I am highly interested in finding Django CVE PoCs which would be useful to justify internally (and externally) upgrading services running old unsupported versions of Django (or backporting the patches from the supported versions, if applicable). This repository contains the string "Django" 35 times. There are false positives, like this one, where the string "POC" was found in the CVE description but it's actually saying "No POC found"<p><a href="https://github.com/trickest/cve/blob/967839a1f3dd2e43c3ca7af98749ae1712e69a04/2019/CVE-2019-19118.md" rel="nofollow">https://github.com/trickest/cve/blob/967839a1f3dd2e43c3ca7af...</a><p>The string "No POC found" appears 34,948 times in this repository. This is concerning, given this repo has ~1000 CVEs per year, and 24 years!<p>The GitHub links for each CVE are very low value, unfortunately, the modal link seems to be to a "awesome CVE" or "CVE POC list" repository of no value whatsoever.<p>I'd really like a CVE database where you can search by software and version and see which CVEs apply to your version, their severity, and which have PoCs. Anybody else feeling this would be valuable ?
For a curated collection of CVE PoCs that is continuously updated by the bug bounty community, check out the projectdiscovery nuclei repo: <a href="https://github.com/projectdiscovery/nuclei-templates/tree/master/cves" rel="nofollow">https://github.com/projectdiscovery/nuclei-templates/tree/ma...</a>
I would like to have a resource like this, but instead of the PoC I want to see the diff that fixed the flaw in the software.<p>Anything like that around? I know it isn't trivial.