-
#### **Description:**
To enhance the security monitoring of our repositories, we need to integrate a process that fetches security advisories using the GitHub API. This will allow us to programmati…
-
Currently, we only enforce that a `csaf_security_advisory` has at least one `product_status`. That allows the production of CSAF security advisories with all products in status `fixed`. One might impl…
-
While the VRChat staff team has been amazingly cooperative and fast with our requests to have older versions blocked, it shouldn't be something we should depend on. That was our only real option in th…
-
### Describe the bug
Some security advisories are missing data in the Updated Packages Information section. As a result, it is not possible to determine which packages should be updated to mitigate t…
-
# What's the problem this feature will solve?
It would make a higher-level of package security a default.
# Description
I would like uv to only download packages that do not have entries in t…
-
Currently, mapping of packages and security advisories is done in a semi-automatic way. This is, upon insertion of an upstream security advisory, we already know the packages that fix the advisory. Si…
-
Hi there!
We have noticed that some CVEs affecting Spring libraries are not reported by Dependabot. This is caused by the fact that some CVEs are taking a long time to be included in the National V…
-
I reported four security issues through the Private Vulnerability Reporting (PVR), but I have not received a response yet.
Could you please check the reports?
You can check the reports using the f…
-
For a while now we have had security advisories available through an API on packagist.org: https://packagist.org/apidoc#list-security-advisories. Packagist.org also lists advisories on packages and ma…
-
As rubedo is an Anti-Cheat system for Minecraft, it would be highly effective to open any critical security advisories using GitHubs built-in feature for private vulnerability disclosure.
Hence, pl…