2008-Present http://www.cvedetails.com/product/18230/Python-Python.html?vendor_id=10210 There's a download link, but AFAICT not an API On Friday, February 17, 2017, Victor Stinner <victor.stinner@gmail.com> wrote:
Hi,
I wrote a tool to generate an HTML report on Python security vulnerabilities. It takes the following YAML file as input: https://github.com/haypo/python-security/blob/master/vulnerabilities.yml
And Python release dates, file written manually from Misc/NEWS: https://github.com/haypo/python-security/blob/master/python_releases.txt
The output is the HTML page: http://python-security.readthedocs.io/en/latest/vulnerabilities.html
For each vulnerability, you have a description and a list of links. From a list of commits, the tool computes the fixed Python and the number of days Python was vulnerable.
Can you please check data of my two input files?
What do you think of the page? Is it useful?
TODO:
* fix render_doc.py to support multiple lines in the table * add title to links * find the YAML syntax for "Issue #26657" :-) Current, #xxx is ignored since it's seen as a comment * maybe document in the YAML file how the Disclosure date was chosen
Maybe I should add a "vulnerable" column to list Python versions which are vulnerable.
If you consider the data useful and the data are double checked, the next step will to announce it.
Later, I plan to slowly fill vulnerabilities.yml with recent vulnerabilities, and then with older vulnerabilities.
FYI a few months ago, I generated the page manually, but quickly I realized that it's painful to compute all data and also to maintain manually such list. My old page: http://haypo-notes.readthedocs.io/python_security.html
Victor _______________________________________________ Security-SIG mailing list Security-SIG@python.org <javascript:;> https://mail.python.org/mailman/listinfo/security-sig