search

pyupio / safety

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
https://safetycli.com/product/safety-cli
MIT License
1.7k stars 143 forks source link

How to interpret the ID? #369

Closed benzkji closed 2 years ago

benzkji commented 2 years ago

Description

Maybe I'm really stupid, but I cannot make sense of the "ID" that the safety check command delivers. I looked on the safety webpage, here on github, nothing really how to make sense of it? Outputting a link would be nice ;-) What I do now, is just google the package name with the word "cve" ...not ideal. Any pointers greatly appreciated!

+==============================================================================+
| REPORT                                                                       |
| checked 81 packages, using free DB (updated once a month)                    |
+============================+===========+==========================+==========+
| package                    | installed | affected                 | ID       |
+============================+===========+==========================+==========+
| djangorestframework        | 3.9.4     | <3.12.0                  | 38841    |
| numpy                      | 1.19.5    | <1.21.0rc1               | 43453    |
| numpy                      | 1.19.5    | <1.22.0                  | 44717    |
| numpy                      | 1.19.5    | <1.22.0                  | 44716    |
| numpy                      | 1.19.5    | <1.22.2                  | 44715    |
+==============================================================================+

What I Did

safety check
harlekeyn commented 2 years ago

Hi benzkji,

Please try safety check --full-report

Tristan

benzkji commented 2 years ago

Thank you! This helps alot.

Just curios, is the ID an internal https://pyup.io/ id? Or for what can it be used?