News

2021-09-06

• Added MPR repository.

2021-08-26

• Added versioned Debian repositories 8, 9, 10, 11, 12 as well as corresponding backports, where available. "Debian Stable" and "Debian Testing" repositories are now deprecated and will be removed in 2 months. History and events of new repositories will start from scratch, as migration deemed to be too difficult.
• Added NOIR Linux repository.

2021-08-18

• Added Spack repository.

2021-07-15

• Added UBI repository.

2021-06-30

• Added Software Collections repository.

• RPM version parsing improved:

  • Prerelease suffixes (alphaX, betaX, rcX etc.) are now parsed from RPM release field and appended to the version. This fixes a lot of false new versions from RPM repos.
  • Versions from RPM repos are now ignored when release field suggest a snapshot (starts with zero, contains dates or git commits).
  • All RPM parsers now use unified logic.

2021-05-25

• Added MELPA Stable repository.

2021-05-01

• Added Rocky Linux repository.

2021-03-25

• Added AlmaLinux repository.
• Added postmarketOS repositories.

2021-03-15

• Added SageMath repositories.

2021-02-26

• Added Artix repository.

2021-02-02

• Added openmamba repository.

2020-12-08

• Pagination now available for problems lists.

2020-12-02

• Added AIX Toolbox repository.

2020-11-25

• Added Apertis repositories.

2020-11-05

• Readded PyPI repository. It required setting up a dedicated service, as PyPI developers do not care to provide usable data.

2020-10-22

• Added Chaotic-AUR repository.

2020-09-29

• Added MidnightBSD Mports repository.
• Added Gentoo Science overlay repository.

2020-07-26

• Added RebornOS repository.

2020-07-25

• Added IBM i repository.

2020-05-24

• Added winget repository.

2020-05-18

• Added Ataraxia Linux repository.

2020-05-17: Vulnerable versions reporting launched in beta mode

• Project versions which may be affected by known CVEs are marked as such in project list and project pages (example).
• Counters of potentially vulnerable packages/projects available for repositories and maintainers (example) are available.
• List of known CVEs for each project is available (example).
• Filtering based on potentially vulnerable status is available in projects list (example).
• CPE related problems are reported for repositories which provide CPE information (currently Gentoo family and Ravenports).

Possible shortcomings:

• CPE information needed to match CVEs and projects may be missing for most of the latter. We rely on repositories providing CPE information (currently Gentoo family and Ravenports) and manual bindings, but both are currently far from being complete. This is going to gradually improve, feel free to submit reports/issues on missing CVE information.
• Repology currently has no way to know that a certain vulnerability was patched in some repository, so even if that's so, version will still be marked as "potentially vulnerable". If you're interested in fixed this, see related Issue.
• Both false positives and false negatives are possible for a lot of other reasons, including incorrect data in National Vulnerability Database itself. See more related issues on general improvements and individual cases. However, total number of errors is quite low and is going to improve further too.

2020-05-11

• Added Siduction repository.

2020-05-09

• Added LiGurOS repositories.

2020-04-10

• Added openEuler repository.
• Added Gentoo GURU overlay.

2020-03-19

• Added ConanCenter repository.

2020-01-09

• Added Carbs Linux repository.