rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,652 Commits 21 Branches 0 Tags
ed9be55592ab78a71a07148fa0ffe57abc913d6b
Commit Graph

71 Commits

Author SHA1 Message Date
Alexander Kjäll
915d476874 change a 'for' to a 'from' 2025-12-17 21:38:56 +01:00
Dirkjan Ochtman
d0bdb37b2b Link to reference documentation on available categories 2025-12-11 16:11:05 +01:00
Tony Arcieri
129ee397b7 README.md: bump database maintenance year to 2025 (#2208) 2025-01-22 06:59:50 -07:00
Jack Grigg
40c500b995 Add advisory for rage plugin name vulnerability (GHSA-4fg7-vxc8-qx5w) (#2170) 
* Add advisory for rage plugin name vulnerability (GHSA-4fg7-vxc8-qx5w)
* Update example syntax for `[affected.functions]` table
 2025-01-03 11:21:54 -07:00
John Vandenberg
b4ec7ce7e0 Fix typos (#1989) 2024-07-02 19:39:37 -04:00
Tony Arcieri
e4af460c5d README.md: update maintained image (#1868) 
It's now 2024
 2024-01-24 05:49:54 -07:00
Alexis Mousset
cbf97de9b7 Add documentation for advisories licenses (#1761) 2023-08-28 15:52:35 +00:00
Samuel Moelius
5bde16559d README.md: Link to HOWTO_UNMAINTAINED.md (#1754) 
Closes #1748
 2023-08-23 06:14:50 -06:00
Tony Arcieri
7fcf849f8d README.md: update maintained badge (#1653) 2023-03-23 08:25:13 -06:00
Sergey "Shnatsel" Davidoff
8dcbf2905f Better docs (#1598) 
* More descriptive example advisory

* README: note that all Cargo selectors are supported
 2023-02-11 15:37:46 +01:00
Sergey "Shnatsel" Davidoff
a219aa4228 Drop mentions of iwantacve.org (#1570) 
Fixes #1569
 2023-02-05 14:49:07 +01:00
pinkforest(she/her)
a25cb0b593 Fix informational footnote wording (#1420) 
* Fix informational wording

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

* Remove redundant confusing footnote

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-09-17 19:27:06 +02:00
pinkforest(she/her)
863d0e654f Document empty versions (#1370) 
Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-18 14:30:36 +10:00
pinkforest(she/her)
8bf0011f39 Document withdrawn (#1355) 
* Document yanked and withdrawn

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

* Yank the yanked

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-16 12:40:50 +10:00
pinkforest(she/her)
15d6985304 Document references field (#1354) 
* Add references to README.md example

* TOML syntax

* Comment out optional field

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>

Signed-off-by: pinkforest <36498018+pinkforest@users.noreply.github.com>
 2022-08-15 03:55:18 +10:00
pinkforest(she/her)
d86ec54729 Document the Markdown in README example (#1352) 
* Explain the Markdown in README example

* Proper LF
 2022-08-15 03:54:21 +10:00
Sergey "Shnatsel" Davidoff
d052179237 Advertise GHSA integrations, add more tools (#1343) 2022-08-12 18:42:03 +02:00
Andrew Chin
dda8c048b6 Updated README with info on informational advisories (#1341) 2022-08-10 08:19:00 -06:00
Sergey "Shnatsel" Davidoff
d21aadd965 Mention OSV API in the README (#1328) 2022-08-08 11:45:38 +02:00
Tony Arcieri
ef71758448 README.md: maintained as of Q2 2022 2022-05-23 08:11:59 -06:00
Tony Arcieri
977984668a README.md: bump maintained date 2022-01-05 09:03:22 -07:00
Alex Gaynor
b426bdf91c Tiny change to try to force github to sign 2021-10-07 10:02:39 -04:00
Sergey "Shnatsel" Davidoff
ab0a84327e Mention OSV in readme (#1043) 2021-09-12 18:03:16 +02:00
Tony Arcieri
60b9a9e9c3 Bump rustsec-admin to v0.4.3 (#919) 2021-05-22 08:02:36 -07:00
Tony Arcieri
2c43b7001e Rename master branch to main (#820) 
Per #312
 2021-03-07 10:29:41 -08:00
Tony Arcieri
0487b3fc94 README.md: fix "Report Vulnerability" button (#818) 2021-03-07 09:40:34 -08:00
Dirkjan Ochtman
3421cc3e74 Add link to site (#759) 2021-02-08 07:00:49 -08:00
Tony Arcieri
0708242759 Bump rustsec-admin to v0.3.3 (#547) 
Should address the bug we encountered assigning an ID to the first
advisory for a given year:

https://github.com/RustSec/advisory-db/runs/1644743652
 2021-01-04 09:35:34 -08:00
Tony Arcieri
84f130870b Rename references fields to related (#492) 
This frees up `references` to be used for tracking multiple URLs with
additional information.

