aboutcode-org
diff --git a/‎vulnerabilities/forms.py‎
Lines changed: 9 additions & 0 deletions b/‎vulnerabilities/forms.py‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎vulnerabilities/improvers/__init__.py‎
Lines changed: 16 additions & 0 deletions b/‎vulnerabilities/improvers/__init__.py‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎vulnerabilities/migrations/0092_advisoryalias_advisoryreference_advisoryseverity_and_more.py‎
Lines changed: 6 additions & 6 deletions b/‎vulnerabilities/migrations/0092_advisoryalias_advisoryreference_advisoryseverity_and_more.py‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎vulnerabilities/migrations/0093_alter_advisoryreference_reference_id.py‎
Lines changed: 0 additions & 23 deletions b/‎vulnerabilities/migrations/0093_alter_advisoryreference_reference_id.py‎
Lines changed: 0 additions & 23 deletions
diff --git a/‎vulnerabilities/migrations/0093_alter_advisoryv2_datasource_id_and_more.py‎
Lines changed: 145 additions & 0 deletions b/‎vulnerabilities/migrations/0093_alter_advisoryv2_datasource_id_and_more.py‎
Lines changed: 145 additions & 0 deletions
@@ -35,6 +35,15 @@ class VulnerabilitySearchForm(forms.Form):
     )
 
 
+class AdvisorySearchForm(forms.Form):
+
+    search = forms.CharField(
+        required=True,
+        widget=forms.TextInput(
+            attrs={"placeholder": "Advisory id or alias such as CVE or GHSA"}
+        ),
+    )
+
 class ApiUserCreationForm(forms.ModelForm):
     """
     Support a simplified creation for API-only users directly from the UI.
 
@@ -20,6 +20,16 @@
 from vulnerabilities.pipelines import flag_ghost_packages
 from vulnerabilities.pipelines import populate_vulnerability_summary_pipeline
 from vulnerabilities.pipelines import remove_duplicate_advisories
+from vulnerabilities.pipelines.v2_improvers import compute_package_risk as compute_package_risk_v2
+from vulnerabilities.pipelines.v2_improvers import (
+    computer_package_version_rank as compute_version_rank_v2,
+)
+from vulnerabilities.pipelines.v2_improvers import enhance_with_exploitdb as exploitdb_v2
+from vulnerabilities.pipelines.v2_improvers import enhance_with_kev as enhance_with_kev_v2
+from vulnerabilities.pipelines.v2_improvers import (
+    enhance_with_metasploit as enhance_with_metasploit_v2,
+)
+from vulnerabilities.pipelines.v2_improvers import flag_ghost_packages as flag_ghost_packages_v2
 
 IMPROVERS_REGISTRY = [
     valid_versions.GitHubBasicImprover,
@@ -49,6 +59,12 @@
     add_cvss31_to_CVEs.CVEAdvisoryMappingPipeline,
     remove_duplicate_advisories.RemoveDuplicateAdvisoriesPipeline,
     populate_vulnerability_summary_pipeline.PopulateVulnerabilitySummariesPipeline,
+    exploitdb_v2.ExploitDBImproverPipeline,
+    enhance_with_kev_v2.VulnerabilityKevPipeline,
+    flag_ghost_packages_v2.FlagGhostPackagePipeline,
+    enhance_with_metasploit_v2.MetasploitImproverPipeline,
+    compute_package_risk_v2.ComputePackageRiskPipeline,
+    compute_version_rank_v2.ComputeVersionRankPipeline,
 ]
 
 IMPROVERS_REGISTRY = {
 
@@ -1,4 +1,4 @@
-# Generated by Django 4.2.20 on 2025-05-21 05:33
+# Generated by Django 4.2.20 on 2025-05-27 10:43
 
 from django.db import migrations, models
 
@@ -67,7 +67,7 @@ class Migration(migrations.Migration):
                         blank=True,
                         db_index=True,
                         help_text="An optional reference ID, such as DSA-4465-1 when available",
-                        max_length=200,
+                        max_length=500,
                     ),
                 ),
             ],
@@ -261,7 +261,7 @@ class Migration(migrations.Migration):
                 (
                     "advisory_id",
                     models.CharField(
-                        help_text="An advisory is a unique vulnerability identifier in some database, such as CVE-2020-2233",
+                        help_text="An advisory is a unique vulnerability identifier in some database, such as PYSEC-2020-2233",
                         max_length=50,
                     ),
                 ),
@@ -293,7 +293,7 @@ class Migration(migrations.Migration):
                     ),
                 ),
                 (
-                    "created_by",
+                    "datasource_ID",
                     models.CharField(
                         help_text="Fully qualified name of the importer prefixed with themodule name importing the advisory. Eg:vulnerabilities.pipeline.nginx_importer.NginxImporterPipeline",
                         max_length=100,
@@ -330,7 +330,7 @@ class Migration(migrations.Migration):
                     "affecting_packages",
                     models.ManyToManyField(
                         help_text="A list of packages that are affected by this advisory.",
-                        related_name="fixing_advisories",
+                        related_name="affected_by_advisories",
                         to="vulnerabilities.packagev2",
                     ),
                 ),
@@ -346,7 +346,7 @@ class Migration(migrations.Migration):
                     "fixed_by_packages",
                     models.ManyToManyField(
                         help_text="A list of packages that are reported by this advisory.",
-                        related_name="affected_by_advisories",
+                        related_name="fixing_advisorues",
                         to="vulnerabilities.packagev2",
                     ),
                 ),
 
