Jon

Fantastic. Thank you much and I've updated our advisory to reflect 👍

@lechacon & @skofman1 sorry about that and sorry for the late reply (I was out for a few days). A colleague of mine has gone ahead and put those updates...

@G-Rath, normalized names in python are for the namespace in the python runtime. We focus on package names as they appear in pypi.

@oliverchang https://github.com/ossf/osv-schema/pull/42

Got all but two out. Double check me, but most of the info comes from friends of PHP. Zend is presenting a few issues so, I'll get to that next...

Apologies for the late reply on this thread, but for clarity what's happening is that malware is being uploaded to npm. These advisories are for the packages on npm and...

Hey all, joining this thread by way of https://github.com/github/advisory-database/pull/764 and I'm trying to make sense of it for advisory purposes. @henryrneh have you filed to update the CVEs? If so...

Closing this issue out as the advisory has been withdrawn. Apologies for the error 🙇

Hey @seng1e, any reason you want this advisory removed? We tend to keep malware takedown advisories live despite the package being pulled as well.

Hey @seng1e, similar to https://github.com/github/advisory-database/pull/705 we tend to keep these advisories live. What's your rational for removing it?