expensive public disclosed Yahoo vulnerabilities:
-
Exploits with “Selinux” in source code sorted by CVSS score:
-
Microsoft vulnerabilities with CVSS score in range 6 to 10 in CVE catalog sorted by date:
(type:cve AND cvss.score:[6 TO 10] AND description:"Microsoft") order:published
-
Search CentOS vulnerabilities with title, strating with “Critical” or “Important” and NETWORK in CVSS vector:
-
Use
*
if you want to find an existing and-
missing field.