search

github / advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Creative Commons Attribution 4.0 International
1.68k stars 312 forks source link

Not Showing five CVEs of GIt #4469

Closed spawar-apex closed 3 weeks ago

spawar-apex commented 1 month ago

Hi Team,

Recently, Git released new versions to address 5 CVEs and details as shown below:

[CVE-2024-32002 (Critical, Windows & macOS)] [CVE-2024-32004 (High, multi-user machines)] [CVE-2024-32465 (High, all setups)] [CVE-2024-32020 (Low, multi-user machines)] [CVE-2024-32021 (Low, multi-user machines)]

I have integrated GHSA database in our product to validate against the packages in the application.

when I hit the GHSA public API with those CVE-IDs, they return empty.

Could you please share if these vulnerabilities are going to be added.

[1] https://github.blog/2024-05-14-securing-git-addressing-5-new-vulnerabilities/

Regards, Swapnil Pawar

shelbyc commented 3 weeks ago

👋 Hi @spawar-apex ! The GitHub Advisory Database only reviews advisories for vulnerabilities in one or more of our supported ecosystems. https://github.com/git/git is not in any supported ecosystem, which means we can't review it at this time. Thank you for your interest in CVE-2024-32002, CVE-2024-32004, CVE-2024-32465, CVE-2024-32020, and CVE-2024-32021 and have a good weekend.