OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-05 03:00:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
9b8366731a37f326fc34cd4ee0352d8f5657d0a1
advisory-db/README.md
Tony Arcieri 9b8366731a Dedicate advisory database to the public domain
2017-02-25 15:10:28 -08:00

1.2 KiB
Raw Blame History

RustSec Advisory Database

The RustSec Advisory Database is a repository of security advisories filed against Rust crates published via https://crates.io

Advisory metadata is stored in TOML format for cargo-audit and other automated tools to consume.

Format

Each advisory contains information in TOML format:

[vulnerability]
package = "mypackage"
versions = ["1.2.0", "1.2.3", "1.2.4", "1.2.5"]

# It is strongly recommended to request a CVE, or alternatively a DWF, and
# reference the assigned number here.
# - CVE: https://iwantacve.org/
# - DWF: https://distributedweaknessfiling.org/
dwf = []
# dwf = ["CVE-YYYY-XXXX"]
# dwf = ["CVE-YYYY-XXXX", "CVE-ZZZZ-WWWW"]

# URL to a long-form description of this issue, e.g. a blogpost announcing
# the release or a changelog entry (optional)
url = false

# Enter a short-form description of the vulnerability here (required)
description = """
Affected versions of this crate did not properly X.

This allows an attacker to Y.
 
The flaw was corrected by Z.
"""

License

Public Domain