Because I did not find a machine readable format of the first one I have to ask:
is there any automation to keep the official advisories in-sync (bot for automated pull requests on updates)?
where is the official process documented?
one id, two links, different information: which one is expected to be used by the public? I guess the second one because the on mouse over preview has more details
The text was updated successfully, but these errors were encountered:
Even more confusing: both links have a different security rating. Although https://nvd.nist.gov/vuln/detail/CVE-2021-41190 mentions Github with a low scoring we can find this id on Github with a medium scoring.
When analyzing aquasecurity/trivy#2034 I was surprised to find the advisory id GHSA-qq97-vm5h-rrhg in two different states:
Because I did not find a machine readable format of the first one I have to ask:
The text was updated successfully, but these errors were encountered: