vulnerablecode

vulnerablecode copied to clipboard

ERROR during installation

1

I am currently facing this issue while installing vulnerable code in my system locally. My system has python 3.9.18 , git version 2.45.2 and psql (PostgreSQL) 16.4 (Debian 16.4-1). This...

Samk1710

### **Issue:** #1549 Hey everyone, this pull request brings a few key improvements to how we handle package versions. Here’s what’s new: ### **Version Handling Improvements:** introduced a new Version...

Rishi-source

No vulnerabilities found for Go packages / Percent-Encoding in purl

1

Hello, I use ORT 34.0.0 in combination with VulnerableCode. The _GoMod_ ORT package analzyer returned a dependency: ``` id: "Go::github.com/quic-go/quic-go:0.40.0" purl: "pkg:golang/github.com%2Fquic-go%[email protected]" ``` On first sight, the purl looks strange,...

wkl3nk

Make the "pager" usable when browsing search results

4

Shared by a shy user through a private email: > BTW, I just ran into the pager on Vulnerable Code, this could be improved: > > https://public.vulnerablecode.io/packages/search?page=2&search=sudo > > If...

pombredanne

From https://github.com/aboutcode-org/vulnerablecode/issues/1617 This issue is also for SCIO Shared by a shy user through a private email: > BTW, I just ran into the pager on Vulnerable Code, this could...

pombredanne

It would be great to display more results per page when searching for packages. 20 is not much. But at the same time, a generic search is not the main...

pombredanne

Incorrect severity score due to identical Reference URLs

3

When multiple distinct scores have the same reference URL, we end up overwriting the VulnerabilitySeverity. See the SUSE example below, where different vulnerabilities have identical sets of severity. | ![Screenshot...

keshav-space

Address Apache HTTPD issue

1

``` ______________________________________ test_updated_advisories[ApacheHTTPDDataSource-config17] ______________________________________ data_source = 'ApacheHTTPDDataSource', config = {'etags': {}} @pytest.mark.webtest @pytest.mark.parametrize( ("data_source", "config"), ((data["data_source"], data["data_source_cfg"]) for data in IMPORTER_REGISTRY), ) def test_updated_advisories(data_source, config): if not data_source == "GitHubAPIDataSource":...

pombredanne

Current implementation of `unique_content_id` is unstable because the order of keys is not preserved in `JsonField`. On PostgreSQL by default `JsonField` uses `jsonb`, which does not preserve the order or...

keshav-space

Collect some PyPI malicious packages

1

The data from this Slovak agency https://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/ seems intersting and not always in CVE

pombredanne