advisory-database
advisory-database copied to clipboard
github
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
e.g. ansi_term we provided informational advisory: https://rustsec.org/advisories/RUSTSEC-2021-0139.html But GHSA has different intepretation / representation: https://github.com/advisories/GHSA-74w3-p89x-ffgh It's an advisory as others but it should be represented in canonical way as RustSec...
I don't think GHSA-74w3-p89x-ffgh is a security advisory, and as such probably shouldn't be in Advisory Database. This crate does what it's supposed to, and there are no known security...
Follow-Up from: https://github.com/github/advisory-database/issues/683 as another issue We typically strive hard to include actionable advice as to any fixes if any on informational advisories. Currently GHSA Is omitting to include that...
Adding the C ecosystem would dramatically help organize CVE communication. For example, the OpenJPEG project has many CVEs from Chromium fuzzing. It is difficult to understand if certain CVEs have...
**Updates** - Affected products - Source code location - Summary **Comments** update vulnerable version range and the source code location.
**Updates** - References **Comments** Add a patch https://github.com/ESAPI/esapi-java-legacy/commit/41138fef5f63d9cf0d5e05d2bee2c7f682ffef3f, of which the commit message claims `Fix for Google Issue #306 and changes to address the side effects of the fix (i.e.,...
**Updates** - Affected products - References **Comments** Add a patch https://github.com/apache/cxf/commit/f8ed98e684c1a67a77ae8726db05a04a4978a445, of which the commit message claims `Update StaxInInterceptor to just create a html error message on the client side...
**Updates** - References **Comments** Add four patfches: https://github.com/apache/storm/commit/0fc6b522487c061f89e8cdacf09f722d3f20589 https://github.com/apache/storm/commit/efad4cca2d7d461f5f8c08a0d7b51fabeb82d0a https://github.com/apache/storm/commit/1117a37b01a1058897a34e11ff5156e465efb69 https://github.com/apache/storm/commit/f61e5daf299d6c37c7ad65744d02556c94a16a4 , of which the commit message claims `STORM-3052: Allow for blobs to be unzipped/untarred`
**Updates** - Affected products **Comments** The associated CVE was opened in error and we are moving it to the Rejected status. We'd like to retract this GHSA to avoid confusion...
**Updates** - Affected products **Comments** Based on the info from the NVD site linked in the GHSA "versions prior to 6.7.1 and 5.22.5" are affected. The table at the bottom...
