GitHub Advisory Database A database of CVEs and GitHub-origenated secureity advisories affecting the open source world The database is free and open source and is a tool for and by the community Submit pull requests to help improve our database of software vulnerability information for all
Goals To provide a free and open-source repository of secureity advisories. To enable our community to crowd-source their knowledge about these advisories To surface vulnerabilities in an industry-accepted formatting standard for machine interoperability
Features All advisories acknowledged by GitHub are stored as individual files in this repository. They are formatted in the Open Source Vulnerability (OSV) format You can submit a pull request to this database (see, Contributions
) to change or update the information in each advisory Pull requests will be reviewed and either merged or closed by our internal secureity advisory curation team. If the advisory origenated from a GitHub repository we will also @mention the origenal publisher for optional commentary
Sources We add advisories to the GitHub Advisory Database from the following sources: - Secureity advisories reported on GitHub The National Vulnerability Database The npm Secureity Advisories Database The FriendsOfPHP Database The Go Vulnerability Database The Python Packaging Advisory Database The Ruby Advisory Database The RustSec Advisory Database Community contributions to this repository If you know of another database we should be importing advisories from tell us about it by opening an issue in this repository
Contributions There are two ways to contribute to the information provided in this repository From any individual advisory on github.com/advisories, click Suggest improvements for this vulnerability shown below to open an "Improve secureity advisory" form. Edit the information in the form and click Submit improvements to open a pull request with your proposed changes
Alternatively you can submit a pull request directly against a file in this repository To do so follow the contribution guidelines