github
Missing information in json files compared to the advisory page
For example: The https://github.com/github/advisory-database/blob/5b6aa08e4edaca41f91dbe18cf8c6fd65cefe528/advisories/github-reviewed/2023/01/GHSA-c653-6hhg-9x92/GHSA-c653-6hhg-9x92.json JSON does not contain the "credit" information from https://github.com/advisories/GHSA-c653-6hhg-9x92
Reference: https://github.com/nexB/vulnerablecode/issues/297#issuecomment-1373427020 by @pombredanne
Hey @Hritik14 thanks for reaching out with this! We're currently working on adding credits (and credit types) to the JSON files.
Can you tell me about how this came to your attention? Was there something you wanted to do with credit information from the JSON files?
Hello @KateCatlin! We're developing an open vulnerabilities database at https://github.com/nexB/vulnerablecode and are interested in all advisory data that we may find. In my understanding, the web advisory page gets generated using the given json files but this doesn't seem to be the case as json files contain less (and not more) information than available on the web page.
I do not think it is ideal to scrape the webpage for anything, instead if you could provide a structured source of all data present on the webpage, it would be great!
Makes sense, thanks @Hritik14. I'll keep this thread updated when we launch!
Hey @Hritik14 update on this–
We did indeed ship our work to support different credit types on advisories. But due to technical reasons, displaying credit information in the JSON files would have made this epic 2-3x as much work, so we cut that part for now.
I understand this is likely frustrating and I'm using this feedback to more highly prioritize getting credit information into JSON files in a future quarter.
Leaving this issue open for others to chime in for support if desired!
I'm missing support for this as well. I have some advisories that I want credited, which were imported from NVD mostly, but am unable to correctly update this information.
