Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.endorlabs.com/llms.txt

Use this file to discover all available pages before exploring further.

A vulnerability is a security weakness in a software package that attackers can exploit to compromise systems, steal data, or disrupt operations. Open-source software often contains vulnerabilities that can introduce risks to your organization, if not managed properly. Endor Labs vulnerability database is a comprehensive compilation of known software vulnerabilities. You can search the vulnerability database to identify and discover vulnerabilities within your software dependencies. You can use the following vulnerability IDs to search within the Endor Labs platform:
Endor Labs supports vulnerability searches only for identifiers included in the meta.name or spec.aliases fields.

Search for a vulnerability

Search for vulnerabilities using supported security identifiers across your software dependencies.
  1. Sign in to Endor Labs and select Discover > Vulnerabilities from the left sidebar.
  2. Type a search query using a vulnerability ID (for example, CVE, GHSA) and click Search Vulnerabilities. Vulnerability Search You can view detailed information including the name of the vulnerability, CVE ID, vulnerability’s severity, description, and metadata to help users quickly identify important details about a vulnerability.
  3. Select Affected Packages to view a list of all software packages impacted by the identified vulnerability, including their names, introduced and fixed versions, and the source of the vulnerability data.
  4. Select a package to view its details.
    • Overview: Shows affected and fixed versions, severity, available patches, impacted classes, and a link to the fix commit. It helps users understand the issue and take necessary remediation steps. Affected packages overview
    • Endor Details: Shows affected call paths and file paths to help identify where the vulnerable code runs and what can trigger it in the project Affected Packages details
    • Impact: Shows each package version, along with the number of findings, how many projects use it, and how many other packages depend on it Affected Packages Impact
  5. Select Containers to see all container images in your organization with known vulnerabilities. It lists the affected packages, where each issue entered, whether fixes are available, and the severity of the issues. affected packages container