Vulnerability-Lookup 4.5.0 released

We are pleased to announce the release of Vulnerability-Lookup 4.5.0!

This release strengthens Vulnerability-Lookup on both data collection and analysis.

We now ingest sightings from Telegram channels, with roughly 200,000 Telegram sigthings collected so far. Each vulnerability page also gains new interactive visualisations: sighting type repartition, source repartition, and an experimental adaptive forecast based on the TARDISSight prototype.

TARDISSight was presented last week in Munich during the FIRST CTI Conference, and the related paper is available on arXiv.

The EPSS feeder has also been substantially reworked for lower memory usage and more reliable ingestion.

What’s New

Screencast

The screencast below gives a quick overview of the new charts, filtering interactions, and forecast behavior introduced in 4.5.0.

If your browser cannot play WebM inline, you can still download the file directly from this link.

Highlights

  • new: [sightings] Sightings can now originate from Telegram channels via the companion Vulnerability-Lookup Telegram sighting tool.
  • new: [templates] Three new tabs on every vulnerability page: sighting type repartition (pie chart), source repartition (pie chart grouping URLs by hostname and collapsing Telegram and MISP feeds), and an experimental adaptive forecast (logistic when the trend is rising, exponential decay when falling — a JavaScript port of the TARDISSight prototype). Each chart is interactive and filters the sightings table when clicked. d8bfc88, 8e2ed8c, 0640874, d573e31
  • new: [templates] Display trend slope (linear fit on daily counts) near the sightings chart. 7e22eb0
  • new: [sightings] Optional content field on the Sighting model and API. 4923f87
  • new: [templates] Add download/correlations icons to the sightings table on the vuln page. 6de9cf1

Screenshots

Adaptive forecast chart on a vulnerability page Adaptive forecast view based on the observed trend.

Source repartition chart grouped by source hostnames Source repartition chart, including grouped feed origins.

Sighting type repartition chart with table filtering Sighting type repartition chart with interactive filtering.

Alternate view of the sighting type repartition chart Alternative chart state for a different vulnerability timeline.

Click any image to view it in full size.

Changes

  • chg: [api] Use case-insensitive substring match for the sighting source filter. db8e14f
  • chg: [schema] Align Sighting JSON schema with the model. 67cc01f
  • chg: [templates] Index page now displays published proofs of concept instead of confirmed sightings. 8908ce3
  • chg: [security] Switch markdown URL sanitizer to a scheme allowlist. 347c9b4
  • chg: [feeders] EPSS feeder improvements: configurable ingestion from Kvrocks with API fallback, Redis pipelining, year-boundary fix, reduced memory usage, error handling for GitHub API calls. EPSS scores are no longer published on the Redis pub/sub channel. 939d800, eabc5ad, a9be57e, 2a1c75d, 7d9867b, 054d4ab, 9a0822e, 9277d03, ac9a9f4
  • chg: [templates] Improve full-text search UX and clarify exact vs approximate matching. 05d5ef9
  • chg: [dependencies] The project now requires Python >=3.11,<4.0; restrict myst-parser to Python ≥3.11; updated gevent. 69d36da, 27d1300, 28bad8c
  • chg: [dependencies] Updated Python and JavaScript dependencies. 74902de, 9d5ab76, 44fe2a2, ecb766e
  • chg: [github] Added issue templates and pull request template. d4a74b8
  • chg: [documentation] Updated README and contributor notes. 09aca11, 8ed689f

Fixes

  • fix: [security] Hardened several DOM-injection sites against XSS, including escaping vendor/product and vulnerability ID in the sightings correlations tooltip; URLs are now normalized before the scheme check. 68b96c8, e4f4da0, 205dad1
  • fix: [forecast] Restrict decay fit to post-peak data so the forecast cannot contradict the observed trend. acd8425
  • fix: [disclosure] Warn about CSRF expiry on the new disclosure form and extend token lifetime. baff893
  • fix: [templates] Long credit names no longer break layout. cc267fe

Changelog

📂 For the full list of changes, check the GitHub release:
https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v4.5.0

🙏 Thank you to all contributors and testers!

Feedback and Support

If you encounter any issues or have suggestions, feel free to open a ticket on our GitHub repository:
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/
Your feedback is always appreciated!

Follow Us on Fediverse/Mastodon

You can follow us on Mastodon and get real-time information about security advisories:
https://social.circl.lu/@vulnerability_lookup/