Are there any customizable vulnerability notification services?

Question

Are there any services (free or otherwise) that provide information on new vulnerabilities for a given piece of technology?

For example, say I want to be updated of all new Wordpress vulnerabilities via RSS or email? What would be my best option?

There is no best option. National vulnerability database offers CVE feeds which can be filtered by IfThisThenThat or Yahoo! Pipes. There are also mailing lists for most popular pieces of software. — Deer Hunter, Jun 14 '13 at 21:21
I use the National vulnerability database as a basis for SecureIT that shows you new vulnerabilities that your server/container/webapp might have. — João Antunes, Nov 28 '17 at 15:13
Vulmon Alerts (https://alerts.vulmon.com) is exactly what you are looking for. — Yavuz, Nov 14 '20 at 12:07
https://secalerts.co is also a free service that's been running for nearly 3 years now that does exactly this. Disclaimer: I run it. — Louis, Mar 12 '21 at 06:41

Michael · Answer 1 · 2020-08-02T19:40:22.297

7

2020 update: CVE Details has silently stopped being updated.

CVE Details allows you to "generate a custom RSS feed or an embedable vulnerability list widget or a json API call url", filterable on a large range of fields including product.

edited Aug 02 '20 at 19:40

answered Jun 20 '13 at 18:31

Michael

2,138
17
26

1

Looks like you only filter the feed by 1 product at a time, is that right? Would be great to have a collated feed based on multiple products you were interested in. – Simon East Sep 07 '17 at 02:05
Yes, I'm not aware of that capability if it has it. – Michael Oct 05 '17 at 17:44
Seems up-to-date as of 2023-03-21 – korkman Mar 21 '23 at 11:18

score 5 · Accepted Answer · edited Jun 20 '13 at 18:40

5

The Exploit Database have a twitter feed that updates regularly.

You could use tweetalarm with the keyword [webapps] - Wordpress, and set it to email you whenever a tweet containing that keyword is used. Then you would know about verified exploits for WordPress as soon as they are added to the database.

edited Jun 20 '13 at 18:40

Adi

44,095
16
138
170

answered Jun 14 '13 at 19:59

syb0rg

540
4
12

2

Tweetalarm now seems to be a dead link. – SilverlightFox Sep 02 '15 at 09:21

score 2 · Answer 3 · edited Jun 20 '13 at 18:42

2

US-CERT provides a free alerting service. They also have feeds from NCAS, which you can sign up for here: https://www.us-cert.gov/mailing-lists-and-feeds

While they don't offer a specific technology or product feed, you could filter them out yourself.

edited Jun 20 '13 at 18:42

Michael

2,138
17
26

answered Jun 14 '13 at 21:16

John Deters

34,205
3
61
113

score 2 · Answer 4 · edited Jun 20 '13 at 18:42

2

Secunia has a nice feed and allows one to sort by vendor as well as product. Long ago one could sign up for email alerts for free, but I don't think that is the case anymore.

edited Jun 20 '13 at 18:42

Michael

2,138
17
26

answered Jun 17 '13 at 21:05

k1DBLITZ

3,973
16
20

Are there any customizable vulnerability notification services?

4 Answers4