-
there a few existing vulnerability databases that have an "upstream source code" field. (eg. github and arch linux both have one, also NVE has some metadata links on each CPE)
using the various me…
-
### Current Behavior
When Dependency-Track came into existence around 2013, the only public and widely accepted vulnerability database was the NVD. Since its inception, DT has supported
mirroring of …
-
## Description
A community user has reported that version 4.8.x of the vulnerability detector incorrectly reports some vulnerabilities. This issue aims to investigate these reports, verify the accu…
-
https://security.snyk.io/vuln/SNYK-JS-ELLIPTIC-8187303
-
## Description
A community user has reported that version 4.8.0 of the vulnerability detector incorrectly reports some vulnerabilities. This issue aims to investigate these reports, verify the accu…
-
## Description
A community user has reported that version 4.8.1 of the vulnerability detector incorrectly reports some vulnerabilities. This issue aims to investigate these reports, verify the accu…
-
## Description
A community user has reported that version 4.8.0 of the vulnerability detector incorrectly reports some vulnerabilities. This issue aims to investigate these reports, verify the accu…
-
Hi,
Thank you for the write up and analysis. To help users identify the criticality of this it would be helpful if you:
- add the list of CVEs from the paper to the github and the date these were …
m8ram updated
2 months ago
-
Hey OSV team, thanks for your great work!
We're currently looking at how we can correlate vulnerabilities that describe the same thing.
As per specification, OSV has the [`aliases`](https://ossf…
-
As currently written the DB diff command will be cumbersome to keep as a feature while working on v6. We could leave DB diff in tact for v1-5 schemas, but this would be confusing for users attempting …