Technology vulnerability lookup for exact version checks.

Check a supported framework, library, or platform version against known security advisories, then review severity, identifiers, and fixed releases.

Free version correlation

Check a technology release

Choose a supported technology and enter the exact version you use. The lookup maps it to a software package and checks published affected-version data.

3 lookups per day
Search the supported technology catalog.
Examples: 3.7.1, 18.2.0, v1.9.3

Correlation workflow

How a technology vulnerability lookup works

A useful version check needs more than a product name. It must connect the name people recognize to the package coordinate used by an advisory, submit one exact version, and preserve enough context for a human to validate the result.

  1. 01

    Select a technology

    Choose a supported framework, library, or platform from the controlled catalog.

  2. 02

    Enter an exact version

    Use the installed release number, not a range or a vague major version.

  3. 03

    Correlate advisories

    Splorix maps the technology to its package identity and checks known affected releases.

  4. 04

    Validate and remediate

    Confirm the deployed package, assess reachability, and move to an appropriate fixed release.

Read results carefully

A version match is evidence, not a verdict

The result answers a narrow but valuable question: is this mapped package version listed as affected by a known advisory? It does not answer whether the package is really deployed in your environment or whether the vulnerable behavior can be reached.

Use the match to focus validation. Confirm the component in a lockfile or software bill of materials, read the advisory conditions, and examine the application path that uses the affected functionality.

Critical
Meaning
Potential for severe impact under the advisory conditions.
Response
Validate immediately and prepare an urgent remediation path.
High
Meaning
Significant confidentiality, integrity, or availability impact may be possible.
Response
Confirm exposure quickly and prioritize the upgrade.
Medium
Meaning
Meaningful impact that usually depends on configuration or access conditions.
Response
Assess reachability and include the fix in the near-term plan.
Low
Meaning
Limited direct impact or strong prerequisites are commonly involved.
Response
Review the conditions and address through normal maintenance.
Informational
Meaning
The source did not provide a usable severity classification.
Response
Read the advisory before deciding priority.

Why exact versions and package mappings matter

Technology names are for people

Teams often say React, Django, Laravel, or Spring Boot. Advisory systems usually describe packages using an ecosystem and package coordinate. A strict mapping prevents a familiar product name from being guessed into the wrong component.

Affected ranges are for releases

An advisory may affect 1.4.0 through 1.4.6, exclude a patched vendor build, or list different fixed releases across supported branches. Entering 1.x or latest removes the precision needed for that comparison.

TechnologyExample versionPackage identityWhy it helps
React18.2.0npm:reactSeparates the framework from similarly named products.
Django4.2.11PyPI:DjangoUses the package and ecosystem that release data describes.
Spring Boot3.2.5Maven:org.springframework.boot:spring-bootMakes the checked module visible before remediation decisions.

From signal to action

A practical remediation workflow

Turn a version match into a controlled decision. Each stage narrows uncertainty before the change reaches production.

  1. Step 1

    Confirm the package identity

    Check the lockfile, SBOM, build manifest, or runtime inventory. Product names and package names are not always interchangeable.

  2. Step 2

    Verify the deployed version

    Confirm what is actually running in production, including vendor backports and distribution-specific patches.

  3. Step 3

    Read the advisory conditions

    Review affected functions, configurations, privileges, platforms, and attack prerequisites before assigning urgency.

  4. Step 4

    Choose a supported fixed release

    Prefer a vendor-supported version, test compatibility, and avoid jumping to an unrelated release solely because it is newer.

  5. Step 5

    Deploy, test, and monitor

    Run regression and security checks, deploy through the normal release process, then verify that the old version is gone.

Common vulnerability lookup mistakes

Using a version range

Values such as 4.x, latest, or >=3.0 do not identify one release and can produce an unreliable match.

Treating detection as exploit proof

A matched advisory does not demonstrate that the vulnerable code path is enabled, reachable, or exploitable.

Ignoring vendor backports

Some operating system and enterprise vendors patch a release without changing the upstream-looking version in the expected way.

Confusing products and packages

A website banner may name a framework while the affected advisory applies to one specific module or package coordinate.

Assuming no match means no risk

Coverage, disclosure timing, private patches, configuration flaws, and unknown vulnerabilities remain outside a version lookup.

Upgrading without compatibility testing

A rushed dependency change can create outages or regressions. Security urgency still needs a controlled deployment plan.

Limits of version-based checks

Version correlation is one layer of software security. It cannot discover unknown vulnerabilities, prove that a package is loaded, detect every vendor patch, or evaluate authentication, access control, business logic, and deployment configuration.

Combine it with a maintained dependency inventory, SBOM review, source and build controls, runtime testing, endpoint discovery, and external attack surface monitoring.

Technology vulnerability lookup FAQ

What is a technology vulnerability lookup?

It correlates a named technology and exact version with published security advisories for the mapped software package. It helps identify versions that may require validation or an upgrade.

Why must I enter an exact version?

Affected-version rules are release-specific. A major version, range, or label such as latest cannot reliably show whether one installed release falls inside an advisory range.

Does a match prove that my application is exploitable?

No. A match is a package-and-version correlation. It does not test deployment, configuration, code-path reachability, compensating controls, or exploitation.

Does no result mean the version is secure?

No. It only means no matching advisory was returned for the selected package and version at check time. Unknown flaws, incomplete data, configuration weaknesses, and vendor-specific behavior may still matter.

Which technologies can I check?

The searchable list contains technologies with an explicit package mapping. Splorix does not guess package identities from arbitrary text because approximate matching would increase false positives.

How many free lookups can I run?

The public tool allows three lookups per day for each user or client IP. This limit protects the service from automated abuse.

What should I do after finding a vulnerability?

Confirm the package and deployed version, read the linked advisory, assess whether its conditions apply, identify a supported fixed release, test the change, and verify the upgrade after deployment.

Authoritative references

Continuous visibility

Move beyond one version lookup

Splorix continuously discovers exposed technologies, correlates confident exact versions with known advisories, and keeps potential findings in one workflow for validation and remediation.