Other Repositories of OVAL Content

Links to other known publicly accessible OVAL repositories are included below. Current total: 11

Altx-Soft Logo

Altex-Soft’s repository of OVAL content consists of OVAL Definitions imported from several sources. Created February 2012.
Repository: http://www.ovaldb.altx-soft.ru/

Center for Internet Security (CIS)
Center for Internet Security (CIS)

The CIS repository is the new official OVAL Repository following the transition away from MITRE. Created August 2015.
Repository: https://oval.cisecurity.org/repository

Cisco Systems Logo
Cisco Systems, Inc.

The Cisco Security Intelligence Operations repository consists of Cisco security advisories in the standardized Common Vulnerability Reporting Format (CVRF) and includes OVAL Vulnerability Definitions for the Cisco IOS security advisories. Created September 2012.
Repository: http://tools.cisco.com/security/center/publicationListing.x

Debian Project Logo
Debian Project

The Debian repository of OVAL content consists of OVAL Definitions that correspond to Debian security advisories. Created August 2010.
Repository: http://www.debian.org/security/oval/

Defense Information Systems Agency Field Security Operations (DISA FSO)

A repository of Security Technical Implementation Guides (STIGs) in support of Security Content Automation Protocol (SCAP) content and tools. Created: May 2012.
Repository: http://iase.disa.mil/stigs/scap/index.html

IT Security Database

This site collects OVAL Definitions from sources such as the OVAL Repository, Red Hat, Suse, NVD, Apache, etc., and provides a unified, easy-to-use Web interface to all IT security related items about them including patches, vulnerabilities, and compliance checklists. Created: November 2010.
Repository: http://www.itsecdb.com/oval

NIST Computer Security Division Logo
NIST Computer Security Division

The Security Content Automation Program (SCAP) is a public free repository of security content to be used for automating technical control compliance activities, vulnerability checking (both application misconfigurations and software flaws), and security measurement. Created January 2007.
Repository: http://scap.nist.gov/content/

Positive Technologies CJSC Logo
Positive Technologies CJSC

The Positive Technologies repository of OVAL content consists of OVAL Definitions collected from various sources. Created May 2012.
Repository: http://oval.ptsecurity.com

Red Hat, Inc. Logo
Red Hat, Inc.

The Red Hat repository of OVAL content consists of OVAL Patch Definitions that correspond to Red Hat Errata security advisories. Created May 2006.
Repository: http://www.redhat.com/oval

SecPod Technologies Logo
SecPod Technologies

SecPod SCAP Feed, also hosted as a repository, is a service providing standardized SCAP content (CVE™, CPE™, CCE™, XCCDF, and OVAL®) for vulnerability, patch, inventory, and compliance management. Created December 2010.
Repository: https://www.scaprepo.com

Security Database Logo

This Web site provides a mirror of the OVAL Repository and links its Alerts to OVAL Definitions when possible. Created February 2012.
Repository: http://www.security-database.com/oval.php


The SUSE Linux Enterprise OVAL Information database is an index of fixed security incidents indexed by product, RPM package name and version for use in security compliance checking. Created July 2010.
Repository: http://ftp.suse.com/pub/projects/security/oval/

Back to top

Page Last Updated: January 28, 2016