-
While looking into a bug report, @annevk, @mozfreddyb, and I started thinking about better ways to coordinate discussion between browser vendors on issues that are grounded in the design/specification…
-
**Is your feature request related to a problem? Please describe.**
Currently two vulnerability services are offered, `pypi` and `osv`, but these are both based on pip-audit retrieving information f…
-
(personal notes ; will be expanded upon later.)
In the event, someone will write a daemon or a tool to scan (continuously) NixOS closures for security vulnerability, it would be interesting to coordi…
-
Split off from #7
create unambiguous definitions for the different states a product can be in such as "End Of Life", "End Of Development", ...
-
Hello CSAF team,
I have tried to look at the past discussions to find ay information on where embargo dates for a vulnerability disclosure may fit in. It looks like the TLP status is possible with …
-
Is there a way we can find if a dependency is transitive or not?
-
GOAL: Make the CNA processes more standardized and repeatable.
CHANGE: Define if and how CNAs assign CVE IDs to bundled third-party products.
OUTCOME: Reduce duplicate, increased transparency in p…
-
Document Title:
===============
ImportExportTools NG 10.0.4 - HTML Injection Vulnerability
References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2308
…
-
## Report
:warning: reported via `security@weave.works` on **January 18**...
**Describe**
```
High-Impact Subdomain Takeover
FQDN: wkp.weave.works
IP address: 13.49.241.153
Overview o…
-
OSCAL is meant to address a gap in the present technical infrastructure with respect to controls-based (RMF) security activities, and so to be complementary to existing standards in the security domai…