advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon github

Some bulletins are missing ?

Open maaaaz opened this issue 1 year ago • 1 comments

Hello there,

Thank you for this great work but it seems that, according to my understanding, some bulletins are missing in the advisories folder of this repository.

For instance, I can't find this bulletin: https://github.com/advisories/GHSA-gw4j-fhj8-497m (found with this search request).

Idem with "pymocks" (GHSA and OSV):

┌──[/tmp/]
└─$ git clone https://github.com/github/advisory-database/ && cd /advisory-database/advisories

┌──[/tmp/advisory-database/advisories]
└─$ rg pymocks

┌──[/tmp/advisory-database/advisories]
└─$ grep -inr pymocks

┌──[/tmp/advisory-database/advisories]
└─$ grep -inr "GHSA-8rgr-xgx4-q7jq"

┌──[/tmp/advisory-database/advisories]
└─$ grep -inr "MAL-2022-7426"

Whereas it is present in the PyPi OSV dataset:

$ unzip -l Pypi.zip |grep -i MAL-2022-7426
   2223  2024-07-21 09:37   MAL-2022-7426.json

Is there any reason for this repository not to contain all bulletins ?

Cheers!

maaaaz avatar Jul 16 '24 21:07 maaaaz

I have this vague recollection that Malware Advisories are treated differently... @calebbrown may be able to say more...

andrewpollock avatar Jul 26 '24 05:07 andrewpollock