2020-05-17: Vulnerable versions reporting launched in beta mode
Project versions which may be affected by known CVEs are marked as such in project list
and project pages (example).
Counters of potentially vulnerable packages/projects available for repositories
and maintainers (example) are available.
List of known CVEs for each project is available (example).
Filtering based on potentially vulnerable status is available in projects list
CPE related problems are reported for repositories which provide CPE information
(currently Gentoo family and Ravenports).
CPE information needed to match CVEs and projects may be missing for most of the latter. We rely on
repositories providing CPE information (currently Gentoo family and Ravenports) and manual bindings,
but both are currently far from being complete. This is going to gradually improve, feel free to submit
reports/issues on missing CVE information.
Repology currently has no way to know that a certain vulnerability was patched in some repository,
so even if that's so, version will still be marked as "potentially vulnerable". If you're interested
in fixed this, see related Issue.