advisory-database
advisory-database copied to clipboard
github
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Currently, you need to redo the *entire* contribution and then make your change in one go if you want to make a change to an existing contribution you've made. Otherwise,...
E.g. https://github.com/github/advisory-database/blob/d6004eb8de91ad341605da869ab1b9f1e4abe433/advisories/github-reviewed/2017/10/GHSA-hgmw-x865-hf9x/GHSA-hgmw-x865-hf9x.json refers to "arabic-prawn", which is not a valid gem name according to RubyGems: ```bash > curl https://rubygems.org/api/v1/gems/arabic-prawn.json This rubygem could not be found.% # Gem install will similarly...
I was comparing the results of [`osv-detector`](https://github.com/G-Rath/osv-detector) to [`local-php-security-checker`](https://github.com/fabpot/local-php-security-checker) and found a few advisories that don't seem to be in the database: https://symfony.com/blog/twig-sandbox-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2017-9841 https://symfony.com/blog/cve-2019-18887-use-constant-time-comparison-in-urisigner https://github.com/FriendsOfPHP/security-advisories/blob/master/erusev/parsedown/CVE-2018-1000162.yaml https://github.com/FriendsOfPHP/security-advisories/blob/master/erusev/parsedown/CVE-2019-10905.yaml https://github.com/FriendsOfPHP/security-advisories/blob/master/sabberworm/php-css-parser/CVE-2020-13756.yaml https://github.com/FriendsOfPHP/security-advisories/blob/master/squizlabs/php_codesniffer/2017-05-18.yaml https://github.com/FriendsOfPHP/security-advisories/blob/master/squizlabs/php_codesniffer/2017-03-01.yaml...
I can't submit this via the standard way as the advisory doesn't exist in this database yet due to #19. 4.1.1 was published to fix GHSA-93q8-gq69-wqmw for the 4.x line:...
I went to this advisory https://github.com/advisories/GHSA-8489-44mv-ggj8 and on the right clicked the [Suggest improvements for this vulnerability](https://github.com/advisories/GHSA-8489-44mv-ggj8/improve). I just removed the log4j-api packages and left the rest as they were....
Hi Can the advisory database be downloaded? I would prefer to have a local database and query my data against it instead of calling the graphql endpoint for advisories for...
OSV supports Package URL, however, the OSV feeds in this repo do not appear to have purls. This request is to enhance all OSV files to include purl.
**Updates** - Affected products - Summary **Comments** To make myself admin without permission
**Updates** - Affected products - Description - References **Comments** Adding more technical information about the issue and link to working proof of concept and possible solutions. (More details about the...