@@ -0,0 +1,145 @@
+# Generated by Django 4.2.20 on 2025-05-27 12:30
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0092_advisoryalias_advisoryreference_advisoryseverity_and_more"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="advisoryv2",
+            name="datasource_ID",
+            field=models.CharField(
+                help_text="Fully qualified name of the importer prefixed with themodule name importing the advisory. Eg:nginx_importer_v2",
+                max_length=100,
+            ),
+        ),
+        migrations.AlterField(
+            model_name="advisoryv2",
+            name="fixed_by_packages",
+            field=models.ManyToManyField(
+                help_text="A list of packages that are reported by this advisory.",
+                related_name="fixing_advisories",
+                to="vulnerabilities.packagev2",
+            ),
+        ),
+        migrations.CreateModel(
+            name="AdvisoryExploit",
+            fields=[
+                (
+                    "id",
+                    models.AutoField(
+                        auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+                    ),
+                ),
+                (
+                    "date_added",
+                    models.DateField(
+                        blank=True,
+                        help_text="The date the vulnerability was added to an exploit catalog.",
+                        null=True,
+                    ),
+                ),
+                (
+                    "description",
+                    models.TextField(
+                        blank=True,
+                        help_text="Description of the vulnerability in an exploit catalog, often a refinement of the original CVE description",
+                        null=True,
+                    ),
+                ),
+                (
+                    "required_action",
+                    models.TextField(
+                        blank=True,
+                        help_text="The required action to address the vulnerability, typically to apply vendor updates or apply vendor mitigations or to discontinue use.",
+                        null=True,
+                    ),
+                ),
+                (
+                    "due_date",
+                    models.DateField(
+                        blank=True,
+                        help_text="The date the required action is due, which applies to all USA federal civilian executive branch (FCEB) agencies, but all organizations are strongly encouraged to execute the required action",
+                        null=True,
+                    ),
+                ),
+                (
+                    "notes",
+                    models.TextField(
+                        blank=True,
+                        help_text="Additional notes and resources about the vulnerability, often a URL to vendor instructions.",
+                        null=True,
+                    ),
+                ),
+                (
+                    "known_ransomware_campaign_use",
+                    models.BooleanField(
+                        default=False,
+                        help_text="Known' if this vulnerability is known to have been leveraged as part of a ransomware campaign; \n        or 'Unknown' if there is no confirmation that the vulnerability has been utilized for ransomware.",
+                    ),
+                ),
+                (
+                    "source_date_published",
+                    models.DateField(
+                        blank=True,
+                        help_text="The date that the exploit was published or disclosed.",
+                        null=True,
+                    ),
+                ),
+                (
+                    "exploit_type",
+                    models.TextField(
+                        blank=True,
+                        help_text="The type of the exploit as provided by the original upstream data source.",
+                        null=True,
+                    ),
+                ),
+                (
+                    "platform",
+                    models.TextField(
+                        blank=True,
+                        help_text="The platform associated with the exploit as provided by the original upstream data source.",
+                        null=True,
+                    ),
+                ),
+                (
+                    "source_date_updated",
+                    models.DateField(
+                        blank=True,
+                        help_text="The date the exploit was updated in the original upstream data source.",
+                        null=True,
+                    ),
+                ),
+                (
+                    "data_source",
+                    models.TextField(
+                        blank=True,
+                        help_text="The source of the exploit information, such as CISA KEV, exploitdb, metaspoit, or others.",
+                        null=True,
+                    ),
+                ),
+                (
+                    "source_url",
+                    models.URLField(
+                        blank=True,
+                        help_text="The URL to the exploit as provided in the original upstream data source.",
+                        null=True,
+                    ),
+                ),
+                (
+                    "advisory",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="exploits",
+                        to="vulnerabilities.advisoryv2",
+                    ),
+                ),
+            ],
+        ),
+    ]