-
Gabbi sources its Ruby specific CVE info from RubySec, but RubySec appears to be aware of issues such as the [recent Nokogiri one](https://rubysec.com/advisories/CVE-2022-23476/) that Gabbi is not inf…
-
For scripts, I'm thinking _"same as perl"_.
What about for the reports themselves?
RustSec, RubySec are CC0 (public domain), PHPSec is Unlicense (public domain), Go Vuln DB, PiPy, Github is CC-B…
garu updated
2 months ago
-
Please check https://github.com/rubysec/ruby-advisory-db/blob/master/LICENSE.txt .
Determine and enable the detection of correct license expression for the above LICENSE.
-
I opened a ruby-advisory-db issue for the GCM nonce reuse issue in encryptor 2.0.0:
https://github.com/rubysec/ruby-advisory-db/issues/305
The first step is to obtain a CVE. Are you interested i…
-
Add an API for interacting with the database.
- Searching for advisories by CVE or gem.
- Testing if a `Gem::Version` is vulnerable.
- Downloading and updating a copy of the database.
-
Document the steps to report a vulnerability.
1. OSVDB: email moderators@osvdb.org and/or message @osvdb on GitHub or Twitter.
2. Request a CVE from oss-sec mailing list or reserve a CVE from MITRE.
3…
-
Show security advisories against insecure versions.
Sources:
- https://github.com/FriendsOfPHP/security-advisories
- https://github.com/rubysec/ruby-advisory-db
- http://www.cvedetails.com
- https://…
-
I get an error when the generators start. The required version of Thor is 1.0.1, but 0.20 is installed.
 values back in as needed using external data in github_advisory_sync.rb.
* ~Rest API Example: https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-10…