BobH-MITRE
commented
8 months ago This one came from Peter Mell's presentation, "Your Hardware has Bugs - Comparing the Hardware and Software Vulnerability Management Infrastructures"
https://trust-hub.org/#/vulnerability-db/soc-vulnerabilities
The “GitHub Advisory Database” could be helpful. It is a "security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software." Vulnerabilities can be searched via associated CWEs. If “github” is added to the search query, the results are filtered to show only those for which code is available and commits can be found to see the changes done to fix the vulnerability.
The following, for example, is the list of vulnerabilities related to CWE-203 (Observable Discrepancy) for which code is available: https://github.com/advisories?query=cwe%3A203+github