Dmitry Marakasov

I can query potential problems for you though. Query for reference (packages in guix which have no cpe_name defined, which have related vulnerabilities with cpe_product different to package name, and...

There's not much to look at - they just use all CPE fields. I've tried to get away with just _product_ and _vendor_, but it didn't work out. Using only...

Another example: https://repology.org/project/espresso/versions

It has nothing to do with inspiration, there's just a pile of technical problems. Apart from just parsing nvd, we - need a way to match nvd entries with repology...

- [x] :bulb:Ravenports has CPE_VENDOR/CPE_PRODUCT as well, usr it if it's available in the dump or request exposure otherwise

For the record, I've spotted an incorrect CVE information which leads to false positive. Here's a CVE which makes latest OpenVPN version look vulnerable, while in fact it refers to...

This looks easy to implement, however it won't be of much use as of now. The cause is discrepancy between source and binary packages - repology works with the former,...

Should be doable with recently added `project_names` table (may need additional index though)

XXX: while here, also rename `openmandriva_4` to `openmandriva_4_0` (#1010)

> Do we need to ignore versions from newly introduced repositories at all? Turns out it is completely pointless. For instance, even if we mark all start dates as untrusted...