Jess Lowe
Jess Lowe
Some of the older curl vulnerabilities have nothing to distinguish their 'package' or ecosystem so aren't being categorized and therefore shown on osv.dev. Despite [CVE-2016-8616](https://curl.se/docs/CVE-2016-8616.json) existing in datastore, it is...
This is in preparation for CVE5 ingestion. It's not completed but it's a minimalish set.
fixes #3523 - added deduplication logic when duplicate commit hashes are found. - Added a testcase to test VersionInfo end-to-end to ensure no duplicate hashes. - Also added a series...
we log in a few different ways and they don't show up in the same log filter. Some logs are printed as errors, some aren't grouped properly @another-rex says to...
 The "Downstream"/"Upstream" fields should go above "Related" but below "Aliases". Downstream/Upstream data should also be sorted alphabetically before displaying.
 Example: https://osv.dev/vulnerability/CVE-2022-25761
https://github.com/user-attachments/assets/688048cc-8e22-4e9e-9c9b-7d93a78b21a3 Too many affected packages where all of the information is being displayed makes the information overwhelming for users. Possible solutions could include: - Better grouping - Collapse tabs by...
**Describe the bug** Due to the flow of the preput hook occurring before the alias or upstream computation, aliases aren't being shown for some vulns that don't have the full...
**Describe the bug** Due to an unhandled exception in the importer/sources.py file, when the schema validation of a file fails, the cron job was being killed. https://github.com/google/osv.dev/blob/7efca9136ce630a25f2a754d4b18148b0e0b8c4d/osv/sources.py\#L169C2-L173C12 This was noticed...