Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVEs without GitHub advisory are not made available in OSV DB #839

Closed
Sachpat opened this issue Nov 18, 2022 · 1 comment
Closed

CVEs without GitHub advisory are not made available in OSV DB #839

Sachpat opened this issue Nov 18, 2022 · 1 comment

Comments

@Sachpat
Copy link

Sachpat commented Nov 18, 2022
edited
Loading

Hi Colleagues,

There are some Vulnerabilities for which there is no GitHub advisories but the CVEs are made available. For example below:

CVE-2022-3509 = com.google.protobuf:protobuf-java:2.5.0

Additional details: https://security-tracker.debian.org/tracker/CVE-2022-3509

How are we planning to tackle these?
@Sachpat Sachpat changed the title CVEs without GitHub advisory are not made available in OSV DB CVEs without GitHub advisory and even some with advisories are not made available in OSV DB Nov 18, 2022
@Sachpat Sachpat changed the title CVEs without GitHub advisory and even some with advisories are not made available in OSV DB CVEs without GitHub advisory are not made available in OSV DB Nov 18, 2022
@oliverchang
Copy link
Collaborator

Hi! Thanks for creating this issue. @andrewpollock is tackling this longer term effort as part of #783

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@oliverchang @Sachpat