Exploit And Vulnerability Intelligence

Package Manager Support

VulnCheck Exploit & Vulnerability Intelligence supports a wide range of both Open Source Software library package managers and Operating System package managers.

VulnCheck Exploit & Vulnerability Intelligence tracks package dependencies across a wide range of programming language package managers and Operating System package managers.

For tracked packages, VulnCheck includes vulnerability, license, research attributes, and fix information when possible.

Supported Programming Language Package Managers

Below is a list of currently supported Programming Language package managers:

Package ManagerIndex NameExample Detection
Cargo (Rust)cargohttps://api.vulncheck.com/v3/purl?purl=pkg:cargo/fltk@0.13.9
CocoaPods (Swift, Objective-C)cocoapodshttps://api.vulncheck.com/v3/purl?purl=pkg:cocoapods/OLMKit@3.1.0
Composer (PHP)composerhttps://api.vulncheck.com/v3/purl?purl=pkg:composer/shopware/platform@6.4.19.0
Conan (C/C++)conanhttps://api.vulncheck.com/v3/purl?purl=pkg:conan/assimp@5.1.0
gem (Ruby)gemhttps://api.vulncheck.com/v3/purl?purl=pkg:gem/rack@2.2.6.3
Golanggolanghttps://api.vulncheck.com/v3/purl?purl=pkg:golang/google.golang.org/grpc@v1.52.0-dev.0.20221122221613-09fc1a349826
Hackage (Haskell)hackagehttps://api.vulncheck.com/v3/purl?purl=pkg:hackage/aeson@0.3.2.8
hex (Erlang, Elixir)hexhttps://api.vulncheck.com/v3/purl?purl=pkg:hex/coherence@0.1.2
Maven (Java, Scala, Kotlin, Clojure, Groovy, Gosu)mavenhttps://api.vulncheck.com/v3/purl?purl=pkg:maven/org.keycloak/keycloak-services@21.0.0
npm (JavaScript, TypeScript, CoffeeScript, Scala.js)npmhttps://api.vulncheck.com/v3/purl?purl=pkg:npm/sysend@1.3.2
NuGet (C#, F#, Visual Basic)nugethttps://api.vulncheck.com/v3/purl?purl=pkg:nuget/Masuit.Tools.Core@1.9.5.1
opam (OCaml)opamhttps://api.vulncheck.com/v3/purl?purl=pkg:opam/jose@0.8.1
PyPI (Python)pypihttps://api.vulncheck.com/v3/purl?purl=pkg:pypi/aioxmpp@0.6.0
Pub (Dart/Flutter)pubhttps://api.vulncheck.com/v3/purl?purl=pkg:pub/archive@1.0.8
Swiftswifthttps://api.vulncheck.com/v3/purl?purl=pkg:swift/github.com/vapor/leaf-kit@1.0.0

Supported Operating System Package Managers

Below is a list of currently supported Operating System package managers:

Package ManagerIndex NameExample Detection
Alma Linuxalmahttps://api.vulncheck.com/v3/purl?purl=pkg:rpm/alma/dovecot@2.3.16-2.el8%3Fdistro=almalinux-8
Alpine Linuxalpinehttps://api.vulncheck.com/v3/purl?purl=pkg:apk/alpine/curl@7.54.0-r0?arch=x86
Amazon Linuxamazonhttps://api.vulncheck.com/v3/purl?purl=pkg:rpm/amazon/openswan@2.6.36-2.15%3Farch=x86_64%26distro=amazon-linux-1
Arch Linuxarchhttps://api.vulncheck.com/v3/purl?purl=pkg:alpm/arch/linux-zen@5.9.6.zen1-1%3Farch=x86_64%26distro=arch
CBL-Marinercbl-marinerhttps://api.vulncheck.com/v3/purl?purl=pkg:rpm/cbl-mariner/busybox@1.31.0-21
CentOScentoshttps://api.vulncheck.com/v3/purl?purl=pkg:rpm/centos/ipsec-tools@0.2.5-0.7?arch=i386&distro=rhel3.3
Chainguardchainguardhttps://api.vulncheck.com/v3/purl?purl=pkg:apk/chainguard/zlib@1.2.11-r3?arch=x86
Debiandebianhttps://api.vulncheck.com/v3/purl?purl=pkg:deb/debian/e2fsprogs@1.46.2-2?arch=arm64%26distro=debian-11
Fedora Linuxfedorahttps://api.vulncheck.com/v3/purl?purl=pkg:rpm/fedora/bsdtar@3.6.0-3.fc37%3Farch=x86_64%26distro=fedora-37
Oracle Linuxoraclehttps://api.vulncheck.com/v3/purl?purl=pkg:rpm/oracle/bash@3.2-33.el5.1.0.1%3Farch=x86_64%26distro=oracle-linux-5
Red Hat Enterprise Linux (RHEL)redhathttps://api.vulncheck.com/v3/purl?purl=pkg:rpm/redhat/bash-0@4.4.18-14.el8%3Farch=x86_64%26distro=redhat-enterprise-linux-8.0
Rocky Linuxrockyhttps://api.vulncheck.com/v3/purl?purl=pkg:rpm/rocky/libidn2@2.1.2.el8%3Farch=x86_64%26distro=rocky-8
SUSE Linux Enterprise Server (SLES)susehttps://api.vulncheck.com/v3/purl?purl=pkg:rpm/suse/GraphicsMagick-devel@1.3.25%3Farch=x86_64%26distro=opensuse-leap-42.3
Ubuntu Linuxubuntuhttps://api.vulncheck.com/v3/purl?purl=pkg:deb/ubuntu/vim@2:8.1.2269-1ubuntu5.12%3Fdistro=ubuntu-22.04
Wolfiwolfihttps://api.vulncheck.com/v3/purl?purl=pkg:apk/wolfi/zlib@1.2.11-r3?arch=x86

Query by Package URL

To query for vulnerabilities by Package URL (purl), simply call /v3/purl?purl=:purl as follows:

curl --request GET \
    --url https://api.vulncheck.com/v3/purl?purl=pkg:pypi/aioxmpp@0.6.0 \
    --header 'Accept: application/json' \
    --header 'Authorization: Bearer insert_token_here'

The above example requests a list of vulnerabilities in version 0.6.0 of the aioxmpp package from pypi.

Download Offline Backup

To request a specific offline backup, simply call /v3/backup/:index as follows:

curl --request GET \
    --url https://api.vulncheck.com/v3/backup/gem \
    --header 'Accept: application/json' \
    --header 'Authorization: Bearer insert_token_here'

The above example requests an offline backup for the gem index, which is the index tracking Ruby Gems. Note: downloading an offline backup requires a paid subscription license to VulnCheck.

NVD Migration

VulnCheck makes it easy to migrate from the NIST NVD to VulnCheck Exploit & Vulnerability Intelligence.

Package URL Detections

VulnCheck Exploit & Vulnerability Intelligence supports detecting a wide range of concerns for both Open Source Software library packages and Operating System packages.