It's nice that GitHub now allows projects to publish their own security advisories (GHSA). It's not so nice that those advisories are not getting submitted to the ruby-advisory-db...

Also cannot find any information on whether GitHub is submitting these advisories to MITRE to get CVEs assigned.

Show thread
Sign in to participate in the conversation

A Mastodon instance for Rubyists & friends