mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2025-12-30 16:24:05 +01:00
c28b7ceb38
Taking a cue from RubySec, this splits the original "versions" attribute into separate ones for versions which were never vulnerable, and ones which include an explicit fix for a vulnerability.
1.4 KiB
1.4 KiB
RustSec Advisory Database
The RustSec Advisory Database is a repository of security advisories filed against Rust crates published via https://crates.io
Advisory metadata is stored in TOML format for cargo-audit and other automated tools to consume.
Format
Each advisory contains information in TOML format:
[vulnerability]
package = "mypackage"
# Versions which were never vulnerable
unaffected_versions = ["< 1.1.0"]
# Versions which include fixes for this vulnerability
patched_versions = [">= 1.2.0"]
# It is strongly recommended to request a CVE, or alternatively a DWF, and
# reference the assigned number here.
# - CVE: https://iwantacve.org/
# - DWF: https://distributedweaknessfiling.org/
dwf = []
# dwf = ["CVE-YYYY-XXXX"]
# dwf = ["CVE-YYYY-XXXX", "CVE-ZZZZ-WWWW"]
# URL to a long-form description of this issue, e.g. a blogpost announcing
# the release or a changelog entry (optional)
url = false
# Enter a short-form description of the vulnerability here (required)
description = """
Affected versions of this crate did not properly X.
This allows an attacker to Y.
The flaw was corrected by Z.
"""
License
All content in this repository is placed in the public domain.
