Cve Bin Tool Versions Save

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

v3.3

1 month ago

v3.3rc3

1 month ago

v3.3rc2

4 months ago

This pre-release improved the version compare function so it can handle certain distro versions and other special version cases more smoothly. Note that it does not have any special handling for hashes because they appear infrequently in the NVD data, but you may have some unpredictable results if you have hashes listed in an SBOM or local version.

auto-generated notes follow:

What's Changed

New Contributors

Full Changelog: https://github.com/intel/cve-bin-tool/compare/v3.3rc1...v3.3rc2

v3.3rc1

5 months ago

This has some fixes for the version compare function that were reported against the previous pre-release, as well as some new checkers and bugfixes. Automated release notes below.

What's Changed

New Contributors

Full Changelog: https://github.com/intel/cve-bin-tool/compare/v3.3a0...v3.3rc1

v3.3a0

6 months ago

Preview release for 3.3, which will hopefully be coming in December.

There's a lot of changes in this release (see below, more curated release notes to come), but I'm particularly eager to have people try out the new version compare function and make sure it is sufficiently robust for arbitrary versions, as we needed to migrate away from the function provided in python packaging as it could not handle some of the versions we see in the NVD data.

What's Changed

New Contributors

Full Changelog: https://github.com/intel/cve-bin-tool/compare/v3.2.1...v3.3.a0

v3.2.1

1 year ago

Due to a change in the data used for the curl data source, we're issuing a slightly out of band point release for users unable to use 3.2.

There are a number of checker updates to address false positives, new checkers, and other bug fixes and features as described below.

One commonly requested feature has made it into this release: generation of SBOMs. Please try it out and let us know where it can be improved!

Thanks especially to the many new contributors in this release (you can see the list at the bottom)

  • Many of you joined us via the Google Summer of Code 2023 selection process: I wish we'd had mentors and slots available to have more of you as paid contributors this year!
  • Some of you also joined us via the Intel Open Source Hackathon: thank you so much for taking the time to work with us and it's been a delight to work with so many experienced coders during the event.
  • And some of you just stopped by on your own with great ideas and fixes. Thank you!

What's Changed

New Contributors

Full Changelog: https://github.com/intel/cve-bin-tool/compare/v3.2...v3.2.1

v3.2.1rc0

1 year ago

v3.2

1 year ago

v3.2rc0

1 year ago

v3.1.2

1 year ago

Minor update to force a downgrade of packaging to allow use of LegacyVersion (fixes #2428)

This is intended to be a temporary fix while we finish up the 3.2 release, but I believe we will be able to backport the removal for LegacyVersion without much trouble, so there may be one more release for the 3.1 tree if it looks like 3.2 is going to take more than a week.

Full Changelog: https://github.com/intel/cve-bin-tool/compare/v3.1.1...v3.1.2