mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-01-04 18:50:34 +01:00
caac500122
Was previously `[vulnerability]`, but as the contents are a security advisory it's probably a more apt label.
56 lines
1.5 KiB
Markdown
56 lines
1.5 KiB
Markdown
# RustSec Advisory Database
|
|
|
|
The RustSec Advisory Database is a repository of security advisories filed
|
|
against Rust crates published via https://crates.io
|
|
|
|
Advisory metadata is stored in [TOML] format for [cargo-audit] and other
|
|
automated tools to consume.
|
|
|
|
## Format
|
|
|
|
Each advisory contains information in [TOML] format:
|
|
|
|
```toml
|
|
[advisory]
|
|
package = "mypackage"
|
|
|
|
# Versions which were never vulnerable
|
|
unaffected_versions = ["< 1.1.0"]
|
|
|
|
# Versions which include fixes for this vulnerability
|
|
patched_versions = [">= 1.2.0"]
|
|
|
|
# It is strongly recommended to request a CVE, or alternatively a DWF, and
|
|
# reference the assigned number here.
|
|
# - CVE: https://iwantacve.org/
|
|
# - DWF: https://distributedweaknessfiling.org/
|
|
dwf = []
|
|
# dwf = ["CVE-YYYY-XXXX"]
|
|
# dwf = ["CVE-YYYY-XXXX", "CVE-ZZZZ-WWWW"]
|
|
|
|
# URL to a long-form description of this issue, e.g. a blogpost announcing
|
|
# the release or a changelog entry (optional)
|
|
url = false
|
|
|
|
# Single-line description of a vulnerability
|
|
title = "Flaw in X allows Y"
|
|
|
|
# Enter a short-form description of the vulnerability here (required)
|
|
description = """
|
|
Affected versions of this crate did not properly X.
|
|
|
|
This allows an attacker to Y.
|
|
|
|
The flaw was corrected by Z.
|
|
"""
|
|
```
|
|
|
|
[TOML]: https://github.com/toml-lang/toml
|
|
[cargo-audit]: https://github.com/rustsec/cargo-audit
|
|
|
|
## License
|
|
|
|
All content in this repository is placed in the public domain.
|
|
|
|
[](https://github.com/RustSec/advisory-db/blob/master/LICENSE.txt)
|