14

Are there any services (free or otherwise) that provide information on new vulnerabilities for a given piece of technology?

For example, say I want to be updated of all new Wordpress vulnerabilities via RSS or email? What would be my best option?

n0pe
  • 403
  • 1
  • 4
  • 9
  • 3
    There is no best option. [National vulnerability database](http://web.nvd.nist.gov/view/vuln/search) offers CVE feeds which can be filtered by [IfThisThenThat](http://ifttt.com) or [Yahoo! Pipes](http://pipes.yahoo.com). There are also mailing lists for most popular pieces of software. – Deer Hunter Jun 14 '13 at 21:21
  • I use the National vulnerability database as a basis for [SecureIT](https://secureit.io) that shows you new vulnerabilities that your server/container/webapp might have. – João Antunes Nov 28 '17 at 15:13
  • Vulmon Alerts (https://alerts.vulmon.com) is exactly what you are looking for. – Yavuz Nov 14 '20 at 12:07
  • https://secalerts.co is also a free service that's been running for nearly 3 years now that does exactly this. Disclaimer: I run it. – Louis Mar 12 '21 at 06:41

4 Answers4

6

2020 update: CVE Details has silently stopped being updated.

CVE Details allows you to "generate a custom RSS feed or an embedable vulnerability list widget or a json API call url", filterable on a large range of fields including product.

Michael
  • 2,118
  • 15
  • 26
  • 1
    Looks like you only filter the feed by 1 product at a time, is that right? Would be great to have a collated feed based on multiple products you were interested in. – Simon East Sep 07 '17 at 02:05
  • Yes, I'm not aware of that capability if it has it. – Michael Oct 05 '17 at 17:44
5

The Exploit Database have a twitter feed that updates regularly.

You could use tweetalarm with the keyword [webapps] - Wordpress, and set it to email you whenever a tweet containing that keyword is used. Then you would know about verified exploits for WordPress as soon as they are added to the database.

Adi
  • 43,808
  • 16
  • 135
  • 167
syb0rg
  • 550
  • 4
  • 12
2

US-CERT provides a free alerting service. They also have feeds from NCAS, which you can sign up for here: https://www.us-cert.gov/mailing-lists-and-feeds

While they don't offer a specific technology or product feed, you could filter them out yourself.

Michael
  • 2,118
  • 15
  • 26
John Deters
  • 33,650
  • 3
  • 57
  • 110
2

Secunia has a nice feed and allows one to sort by vendor as well as product. Long ago one could sign up for email alerts for free, but I don't think that is the case anymore.

Michael
  • 2,118
  • 15
  • 26
k1DBLITZ
  • 3,933
  • 14
  • 20