vulnerablecode icon indicating copy to clipboard operation
vulnerablecode copied to clipboard
verified publisher icon nexB

fedcode-next: Collect fix commits from pre-existing datasets

Open pombredanne opened this issue 3 months ago • 0 comments

We should focus on the database of manually reviewed fix commits and avoid automated fix commits.

OSV fix commits:

  • #767

Databases Requiring Review:

  1. project-kb:
  • https://github.com/SAP/project-kb/tree/vulnerability-data
  • https://github.com/SAP/project-kb/tree/main/MSR2019
  1. vulncode-db
  • https://github.com/aboutcode-org/vulnerablecode/issues/118
  1. linux_kernel_cves
  • https://github.com/aboutcode-org/vulnerablecode/issues/564
  1. Morefixes:
  • https://github.com/JafarAkhondali/Morefixes

  1. MSR_20_Code_vulnerability_CSV_Dataset https://github.com/ZeoVan/MSR_20_Code_vulnerability_CSV_Dataset

  2. GNU Libc fix commits

  • https://github.com/aboutcode-org/vulnerablecode/issues/1362
  1. Android fixes from
  • https://github.com/quarkslab/aosp_dataset

related issue

  • https://github.com/aboutcode-org/vulnerablecode/issues/1697

pombredanne avatar Oct 09 '25 15:10 pombredanne