github / advisory-database Public

Notifications
Fork 268
Star 1.5k

Code
Issues 46
Pull requests 27
Discussions
Actions
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Security
Insights

Issues: github/advisory-database

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

46 Open 99 Closed

Author

Filter by author

Label

Filter by label

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Milestones

Filter by milestone

Assignee

Filter by who’s assigned

Assigned to nobody

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Issues list

Credit Claim

#2991 opened Nov 24, 2023 by SCH227

Unable to improve advisory database for C / C++ packages

#2963 opened Nov 21, 2023 by mswilson

Does the advisory database cover other maven repositories?

#2900 opened Oct 31, 2023 by joshbressers

Need CVE auto-linking disambiguation to CVEs that belong to more than 1 project

#2869 opened Oct 19, 2023 by joakime

Extend GitHub's CNA scope

#2718 opened Sep 10, 2023 by Marcono1234

CONTRIBUTING.md references OSV schema while the actual repo/PR builds reject valid JSON

#2644 opened Aug 21, 2023 by daniel-beck

Support for zig packages in build.zig.zon

#2610 opened Aug 9, 2023 by figsoda

The wrong/unclear report for never-published packages focal-manual-tests and focal-todomvc

#2492 opened Jul 12, 2023 by oleksiilevzhynskyi

Reporting Inaccurate Affected Components in GitHub Advisory Database

#2467 opened Jul 5, 2023 by catch22out

Why not every CVE collected in GHSA?

#2451 opened Jun 25, 2023 by JustinB1eber

narrow version constrains of vulnerable radancy/dropr-client - GHSA-3crg-f8r3-cw5x

#2450 opened Jun 23, 2023 by Levivb

Package incorrectly identified as malware

#2405 opened Jun 13, 2023 by ashishbijlani

missed CVE-2019-3826 for github.com/prometheus/prometheus

#2341 opened May 31, 2023 by DmitriyLewen

Package vs module for go advisories

#2224 opened May 5, 2023 by ArthurBrillant

## Release the Library on Packagist

#2222 opened May 5, 2023 by superguysmal0326

1 task done

Should use "MEDIUM" instead of "MODERATE" in CVSS rating

#2189 opened Apr 24, 2023 by sschuberth

Dependency Submission API - Opam Protocol

#1897 opened Mar 31, 2023 by smorimoto

GHSA-hgwp-4vp4-qmm2 has no published or compatible non-vulnerable versions

#1742 opened Mar 2, 2023 by uhthomas

GHSA-mjmj-j48q-9wg2 is triggering for snakeyaml-engine but CVE is for just "snakeyaml"

#1720 opened Feb 23, 2023 by mr-c

julia ecosystem support

#1689 opened Feb 10, 2023 by anandijain

Feature: Provide advisories as CSAF

#1685 opened Feb 9, 2023 by tschmidtb51

Add support for Elixir Ecosystem for dependency graphs since the package manager hex.pm is already used for Erlang

#1661 opened Jan 31, 2023 by SupaMic

improve Dependabot Alert UI; allow markdown comments

#1643 opened Jan 27, 2023 by jtmoon79

Missing information in json files compared to the advisory page

#1580 opened Jan 7, 2023 by Hritik14

[Feature Request] Better transitive security disclosure and alerting

#1565 opened Jan 5, 2023 by msavy

Previous 1 2 Next

Previous Next

ProTip! Add no:assignee to see everything that’s not assigned.