evonide
commented
3 years ago I was unaware of this project this is excellent to know thanks a lot for sharing this! Currently, we're more focused on completing the contributions review system and addressing all issues in https://github.com/google/vulncode-db/milestone/1 to get a first candidate that accepts community content.
However, we'll certainly look into integrating the linked data into Vulncode-DB, too at some later point in time.
Project KB contains manually curated commit links which fix particular CVE. It contains commits which actually rectified "vulnerable code" unlike NVD which many times contains commits which tagged release.
Vulncode-db can leverage project KB's data and provide more examples of real world vulnerable code.
Data is at :
https://github.com/SAP/project-kb/blob/master/MSR2019/dataset/vulas_db_msr2019_release.csv https://github.com/SAP/project-kb/tree/vulnerability-data/statements
FYI project KB is used by https://github.com/eclipse/steady .