Dataset for Golang featuring vulnerable code and corresponding fixes (i.e commit code), covering both CVE-based and synthetic issues. CWE based categorizations are also present.
- CVE info is taken from NVD, Golang vuln db and CVEFixes dataset
- The schema of the dataset is compatible with OSV schema specification.
- The unified vulnerability file adds NVD metrics, repository info and commits info.
- Last update time of Go VulnDB: June 10 2024
- The Python representation of the schema can be seen here.
- The CVEs generated for all extracted vulnerabilities is present here
- The original Go vulnerability db files are uploaded here
- The NVD vulnerability db files are uploaded here
- File changes are taken from CVEFixes dataset or direct git pull through references in CVEInfo
- A few change sets those are very large (>4MB) are dropped. This number is very small for now (<5)
- The zipped changes files are present here
- All info collected for base CWEs under software development (i.e CWE-699) are present here.
- The CWE info present from the MITRE database is enriched for adding functional primary and secondary categorizations. This is done using
GPT-4o. - The final categorized list is present here
- A few top n lists defined by MITRE are also present here
- A few views are created for analysis purposes and added here
- Checkout the repository
- Make sure you have poetry installed as described here
- cd to the repository and do
poetry install