advisory-database
advisory-database copied to clipboard
github
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Hi there! We have noticed that some CVEs affecting Spring libraries are not reported by Dependabot. This is caused by the fact that some CVEs are taking a long time...
- core.resources is affected as per https://mvnrepository.com/artifact/org.eclipse.platform/org.eclipse.core.resources/3.19.0 and https://deps.dev/maven/org.eclipse.platform%3Aorg.eclipse.core.resources/3.19.0 - help is affected as per https://mvnrepository.com/artifact/org.eclipse.platform/org.eclipse.help/3.10.0 and https://deps.dev/maven/org.eclipse.platform%3Aorg.eclipse.help/3.10.0
**Updates** - CVSS v4 - Severity **Comments** Use the same CVSS as in the advisory for consistency
**Updates** - Affected products - CVSS v3 - Description **Comments** FitNesse is an acceptance test automation framework, designed to execute fixture code on a host or network system. This CVE...
While conducting a deeper analysis of your repository to compare it with the NVD (National Vulnerability Database) in terms of usability and available information, with the goal of making life...
My name is Leonardo A. de Lima, and I am a computer science student at the Federal University of Rio de Janeiro. I am currently conducting research on open-source information...
https://github.com/advisories/GHSA-vmh3-vg2w-7g4f @wdp-gov/catalog-serialization-engine - WDP-GOV is one of the packages used by our dev team. As part of penetration test, we had performed dependency confusion attack via which we had uploaded...
Hi there, An npm package called 'ing-web' is unrightfully marked as malware: https://github.com/advisories/GHSA-5fx7-hqw3-mg99 However, the malicious code is already removed from the registry for a long time: https://www.npmjs.com/package/ing-web Can this...
Hello, I have a spreadsheet with a large number of Tomcat advisory updates (this sheet is not current with the latest Tomcat vulnerabilities) https://docs.google.com/spreadsheets/d/1b8XqUEK1PuOfTjm1jj-YSIoQa92A7uwjVfF06kd4bXg/edit?gid=0#gid=0 Many GitHub advisories for tomcat reference...
Hello there, Thank you for this great work but it seems that, according to my understanding, some bulletins are missing in the [`advisories` folder](https://github.com/github/advisory-database/tree/main/advisories) of this repository. For instance, I...
