advisory-database
advisory-database copied to clipboard
github
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Hello Team, The wrong advisory is creating a confusion among team. Here is the advisory link https://github.com/advisories/GHSA-7wg2-c6vw-c9mc GitHub report on our SDK package as malware is incorrect. There is no...
**Updates** - Affected products - CVSS v3 - CVSS v4 - CWEs - Summary **Comments** Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-14221
**Updates** - Affected products **Comments** The packages match what is in GHSA-9qr9-h5gf-34mp advisory GHSA-9qr9-h5gf-34mp lacks alias to CVE-2025-55812 but suggestions for improvements lack the ability to suggest additional aliases. Given...
This pull request updates the advisory data for `GHSA-fv66-9v8q-g76r.json` by adding version range information for the affected `next` and `react` npm packages. These additions clarify which versions are impacted and...
**Updates** - Affected products - CVSS v3 **Comments** Repor
**Updates** - CVSS v3 - CVSS v4 - Severity **Comments** sha256:4232e547f04af7f5c9f6e873d56dd740caae50a20f95146e63082b7fb15de803
# Proposal: Add Attack Type Classification to Malware Advisories ## Problem Statement The current malware advisory system in the GitHub Advisory Database creates a significant security coverage gap. **Dependabot suppresses...
We've been working with the Drupal community and OSV team to have Drupal advisories published in OSV format and ingested into osv.dev, with the database living here: https://github.com/DrupalSecurityTeam/drupal-advisory-database We've recently...
Hi Team, Just noticed the malware warning in package **@wdp-gov/lineage-component** was raised. The package was published as part of testing of Dependancy Confusion vulnerability in our private repo. After testing...
The com.unity.modules.terrain package identified in GHSA-p239-rfgf-c4jh is not a NPM package. Any package registered on npmjs in this regard is not Unity created and does not affect the com.unity.modules.terrain package....
