-
Problem statement:
OSS users using OSV for vulnerability management have no standardized way to categorize vulnerabilities that they are currently or have historically been impacted by.
Research…
-
```mermaid
journey
title Scores History
section 8191578a1fe795793d066ef397346347e6175f3f
message: 3: gustfernandez
vulnerability: 4: gustfernandez
```
-
I shared a data visualization on LinkedIn regarding CWE data, highlighting gaps in coverage by CNAs (Common Vulnerabilities and Exposures Numbering Authorities) in the context of CVEs (Common Vulnerab…
-
https://cwe.mitre.org/data/definitions/609 Double-Checked Locking
https://cwe.mitre.org/data/definitions/663 Use of a Non-reentrant Function in a Concurrent Context
https://cwe.mitre.org/data/defini…
-
Vulnerability Severity: Low
Impact of Exploitation: Unauthorized Access to Sensitive Information, Privacy Violation
File Name - Line Number
\coturn\src\apps\relay\dbdrivers\dbd_mysql.c - 46, 55
…
-
Psalm does not detect Trust Boudary Violation (CWE-501) such as in this sample https://psalm.dev/r/5399ad3e59
I'll write a PR to fix this issue.
-
**Feature: Group similar vulnerabilities into main Vulnerability categories**
There are many vulnerability type categories, for a pretty cool sample take a look at the following:
``` https://githu…
-
The files also include "incidental cwe's". If the file is not vulnerable, but this cwe is found, it should be reflected in results to not be a false positive.
We should also reflect that in the fil…
-
Hi, when testing some CWE-IDs that are Category classes, it does not work. Any kind suggestion of workaround would be appreciated.
For example, when testing CWE-264, the error is:
AttributeError: …
-
Hi everyone,
Are there any plans to address below vulnerability, our scanner detected a few vulnerabilities that have been addressed in the latest Alpine Linux version for OpenSSL. Currently we are…