advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon github

Why not every CVE collected in GHSA?

Open JustinB1eber opened this issue 2 years ago • 3 comments

Accroding to the document, it seems that github security advisory database would collect every CVE from NVD image But I have seen a few CVEs not in GHSA, neither reviewed nor unreviewed, e.g. CVE-2023-31058

JustinB1eber avatar Jun 25 '23 07:06 JustinB1eber

unreviewed

spcompanyf15t33n avatar Jul 03 '23 05:07 spcompanyf15t33n

Accroding to the document, it seems that github security advisory database would collect every CVE from NVD image But I have seen a few CVEs not in GHSA, neither reviewed nor unreviewed, e.g. CVE-2023-31058

spcompanyf15t33n avatar Jul 03 '23 05:07 spcompanyf15t33n

Hey @JustinB1eber, thank you so much for writing in about this. We do have one small gap in our data, which is advisories originated from a GitHub security advisory which get a CVE but which are not part of our supported ecosystems. This is a date flow error that we are planning to correct.

Can you share any CVEs that you find which are not in our Advisory Database so I can confirm the issue is the same and that we don't have any other leaks?

KateCatlin avatar Oct 18 '23 19:10 KateCatlin