Search Results for "vulnerability"
Sort By:
Showing 231 open source projects for "vulnerability"
View related business solutions-
Gen AI apps are built with MongoDB AtlasMongoDB Atlas is the developer-friendly database used to build, scale, and run gen AI and LLM-powered apps—without needing a separate vector database. Atlas offers built-in vector search, global availability across 115+ regions, and flexible document modeling. Start building AI apps faster, all in one place.
-
Yeastar: Business Phone System and Unified CommunicationsUser-friendly, optimized, and scalable, the Yeastar P-Series Phone System redefines business connectivity by bringing together calling, meetings, omnichannel messaging, and integrations in one simple platform—removing the limitations of distance, platforms, and systems.
-
1
Nikto
Web server vulnerability scanner for security assessments
Nikto is an open-source web server scanner that performs comprehensive tests to detect potentially dangerous files, outdated server software, and configuration issues. It’s widely used by penetration testers and security professionals for auditing web applications and infrastructure. Nikto supports multiple output formats and can integrate with other tools for automated scanning workflows. -
2
syft
CLI tool and library for generating a Software Bill of Materials
CLI tool and library for generating a Software Bill of Materials from container images and filesystems. syft is a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner like Grype. Generates SBOMs for container images, filesystems, archives, and more to discover packages and libraries. Supports OCI, Docker and Singularity image formats. Linux distribution identification. Works seamlessly with Grype (a fast, modern vulnerability scanner). Able to create signed SBOM attestations using the in-toto specification. ... -
3
WPScan
WPScan WordPress security scanner
WPScan is a black-box WordPress vulnerability scanner written in Ruby. It analyzes WordPress sites to identify outdated core, plugins, themes, exposed APIs, and known vulnerabilities using a large built-in vulnerability database. It is a popular security auditing tool for pentesters and site administrators. -
4
Vuls
Agentless vulnerability scanner for Linux/FreeBSD
Vuls is open-source, agent-less vulnerability scanner based on information from NVD, OVAL, etc. Vuls uses multiple vulnerability databases NVD, JVN, OVAL, RHSA/ALAS/ELSA/FreeBSD-SA and Changelog. Vuls v0.5.0 now possible to detect vulnerabilities that patches have not been published from distributors. Remote scan mode is required to only setup one machine that is connected to other scan target servers via SSH. -
The Easy Way To Build A Referral ProgramReferral Factory offers over 1000 pre-built referral program templates you can use as your own, or you can build your own referral program from scratch. You get unlimited referral campaigns on all plans, and brilliant support from their team of referral marketing experts.
-
5
grype
A vulnerability scanner for container images and filesystems
A vulnerability scanner for container images and filesystems. Easily install the binary to try it out. Works with Syft, the powerful SBOM (software bill of materials) tool for container images and filesystems. Scan the contents of a container image or filesystem to find known vulnerabilities. Find vulnerabilities for major operating system packages. -
6
Kubernetes DNS
Kubernetes DNS service
This is the repository for Kubernetes DNS(kube-dns and nodelocaldns). Vulnerability patches are mainly for debian-base or debian-iptables images. They can be updated to the latest by modifying rules.mk and dnsmasq Makefile. -
7
nuclei
Fast and customizable vulnerability scanner based on simple YAML
...Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks. We have a dedicated repository that houses various type of vulnerability templates contributed by more than 300 security researchers and engineers. Nuclei has built-in support for automatic template download/update as default since version v2.5.2. Nuclei-Templates project provides a community-contributed list of ready-to-use templates that is constantly updated. You may still use the update-templates flag to update the nuclei templates at any time; You can write your own checks for your individual workflow and needs following Nuclei's templating guide. -
8
Flan Scan
A pretty sweet vulnerability scanner
Flan Scan is a lightweight open-source network vulnerability scanner designed to make it easy to detect exposed services, open ports, and associated vulnerabilities across IP ranges or network segments as part of security audit and compliance workflows. It is essentially a thin wrapper around the widely-used Nmap scanner, augmenting it with scripts and tooling that transform raw Nmap output into vulnerability-focused reports that map detected services to known CVEs, making results more actionable for administrators and auditors. ... -
9
Fapro
Fake Protocol Server
Fapro is an open-source asset discovery and vulnerability scanning tool developed by Fofa Pro. It assists in identifying and managing network assets, detecting potential vulnerabilities, and enhancing overall security posture -
Point of Sale. Powerful and Simple.Vibe Retail is an all-in-one retail point-of-sale and operations platform built for single-store and multi-location retailers seeking to unify inventory, sales, staff and customer data from one mobile-friendly interface. The system lets you track inventory across locations and warehouses, handle item variations (size, color, material), manage purchase orders and supplier deliveries, print custom barcodes, and transfer stock between stores in real time. On the sales side, Vibe supports multiple payment types (cards, cash, checks, gift cards, EBT), layaway workflows, serial number tracking, delivery management, loyalty programs and branded receipts. Retailers can integrate with online platforms (such as Shopify and WooCommerce), sync in-store and online sales, access 40+ real-time reports on sales, inventory and performance, set up promotions and discounts, and print receipts from mobile devices.
