GHSA-f8vr-r385-rh5r VS advisory-database

Compare GHSA-f8vr-r385-rh5r vs advisory-database and see what are their differences.

GHSA-f8vr-r385-rh5r

By advisories

DISCONTINUED

Suggest alternative

advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software. (by github)

Suggest alternative

InfluxDB Logo

InfluxDB - Power Real-Time Data Analytics at Scale

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

www.influxdata.com

featured

SaaSHub Logo

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

featured

GHSA-f8vr-r385-rh5r		advisory-database
	Project
2	Mentions	10
-	Stars	1,624
-	Growth	2.2%
-	Activity	10.0
-	Latest Commit	1 day ago
	Language
-	License	Creative Commons Attribution 4.0

The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

GHSA-f8vr-r385-rh5r

Posts with mentions or reviews of GHSA-f8vr-r385-rh5r. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-04-12.

A CVE has been issued for hyper. Denial of Service possible
14 projects | /r/rust | 12 Apr 2023
A CVE that can lead to DoS has been issued for hyper
1 project | /r/rust | 12 Apr 2023

advisory-database

Posts with mentions or reviews of advisory-database. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-04-12.

Request GitHub to build an advisory database for C / C++ packages · Issue #2963 · github/advisory-database
1 project | /r/cpp | 10 Dec 2023
Extend GitHub's CNA scope to manage CVEs for projects on GitHub
1 project | news.ycombinator.com | 11 Sep 2023
A CVE has been issued for hyper. Denial of Service possible
14 projects | /r/rust | 12 Apr 2023

That has since been updated to Moderate: https://github.com/github/advisory-database/commit/aa9e5d5386c5610944edf2b0ee0e4301aabaf1c5
CVE-2022-23529 – node-jsonwebtoken
1 project | news.ycombinator.com | 10 Jan 2023

I am trying this on GitHub https://github.com/github/advisory-database/pull/1595
CVE-2022-23529 - jsonwebtoken has insecure input validation in jwt.verify function - used by over 22,000 projects and downloaded over 36 million times per month on NPM - Exploiting the flaw could enable attackers to bypass authentication mechanisms, access confidential information etc.
2 projects | /r/blueteamsec | 10 Jan 2023
GitHub’s database of security advisories is now open source
4 projects | news.ycombinator.com | 26 Feb 2022

We already have fixed versions (where they exist) - example link below.
On backfilling the data to include advisories from before 2017 - absolutely. So far we've done this in a relatively ad-hoc way - you should already find that the most important (severe and wide-reaching) CVEs from before 2017 are in the database (and if there are any that aren't you think should be we'd love you to open an issue on the DB). We want to do a more complete backfill in the near future.
https://github.com/github/advisory-database/blob/main/adviso...
GitHub's database of known vulnerabilities is now open source
1 project | /r/CKsTechNews | 23 Feb 2022

1 project | news.ycombinator.com | 22 Feb 2022
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software
1 project | /r/datasets | 23 Feb 2022

What are some alternatives?

When comparing GHSA-f8vr-r385-rh5r and advisory-database you can also consider the following projects:

hyper - An HTTP library for Rust

h2 - HTTP 2.0 client & server implementation for Rust.

vulndb - [mirror] The Go Vulnerability Database

napkin-math - Techniques and numbers for estimating system's performance from first-principles

elixir-security-advisories - Public database of Elixir security advisories

rustsec - RustSec API & Tooling

GHSA-896r-f27r-55mw

GHSA-27h2-hvpr-p74q

GHSA-f8vr-r385-rh5r vs hyper advisory-database vs h2 GHSA-f8vr-r385-rh5r vs h2 advisory-database vs vulndb GHSA-f8vr-r385-rh5r vs napkin-math advisory-database vs elixir-security-advisories GHSA-f8vr-r385-rh5r vs rustsec advisory-database vs GHSA-896r-f27r-55mw advisory-database vs rustsec advisory-database vs napkin-math advisory-database vs hyper advisory-database vs GHSA-27h2-hvpr-p74q