-
I'm working on a [vulnerability detection benchmark](https://github.com/timothee-chauvin/eyeballvul) using OSV as the main data source. Having as many CWE root causes as possible would be useful for t…
-
I was able to play CWE V8.1 (Chao World Extended, created by DarkyBenji and the rest of them) just fine on SA2 a while ago, but when I went to go play it today when I loaded the ModLoader, it download…
-
We need to update our CWE support to reflect the 2.8 version:
https://cwe.mitre.org/news/index.html#july312014_CWE_Version_2.8_Now_Available
-
The idea is to add security analysis tool like [auditjs](https://github.com/sonatype-nexus-community/auditjs) to eliminate potential risks in release flow.
This can be done both for current and new…
-
GitHub is adding the ability to handle security reports and fixes privately in their UI. Instead of creating an issue, the reporter creates a security advisory, and then GitHub allows discussing and h…
-
## CVE ID(s)
*List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the [GitHub Advisory Database](https://github.com/advisories).*
- Pending
## Rep…
-
We probably already discussed it, but I don't remember how this is supposed to work.
Should we be able to add "single code" to a CWE element ? Right now I can't do it (single code is greyed out at th…
-
~~-Adding in a new ideology 'Social Democracy' to represent right-social democratic parties, and using the existing 'socialist' ideology to represent left-social democrats or radical leftist parties t…
-
If you're spreading props from a user provided source we have a XSS. E.g.
```js
var data = JSON.parse(decodeURI(location.search.substr(1)));
function Foo(props) {
return {props.content};
}
…
-
Description: The lack of tha protection may allow the use of a Cross-Site Scripting
Potential Impact: Depends on the Cross-Site Scripting used when exploiting this lack of protection.
Affected part …