advisory-database
advisory-database copied to clipboard
github
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Currently, advisories often reference themselves (`references` array in JSON): - database advisory references itself, e.g. https://github.com/advisories/GHSA-r23g-3qw4-gfh2 - database advisory references repository advisory (with same GHSA ID), e.g. https://github.com/advisories/GHSA-xr7p-8q82-878q Or are...
My organization uses Terraform for nearly all automated deployments. Each Terraform Workspace has [an associated lock file](https://developer.hashicorp.com/terraform/language/files/dependency-lock) that represents each provider and version the configuration uses. I would like to...
Hello, a good number of LaTeX packages which are on the CTAN (https://ctan.org/) registry are hosted on GitHub including the LaTeX3 Project and LaTeX2e itself. It would be good if...
https://nixos.org/ https://nixos.org/manual/nix/unstable/command-ref/new-cli/nix3-flake.html
C & C++ don't have an official dependency management system, however some have sprung up over the years. none of these is currently supported here. it'd be great if support...
## Background I co-create and maintain a fairly large open source project (Apiman). It's an API Management platform, and one of its niches is integration and extensibility/pluggability. One of the...
**Updates** - Affected products - CWEs - References - Source code location - Summary **Comments** Inspecting one of the [fix commits](https://github.com/apache/tomcat/commit/2344a4c0d03e307ba6b8ab6dc8b894cc8bac63f2) shows that the affected component is under `org.apache.coyote.http2` which...
**Updates** - References **Comments** The Drools project has moved in GitHub to the Apache Incubator, so the link to PR 3808 was broken.
**Updates** - Affected products **Comments** According to the description of the vulnerability announcement Affected Spring Products and Versions at https://spring.io/security/cve-2022-22978. The affected version has an error and is recommended to...
My github org is currently receiving many webhooks of the [`security_advisory.published`](https://docs.github.com/en/webhooks/webhook-events-and-payloads#security_advisory) type. My understanding is that these advisories are general in nature and are not necessarily received due to a...
