advisory-database
advisory-database copied to clipboard
github
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
It is currently not very well documented, but https://github.com/ziglang/zig/issues/14290 is pretty self explanatory, as it just uses plain urls to tarballs and zip files. Homepage: https://ziglang.org/
https://github.com/google/osv.dev/issues/1084  ``` proxy | time="2023-03-02T10:45:00Z" level=info msg="proxy starting" commit=a70cda06add871b91a3f6a8d40365a448de324f9 proxy | 2023/03/02 10:45:00 Listening (:1080) updater | 2023-03-02T10:45:00.207699789 [617562476:main:WARN:src/devices/src/legacy/serial.rs:222] Detached the serial input due to peer close/error. updater |...
You already support Erlang (registry: https://hex.pm/) to build dependency graphs so you should implement the same functionality for Elixir projects which use the **mix.exs** script in root of a project...
While the [docs](https://docs.github.com/en/code-security/security-advisories/global-security-advisories/about-the-github-advisory-database#about-information-in-security-advisories) seem to state that both "MEDIUM" and "MODERATE" would be valid CVSS ratings as the docs are linking to "[Common Vulnerability Scoring System (CVSS), Section 5](https://www.first.org/cvss/specification-document)", that's...
For example: The https://github.com/github/advisory-database/blob/5b6aa08e4edaca41f91dbe18cf8c6fd65cefe528/advisories/github-reviewed/2023/01/GHSA-c653-6hhg-9x92/GHSA-c653-6hhg-9x92.json JSON does not contain the "credit" information from https://github.com/advisories/GHSA-c653-6hhg-9x92 Reference: https://github.com/nexB/vulnerablecode/issues/297#issuecomment-1373427020 by @pombredanne
For some reason the package specification `org.yaml:snakeyaml` is matching `org.snakeyaml:snakeyaml-engine` which is a completely different codebase. https://github.com/github/advisory-database/blob/6e5f74144c12295dd708627997c9249409fff18d/advisories/github-reviewed/2022/12/GHSA-mjmj-j48q-9wg2/GHSA-mjmj-j48q-9wg2.json#L21  https://github.com/common-workflow-language/cwljava/blob/63e794f42ed28a03a9bb5429b8e503edb320138c/pom.xml#L99 
Dear GitHub team, it would be nice, if your security advisories would also be available in the [Common Security Advisory Framework](https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html). CSAF specifies a standard way to [distribute security advisories](https://docs.oasis-open.org/csaf/csaf/v2.0/csaf-v2.0.html#72-roles)...
lately i spent some time writing a julia package to analyze the dependency graph of the Julia General registry https://github.com/JuliaRegistries/General/ with https://github.com/anandijain/MyPkgGraph.jl i'm wondering what it would take to have...
As of today, only security advisories created explicitly/directly by a repo admin [1] are shown in the advisories tab. You do not get to include 'official' CVEs that have been...
When developing embedded firmware in the Espressif ESP-IDF ecosystem, we need to refer to a specific (or minimal) version of the framework, which is actually installed independently from the firmware...
