4/17/2018 known vulnerabilities - Are there any customizable vulnerability notification services?

- Information Security Stack Exchange

_
Information Security Stack Exchange is Here's how it works:
a question and answer site for
information security professionals. Join
them; it only takes a minute:

Sign up Anybody can ask Anybody can The best answers are voted
a question answer up and rise to the top

Are there any customizable vulnerability notification services? [duplicate]

This question already has an answer here:

How to subscribe to information about new vulnerabilities in selected products? [closed] 4 answers

Are there any services (free or otherwise) that provide information on new vulnerabilities for a given piece of technology?

For example, say I want to be updated of all new Wordpress vulnerabilities via RSS or email? What would be my best option?

known-vulnerabilities

asked Jun 14 '13 at 19:37

n0pe
228 2 9

marked as duplicate by TildalWave, Xander, NULLZ, Ayrx, Iszi Dec 1 '13 at 6:36
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new
question.

3 There is no best option. National vulnerability database offers CVE feeds which can be filtered by IfThisThenThat or Yahoo! Pipes. There
are also mailing lists for most popular pieces of software. – Deer Hunter Jun 14 '13 at 21:21

I use the National vulnerability database as a basis for SecureIT that shows you new vulnerabilities that your server/container/webapp
might have. – João Antunes Nov 28 '17 at 15:13

4 Answers

The Exploit Database have a twitter feed that updates regularly.

You could use tweetalarm with the keyword [webapps] - Wordpress , and set it to email
you whenever a tweet containing that keyword is used. Then you would know about verified
exploits for WordPress as soon as they are added to the database.

edited Jun 20 '13 at 18:40 answered Jun 14 '13 at 19:59

Adi syb0rg
39.8k 15 120 540 4 12
155

1 Tweetalarm now seems to be a dead link. – SilverlightFox Sep 2 '15 at 9:21

CVE Details allows you to "generate a custom RSS feed or an embedable vulnerability list
widget or a json API call url", filterable on a large range of fields including product.

edited Jun 20 '13 at 18:36 answered Jun 20 '13 at 18:31

Michael
https://security.stackexchange.com/questions/37519/are-there-any-customizable-vulnerability-notification-services 1/2
4/17/2018 known vulnerabilities - Are there any customizable vulnerability notification services? - Information Security Stack Exchange
1,724 10 22

1 Looks like you only filter the feed by 1 product at a time, is that right? Would be great to
have a collated feed based on multiple products you were interested in. – Simon East
Sep 7 '17 at 2:05

Yes, I'm not aware of that capability if it has it. – Michael Oct 5 '17 at 17:44

US-CERT provides a free alerting service. They also have feeds from NCAS, which you can sign
up for here: https://www.us-cert.gov/mailing-lists-and-feeds

While they don't offer a specific technology or product feed, you could filter them out yourself.

edited Jun 20 '13 at 18:42 answered Jun 14 '13 at 21:16

Michael John Deters
1,724 10 22 24.5k 2 35 79

Secunia has a nice feed and allows one to sort by vendor as well as product. Long ago one
could sign up for email alerts for free, but I don't think that is the case anymore.

edited Jun 20 '13 at 18:42 answered Jun 17 '13 at 21:05

Michael k1DBLITZ
1,724 10 22 3,426 8 19

https://security.stackexchange.com/questions/37519/are-there-any-customizable-vulnerability-notification-services 2/2