Closed tomaarsen closed 2 years ago
Hey @tomaarsen 👋
Unfortunately, I don't believe GitHub exposes an API to their Security Advisories DB that would allow us to automatically publish the CVEs we issue to their interface. However, I'm pretty sure that they pull CVEs into their database - you can see some of the ones we've issued here.
Ooh, that is interesting. That saves some time. Sadly GitHub does not seem to allow the project owners to modify these advisories any further, which is a shame, but so be it. Thanks for the heads up!
Hello!
The GitHub documentation states that:
Is this practice recommended for CVE's discosed via huntr.dev? My understanding is that this will also publish the CVE on https://github.com/advisories, and send a Dependabot alert to affected repositories. Note that this simply re-uses the CVE number, and does not re-publish the CVE on e.g. MITRE.