github-actions[bot]
commented
1 week ago :sparkles: Thank you for your interest in OSV.dev's data quality! :sparkles:
Please review our FAQ entry on how to most efficiently have this addressed.
Closed zurada closed 6 days ago
github-actions[bot]
commented
1 week ago :sparkles: Thank you for your interest in OSV.dev's data quality! :sparkles:
Please review our FAQ entry on how to most efficiently have this addressed.
G-Rath
commented
1 week ago Adding to this, the advisory also does not have an affected package meaning that the API and tools like osv-scanner won't actually report this vulnerability in most cases unless you're using depending on the ws package via git directly, which is not going to be most people 😅
michaelkedar
commented
6 days ago Thanks for flagging this. I've triggered a re-import of this entry and it is now showing up on osv.dev
The CVE ID https://osv.dev/vulnerability/CVE-2024-37890 Describe the data quality issue observed Aliased GHSA GHSA-3h5v-q93c-6h6q could not be found in OSV.dev despite of fact it's in the GHSA database https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-3h5v-q93c-6h6q/GHSA-3h5v-q93c-6h6q.json Suggested changes to record GHSA-3h5v-q93c-6h6q should be present in the OSV.dev unless the requester does not understand when GHSA should or should not be present (please clarify its logic)