advisories
advisories copied to clipboard
wolfi-dev
Security advisory data for Wolfi
Bumps the actions group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner) and [actions/checkout](https://github.com/actions/checkout). Updates `step-security/harden-runner` from 2.13.2 to 2.13.3 Release notes Sourced from step-security/harden-runner's releases. v2.13.3 What's Changed Fixed an issue where process...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Looks like it's missing advisories for openjdk-21 CVE-2025-50106 cc @xnox
**Description** https://images.chainguard.dev/security/CVE-2020-15945 Expand references, and navigate to debian tracker at https://security-tracker.debian.org/tracker/CVE-2020-15945 lua5.3 is not-affected, as the bug is specific to 5.4.0 Thus status should be package lua5.4 not affected, code...
**Description** https://images.chainguard.dev/security/CVE-2019-6706#/ CVE is about 5.3 version stream. 5.3.5 was never packaged in Wolfi, as 5.3 was introduced at 5.3.6. I think it should only say lua5.3, not affected, code...
**Description** See https://github.com/wolfi-dev/os/pull/21715/files and https://blog.packagist.com/composer-2-7-7/ Shouldn't that be listed here 🤔
We have automation that automatically created CVE detection events which is great! Some packages that have subpackages have related advisory PRs created but also have merge conflicts. Some examples: https://github.com/wolfi-dev/advisories/pull/788...
## Summary Currently, we require a dedicated .yaml file for each application version, with it's own set of advisories. Often these can be more or less copy/paste between app versions....
## Context Every once in a while, a distro package's name changes. One reason for this is that we create a **version stream** for that package, such as in [this...
One of the vestigial aspects of our advisory data today that lingers from our beginning with the Alpine "secfixes" approach is that we don't actually enumerate a list or range...