JonathanLEvans

> Yes, I think there's an issue in general. The attack complexity is Low and not High. Could you provide more details? The disclosure does not provide enough details to...

1. Without additional details, there is no way to assess the claim so I lean toward keeping the current value. 2. I want to make sure I understand the SaaS...

@EliahKagan, thank you for your contribution. The changes will be approved. For the future, if you make changes to the repo-level GHSA, we will automatically be notified of the change...

Hi @sunSUNQ, could you please explain how the new reference relates to the vulnerability?

Thank you for bringing this to our attention! We appreciate your interest in seeing Haskell supported in the advisory database. We will investigate what would be involved to add support...

Hi @shivakumar-loginsoft, Sorry for the slow reply and thank you for bring this to our attention! You are correct, the vulnerability is fixed in 8.1.2. I will update the advisory....

Hi @aburmash Thank you for the interest in improving the advisory database. We use the [golang.org/x/crypto](https://pkg.go.dev/golang.org/x/crypto) module name rather than the [golang.org/x/crypto/ssh](https://pkg.go.dev/golang.org/x/crypto/ssh) package name for the advisory because the dependency...

Thanks for the feedback @aburmash, we recognize that listing the module rather than just the specific subpackage (e.g., [golang.org/x/crypto/ssh](http://golang.org/x/crypto/ssh)) may result in broader alerts. This approach is necessary to ensure...

Hi @MikeKoval, Sorry for the slow response and thank you for the contribution! It looks like v1.4.5-lts.2 only received a partial fix. v1.4.5-lts.2 received https://github.com/expressjs/multer/commit/a4be1d56b7f1b373389da074ac3e9b929449d98a. However, it was later noticed...

Thank you for your questions. First, we have updated the descriptions for the advisories to more accurately describe the impact of the malware. As to the reason behind the initial...