Holly Gong
Holly Gong
The criticality score for repo [github-scarecrow](https://github.com/Alan32Liu/github-scarecrow) is 0.20436, but this repository is a testing repository with no pull request. > ~/go/bin$ ./criticality_score -gcp-project-id=clusterfuzz-external -format json https://github.com/Alan32Liu/github-scarecrow > 2023-06-02 11:03:42.172 INFO...
**The CVE ID** https://osv.dev/vulnerability/CVE-2024-32760 **Describe the data quality issue observed** The Alpine package shows both introduced and fixed versions as 0 **Suggested changes to record** This might be due to...
The current API queries for ecosystem-specific versions require pre-enumeration of all affected versions per package. This PR will allow API queries for all non-enumerated ecosystems by comparing the queried version...
`OSV.dev` currently uses `Pipenv` for managing Python dependencies, but it's causing a number of issues, such as https://github.com/google/osv.dev/pull/2170. **Key Concerns with Pipenv** `PyPA` Recommendation: `Pipenv` is not officially recommended by...
**Is your feature request related to a problem? Please describe.** For Alpine and Debian security tracker entries, we should add their links to the `References` section on OSV.dev. **Describe the...
Call analysis is no longer experimental ``` ExperimentalAnalysis: map[string]models.AnalysisInfo{ "OSV-1": {Called: false}, }, ```
Our test instance lacks real-life traffic, making it difficult to catch API query errors. Converting [tools/api-performance-test](https://github.com/google/osv.dev/tree/master/tools/api-performance-test) into a cron job that runs for one hour daily. This job will send...
The current OSV structure combines vulnerability data from different resources (e.g., NVD, Alpine, Debian) into a [single CVE entry ](https://osv.dev/vulnerability/CVE-2024-28757) based on shared CVE IDs. This approach leads to overly...
The [vulnerability list](https://osv.dev/list?page=2&ecosystem=Debian) page on OSV.dev currently displays a `Fix available` tag for vulnerabilities if at least one affected package has a fix. But when filtering vulnerabilities by a specific...
OSV [doesn't combine issues ](https://github.com/google/osv.dev/blob/02575ef484fe7fd5b88e38f347163062d53df30c/vulnfeeds/cmd/debian/main.go#L114)with the `not yet assigned` urgency tag from the Debian Security Tracker because we thought the status of those issues might change soon. But we've observed...