search

AppThreat / vulnerability-db

Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.0, purl, and vers.
MIT License
92 stars 22 forks source link

PYSEC feeds lacks severity and score #99

Closed prabhu closed 6 months ago

prabhu commented 6 months ago

For this particular CVE, GitHub has better data, so it could have been used instead of pysec.

Dependency Scan Results (PYPI)
╔══════════════════════════════════════════════════════╤══════════════════════════════════════╤═══════════════════════╤══════════════════╤═══════════╗
║ CVE                                                  │ Insights                             │ Fix Version           │ Severity         │     Score ║
╟──────────────────────────────────────────────────────┼──────────────────────────────────────┼───────────────────────┼──────────────────┼───────────╢
║ pyjwt@2.3.0 ⬅ CVE-2022-29217                         │ 🧾 Vendor Confirmed                  │ 2.4.0                 │ LOW              │       2.0 ║
╚══════════════════════════════════════════════════════╧══════════════════════════════════════╧═══════════════════════╧══════════════════╧═══════════╝
prabhu commented 6 months ago

5.6.4 includes this fix