advisory-database
advisory-database copied to clipboard
github
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Hey all! Recently we've noticed that our python [monorepo llama-index](https://github.com/run-llama/llama_index) was flagged with a CVE (and there is likely more incoming in the future from huntr.com). While this is fine,...
Why was the `ecosystem_specific` field with the vulnerable functions described removed? For example, GHSA-3f63-hfp8-52jq had this field with the described `eval` function, on February 13 the `ecosystem_specific` field was removed....
The CVSS 4.0 calculator on the advisory improvement screen does not support non-base (i.e. threat, environmental, and supplemental) metrics, as defined in the [spec](https://www.first.org/cvss/v4-0/specification-document). There are a couple problems with...
The "Delete PR staging and head branches" (`.github/workflows/delete_staging_and_head_branches.yaml`) workflow currently fails when a PR was merged by the 'advisory-database' bot, because that bot is already deleting the source branch itself....
When you use the "Suggest improvements for this vulnerability" link of an advisory (bottom right corner), it automatically creates a pull request here in this repository. The problem is that...
You seem to to create CVSS v4 scores for *some* advisories as I found out in https://github.com/github/advisory-database/pull/5032. I condensed the original discussion into this issue. There are some problem with...
I want to include unreviewed advisories when searching for CVEs, such as CVE-2024-31074, using the GraphQL API. This functionality is already available on the web interface and appears to be...
If I understand correctly, you currently only review advisories about Composer packages from https://packagist.org/. Are there plans to add support for other well known Composer repositories like [https://packages.drupal.org/](https://www.drupal.org/docs/develop/using-composer/using-packagesdrupalorg) or https://wpackagist.org?...
