Art Manion
Art Manion
A few times I've selected a public date and did not fully select time, so vulnogram did not write out DATE_PUBLIC. I figured out my mistake, but perhaps set a...
The CVE Services do allow a record to move from Rejected to Published. In some interaction flows Vulnogram gives an error and does not allow this. Load Rejected CVE ID...
CVE ADP (Authorized Data Publisher) allows an authorized entity to add data to CVE entries, specifically entries that the ADP does not "own" / is not the CNA for. The...
Support CPE for the "affected" array: https://cveproject.github.io/cve-schema/schema/v5.0/docs/#oneOf_i0_containers_cna_affected_items_cpes This issue is only to support syntactically correct CPE, not to validate CPE field content and not to handle submission to or approval...
# Summary # How should CNA updates to CVE Records be handled, specifically updates made *after* enrichment? ## Motivation and context ## The current process does not add enriched data...
**Describe the bug** @mentioning a username in VINCEComm discussions is ambiguous. **To Reproduce** Access a case in VINCE, draft a message in a discussion, @mention someone, for a specific example,...
The `vexctl create --help` gives this example ```shell vexctl create --product="pkg:apk/wolfi/[email protected]?arch=x86_64" \ --product="pkg:apk/wolfi/[email protected]?arch=armv7" \ --vuln="CVE-2023-12345" \ --status="fixed" ``` Running this command however only outputs the last `--product`: ```shell $ vexctl...
Looking at CISA Vulnrichment ADP data, I obvserve that the ADP dateUpdated is different in CVE Services compared to the GitHub repository. IIUC CVE Services writes dateUpdated within CNA and...
https://github.com/google/security-research/security/advisories/GHSA-hhv7-p4pg-wm6p https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2025-12.json https://mail.python.org/archives/list/[email protected]/message/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://www.cve.org/CVERecord?id=CVE-2025-8291
In all Vulnrichment content, including any custom JSON (KEV, SSVC), use consistent timestamps. Per discussion with the CVE AWG, the format should be: %Y-%m-%dT%H:%M:%S.%fZ (e.g., 2025-07-11T00:00:00.000Z) This should match [`timestamp`](https://github.com/CVEProject/cve-schema/blob/ce5f5c865f14dc40a6548d36b74751abca1c588a/schema/CVE_Record_Format.json#L91)....