-
10
OSV.dev
Open source vulnerability DB and triage service
osv.dev (Open Source Vulnerabilities) is Google’s open source platform and API for aggregating, managing, and analyzing vulnerability data across multiple ecosystems. It powers the osv.dev website, providing a unified, queryable database of vulnerabilities that map directly to open source packages and versions. The system hosts vulnerability data for ecosystems such as PyPI, npm, Go, Maven, and Debian, among others. The platform includes a web UI, API, and a Go-based dependency scanner that checks software dependencies, container images, SBOMs (SPDX, CycloneDX), and Git repositories for known vulnerabilities. ... -
11
Docker Scout CLI
Docker Scout CLI
...Docker Scout enhances your development process with detailed image analysis and proactive remediation tools. It integrates seamlessly with Docker Desktop and Docker Hub to improve your security and efficiency. Docker Scout’s local vulnerability analysis scans your images for potential security issues before they reach production. By detecting vulnerabilities early, it helps you ensure safer deployments and reduce the risk of security breaches in your applications. -
12
Is Website Vulnerable
Finds publicly known security vulnerabilities in a website's frontend
A command-line tool that scans websites for known security vulnerabilities in their frontend dependencies by checking against the Snyk vulnerability database. -
13
DefectDojo
DefectDojo is a DevSecOps and vulnerability management tool
DefectDojo is a security orchestration and vulnerability management platform. DefectDojo allows you to manage your application security program, maintain product and application information, triage vulnerabilities and push findings to systems like JIRA and Slack. DefectDojo enriches and refines vulnerability data using a number of heuristic algorithms that improve with the more you use the platform. -
14
Agentic Security
Agentic LLM Vulnerability Scanner / AI red teaming kit
The open-source Agentic LLM Vulnerability Scanner. -
15
Brakeman
A static analysis security vulnerability scanner for Ruby on Rails app
Brakeman is a free vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development. Brakeman now uses the parallel gem to read and parse files in parallel. By default, parallel will split the reading/parsing into a number of separate processes based on number of CPUs. -
16
garak
Developers and anyone seeking an LLM solution to scan for vulnerabilit
...The standard pip version of garak is updated periodically. garak has its own dependencies, you can to install garak in its own Conda environment. garak needs to know what model to scan, and by default, it'll try all the probes it knows on that model, using the vulnerability detectors recommended by each probe. For each probe loaded, garak will print a progress bar as it generates. Once the generation is complete, a row evaluating the probe's results on each detector is given. -
17
Trail of Bits Skills Marketplace
Trail of Bits Claude Code skills for security research, vulnerability
Trail of Bits Skills Marketplace is a specialized Claude Code skills marketplace built by the security research firm Trail of Bits that focuses on enhancing AI-assisted workflows for vulnerability discovery, testing, and secure development. The repository groups a set of plug-in skills tailored toward static analysis, code auditing, secure defaults detection, and other practices that matter in software security. Users can easily add the marketplace to a Claude Code environment, browse available plugins, and install specific skills for tasks like automatic Semgrep rule creation, entry-point analysis in smart contracts, or insecure defaults detection. ... -
18
theHarvester
E-mails, subdomains and names
theHarvester is a very simple to use, yet powerful and effective tool designed to be used in the early stages of a penetration test or red team engagement. Use it for open source intelligence (OSINT) gathering to help determine a company's external threat landscape on the internet. The tool gathers emails, names, subdomains, IPs and URLs using multiple public data sources. -
19
Arduino IDE
Arduino IDE library
...This new IDE was developed with the goal of preserving the same interface and user experience of the previous major version in order to provide a frictionless upgrade. If you need assistance, see the Help Center and browse the forum. If you think you found a vulnerability or other security-related bug in this project, please read our security policy and report the bug to our Security Team. The builds are generated every day at 03:00 GMT from the main branch and should be considered unstable. -
20
tfsec
Security scanner for your Terraform code
tfsec is a static analysis security scanner for your Terraform code. Designed to run locally and in your CI pipelines, developer-friendly output and fully documented checks mean detection and remediation can take place as quickly and efficiently as possible. tfsec takes a developer-first approach to scanning your Terraform templates; using static analysis and deep integration with the official HCL parser it ensures that security issues can be detected before your infrastructure changes take... -
21
Kubescape
Kubescape is an open-source Kubernetes security platform for your IDE
...Kubescape is an open-source Kubernetes security platform, built for use in your day-to-day workflow, by fitting into your clusters, CI/CD pipelines and IDE. It serves as a one-stop-shop for Kubernetes security and includes vulnerability and misconfiguration scanning. You can run scans via the CLI, or add the Kubescape Helm chart, which gives an in-depth view of what is going on in the cluster. Kubescape includes misconfiguration and vulnerability scanning as well as risk analysis and security compliance indicators. All results are presented in context and users get many cues on what to do based on scan results. ... -
22
Trivy Operator
Kubernetes-native security toolkit
...The scans are summarised in security reports as Kubernetes Custom Resource Definitions, which become accessible through the Kubernetes API. The Operator does this by watching Kubernetes for state changes and automatically triggering security scans in response. For example, a vulnerability scan is initiated when a new Pod is created. This way, users can find and view the risks that relate to different resources in a Kubernetes-native way. The Trivy Operator automatically generates and updates security reports. These reports are generated in response to new workload and other changes on a Kubernetes cluster. -
23
PlantUML
Generate diagrams from textual description
Generate UML diagram from textual description. PlantUML is not affected by the log4j vulnerability. The easiest way to test PlantUML is in an online solution that has PlantUML embedded, such as our online server. After testing, you may want to install PlantUML locally. Run (or have your software call) PlantUML, using sequenceDiagram.txt as input. The output is an image, which either appears in the other software, or is written to an image file on disk. -
24
Wfuzz
Web application fuzzer
Wfuzz provides a framework to automate web applications security assessments and could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wfuzz it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web... -
25
Trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers
...Are you a Trivy fan as well? We’d love to hear from you! Trivy detects vulnerabilities from a wide array of operating systems and programming languages, across different versions, and vulnerability sources. Detect common misconfigurations with Trivy, using the same familiar tool and workflow that you already have in place for vulnerabilities. Trivy scans Terraform, CloudFormation, Docker, Kubernetes, and many other IaC configuration files for security issues right alongside vulnerabilities. Trivy IaC is brought to you by the team behind the popular tfsec project. ...