-
**As** a Buyer
**I want** Security information about packages
**So that** I can make an informed decision
## Acceptance Criteria
**Given** A user is navigating a package on UDS Marketplace
**W…
-
**H2O version, Operating System and Environment**
H2O-3.40
**Actual behavior**
Our security team has identified following four CVEs with current version of H2O SparklingWater (3.40.x) notebooks.
…
-
The vulnerability report below was generated by [nixpkgs-crate-holes](https://code.tvl.fyi/tree/users/sterni/nixpkgs-crate-holes) which extracts the `Cargo.lock` file of each package in nixpkgs with a…
-
A few days ago two vulnerabilities were listed:
- [CVE-2024-34391](https://github.com/advisories/GHSA-6433-x5p4-8jc7)
- [CVE-2024-34392](https://github.com/advisories/GHSA-mg49-jqgw-gcj6)
Two i…
-
Hello, our audit reported a CVE on `path-to-regex`, can you update this deps? It is known on your side?
https://github.com/advisories/GHSA-9wv6-86v2-598j
```
┌─────────────────────┬──────────…
-
- [x] CVE 항목 이상함. "issue-13"? 제대로된 CVE 번호로
- [ ] 오류 경로 추가
-
/sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow:
Vulnerable: Safe RET, no microcode
-
A community user on Wazuh 4.8.0 has reported that version 4.8.0 of the vulnerability detector incorrectly reports some vulnerabilities. This issue aims to investigate these reports, verify the accura…
-
The idea is to add security analysis tool like [auditjs](https://github.com/sonatype-nexus-community/auditjs) to eliminate potential risks in release flow.
This can be done both for current and new…
-
### Description
v3.4 of the tool and have parameters to tell it to make a new json/vex file. The published and updated values it puts in for each CVE found is just the date this report was run. Shou…