advisory-database
advisory-database copied to clipboard
github
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Greetings, I see a large influx of similar issues like this so sorry for only on to the pile. It looks like a private, and only internally used `npm` package...
We received a dependabot alert about this advisory: https://github.com/advisories/GHSA-w687-f44x-x42j It's very strange, because this isn't an NPM package - it's a built-in element of the Unity game engine and is...
We have a package in a private github packages repo called @contrast-security-inc/design-system-foundations. Somehow a package was also published to NPM https://www.npmjs.com/package/@contrast-security-inc/design-system-foundations The NPM team flagged this as containing malware. We've...
Related to https://github.com/github/advisory-database/issues/422 We started getting this dependabot alert https://github.com/advisories/GHSA-9824-332p-264p. It's unclear why this has happened, and I'm unsure how to resolve this. In the other issue the creator mentions...
Hi all, First of all, thanks for being participants in the GitHub Advisory Database! Your contributions make our community safer and stronger. If you are consuming this database in some...
There is [a tweet](https://twitter.com/s0md3v/status/1529005758540808192?s=21&t=SkR4KmTGPfmeJ1jVwmtLyg) making headlines about some malicious code discovered in some abandoned python and PHP packages. Does it make since to create GitHub advisory records for these? I...
**Release Notes Persisted** > Fixed an issue where `BrowserWindow#isFocused()` was returning `false` when `blur()` was called on macOS. __Originally posted by @release-clerk in https://github.com/electron/electron/pull/34030#issuecomment-1116990971__
👋 Hello! I work on the Product Security Team at HashiCorp that handles the vulnerability management and response process. I am reaching out on behalf of my team in response...
When analyzing https://github.com/aquasecurity/trivy/issues/2034 I was surprised to find the advisory id GHSA-qq97-vm5h-rrhg in two different states: 1. https://github.com/distribution/distribution/security/advisories/GHSA-qq97-vm5h-rrhg from the repo maintainers which seems to be the most up-to-date version,...
Hi, I just found out the ecosystem thingy is mandatory to put in affected versions. Is there a reason/need behind that? Because for example, WordPress plugins are in the database,...
