devguard icon indicating copy to clipboard operation
devguard copied to clipboard
verified publisher icon l3montree-dev

Some CVEs have no base score assigned from the NIST, but have a score defined from github

Open refoo0 opened this issue 1 year ago • 1 comments

We should include github basescores, if there is currently no base score from the nist available.

Example: https://nvd.nist.gov/vuln/detail/CVE-2024-34351

https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g

refoo0 avatar Jul 22 '24 09:07 refoo0

I think we should at least take a look at this. I am fine with "not doing it after evaluating the necessary efforts and outcomes".

timbastin avatar Apr 02 '25 22:04 timbastin