search

OSSIndex / vulns

Report missing advisories and corrections on OSS Index
17 stars 12 forks source link

Missing advisory regarding H2 Database #228

Closed nagyesta closed 2 years ago

nagyesta commented 2 years ago

Advisory details

  URL: https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6
  format: maven
  namespace: com.h2database
  name: h2
  versions: 1.1.100-2.0.204

More information

ken-duck commented 2 years ago

Thanks for the heads up. The vulnerability has been added and should show up by sometime tomorrow.

ken-duck commented 2 years ago

I am closing this issue, since the issue seems to be resolved. However, new vulnerabilities have been detected that are not in the current OSS Index database. However, there is good news:

OSS Index is going through a major upgrade, as described here: https://ossindex.sonatype.org/updates-notice

The most clear and obvious benefit is far fewer false negatives and false positives, and vulnerabilities will be added to the system on a much more frequent and rapid basis. Once the upgrade is completed you should see most (if not all) of the reported data issues be resolved.