snyk vs CVE #102660
-
Select Topic AreaQuestion BodyWill dependabot act on vulnerabilities that don't have a CVE? E.g. https://security.snyk.io/vuln/SNYK-JS-AXIOS-6144788 |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
Dependabot will act on any vulnerability that has been submitted and reviewed in the GitHub Advisory Database: https://github.com/advisories You can learn more about the sources that the GitHub Advisory Database pulls from here: https://docs.github.com/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database That particular vulnerability you linked is not currently in the Advisory Database. |
Beta Was this translation helpful? Give feedback.
-
|
That page was helpful, thank you. As recommended on that page, I opened an issue to include another source: github/advisory-database#3449 |
Beta Was this translation helpful? Give feedback.
Dependabot will act on any vulnerability that has been submitted and reviewed in the GitHub Advisory Database: https://github.com/advisories
You can learn more about the sources that the GitHub Advisory Database pulls from here: https://docs.github.com/en/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database
That particular vulnerability you linked is not currently in the Advisory Database.