home.social

#ghsa — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #ghsa, aggregated by home.social.

  1. 🚀 49,000 Patches !

    We’ve updated our dataset (huggingface.co/datasets/CIRCL/) of real-world vulnerabilities, now enriched with #CWE identifiers and #patches collected from platforms like GitHub, GitLab, Bitbucket.

    This dataset is designed to support the development of tools for vulnerability classification. Dataset features are:

    - #CVE / #GHSA ID
    - Title of the #vulnerability
    - Vulnerability description
    - Patches (URL, Commit message, and Base64-encoded unified diff)
    - CWE categorization

  2. Hey #Mastodon admins, just a reminder that the details of the critical #security vulnerability GHSA-3fjr-858r-92rw/CVE-2024-23832 is going to be released tomorrow. ​:MokouWha:​ I still see some instances out there running a vulnerable version... ​:koishtare:​ Sent a DM to the admins of those instances of course. ​:cirno_fumo_yes:​ Please upgrade to a patched version (like 4.2.5 and 4.1.13) as soon as possible. ​:RumiaPray:​

    #MastoAdmin #FediAdmin #CVE-2024-23832 #CVE202423832 #CVE_2024_23832 #CVE #GHSA-3fjr-858r-92rw #GHSA3fjr858r92rw #GHSA_3fjr_858r_92rw #GHSA #GitHub #GitHubsecurityadvisory #cybersecurity #OriginValidation

  3. Many important issues raised in daniel.haxx.se/blog/2023/03/02 post by @bagder - not only does #NuGet appear to host dozens of really seriously outdated and #vulnerable packages, it also highlights serious issues in automated vulnerability management via vulnerability databases such as #GitHub Security Advisory Database (#GHSA DB). There definitely is room for improvement here.