search

OSSIndex / vulns

Report missing advisories and corrections on OSS Index
17 stars 12 forks source link

Advisory: Missing Advisory CVE-2021-22569 #238

Closed singh-ashish closed 1 year ago

singh-ashish commented 2 years ago

To facilitate future automation, please use the following format

Advisory details

  URL: https://github.com/advisories/GHSA-wrvw-hg22-4m67
  format: maven
  namespace: com.google.protobuf
  name: protobuf-java
  versions: 3.19.1

More information Is there a way for this database to get synched automatically from CVE database. Tools like dependency track dependency track depends on it heavily.

ken-duck commented 2 years ago

Hi! Sorry for the delay, but I respond with good news.

OSS Index is going through a major upgrade, as described here: https://ossindex.sonatype.org/updates-notice

The most clear and obvious benefit is far fewer false negatives and false positives, and vulnerabilities will be added to the system on a much more frequent and rapid basis. Once the upgrade is completed you should see most (if not all) of the reported data issues be resolved.

We have advised dependency track of the changes. I expect you should find the upgrade very much to your liking.

ken-duck commented 1 year ago

Closing old issues. This particular issue was resolved by the aforementioned upgrade.