See also: RustSec/advisory-db#429
 2020-11-23 07:55:17 -08:00
Philippe Ombredanne
f5505edb82 Correct typo and URL (#491) 
Distributed Weakness filing went dark last year
Instead use, the official pages at mitre corp.

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
 2020-11-21 08:03:50 -08:00
Tony Arcieri
f8285c8a1c README.md: advisories are no longer TOML-formatted (#480) 
Well, the frontmatter is, but that's noted in the section below this one
already, so no need for duplicate information.
 2020-11-11 10:24:18 -08:00
Tony Arcieri
3796cc005e README.md: point chat badge to Zulip (#449) 2020-10-25 12:56:06 -07:00
Tony Arcieri
6e48979dab Add EXAMPLE_ADVISORY.md (#436) 
Adds an example advisory in the V3 format (#414) and updates the schema
information in README.md to reflect that.
 2020-10-22 07:05:44 -07:00
Tony Arcieri
bfa9e12685 Add rustsec crate advisory for breaking changes to advisory format (#415) 
In theory this advisory should trigger this feature of `cargo-audit`
which checks for advisories filed against the `rustsec` crate:

https://github.com/RustSec/cargo-audit/blob/783f221/src/auditor.rs#L178-L199

After merging, I will test with an older `cargo-audit` version to see if
it has the intended effect.
 2020-10-01 08:19:41 -07:00
Tony Arcieri
297725a166 README.md: bump maintained quarter comment 2020-07-01 15:53:49 -07:00
Veetaha
b0bc62bdd5 Add cargo-deny to the list RustSec clients 
`cargo-deny` is an awesome tool, it seems to be the superset of `cargo-audit`. I think it is reasonable to mention it here along with `cargo-audit`.
cc @Jake-Shadle
 2020-05-02 20:27:32 +03:00
Dirkjan Ochtman
3c71342be3 Mention CVSS field in template (see #248) 2020-03-24 15:36:32 +01:00
Tony Arcieri
64c17acfe3 Migrate all advisories to V2 format (closes #228) 
As announced in #228, this commit migrates all advisories to the new V2
format, which splits version information into a separate section, and
now has a structure which corresponds to the internal code structure of
the `rustsec` crate.

This is a breaking change for users of `cargo-audit` < 0.9, and anyone
who has written a 3rd party advisory format parser.
 2020-03-01 10:46:35 -08:00
Tony Arcieri
b1c200fb52 README.md: Bump maintained date to Q1 2020 2020-01-03 13:49:23 -05:00
Abid Omar
7f4c2e1863 fix typo in Readme 2019-11-11 21:04:03 +01:00
Tony Arcieri
e949ed8762 README.md: Update build badge 
Using GitHub actions now
 2019-10-07 21:44:57 -07:00
Tony Arcieri
9b0038eb76 README.md: Update advisory template with [affected] section 
Documents the new `[affected]` section of an advisory, as supported by
the `rustsec` crate v0.13.0.
 2019-09-09 12:40:24 -07:00
Alex Gaynor
de8a052d3e Tell people to delete comments in the example advisory 2019-08-31 15:27:07 -04:00
Tony Arcieri
985c55342a RUSTSEC-2019-0008: fix link to disclosure PR 2019-07-03 07:37:05 -07:00
Tony Arcieri
75a40b530a Assign RUSTSEC-2019-0001 to ammonia 
Original PR: https://github.com/RustSec/advisory-db/pull/93
 2019-05-04 16:39:43 -07:00
Tony Arcieri
59ea63710e README.md: Bump maintained date 2019-01-13 17:31:01 -08:00
Tony Arcieri
7caafae73b README.md: Bump maintained date 
This is largely to work around the following:

```
$ cargo audit
    Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
error: couldn't fetch advisory database: git operation failed: no signature on commit 0a981e2b6f: Add affected functions to legacy security warnings (#83) (Moritz Beller <Inventitech@users.noreply.github.com>)
```

I tried to Squash-and-Merge on #83. GitHub does not sign the resulting
commit. Oops.

So this commit is just to make HEAD a GitHub-signed merge commit.
 2018-12-21 06:15:44 -08:00
Moritz Beller
5602386b18 Add new affected functions attribute to template 
Refs #68
 2018-12-20 22:10:29 +01:00
Tony Arcieri
875d4d5fdd Assign RUSTSEC-2018-0008 to slice-deque 
Original PR: https://github.com/RustSec/advisory-db/pull/70
 2018-12-06 09:18:37 -08:00
Tony Arcieri
03eebdf3d2 README.md: Reorder advisory example 2018-07-26 21:10:29 -07:00