The first place to check for known security issues within software is the Common Vulnerabilities and Exposures (CVE) list available at https://cve.mitre.org/. The list is constantly updated by several institutions known as CVE Numbering Authorities (CNAs). These institutions include vendors and projects, vulnerability researchers, national and industry CERTs, and bug bounty programs.
The website also presents a search engine. With this, you can use several methods to learn about the vulnerabilities:
- You can enter the vulnerability number. These are prefixed by CVE with examples including CVE-2014-6271, the infamous ShellShock, or CVE-2017-5715, also known as Spectre).
- You can enter the vulnerability common name, such as the previously mentioned ShellShock or Spectre.
- You can enter the name of the software you want to audit, such as Bash or Boost.
For each search result, you can see the description as well as a list of references to other bug...