It's nice that GitHub now allows projects to publish their own security advisories (GHSA). It's not so nice that those advisories are not getting submitted to the ruby-advisory-db...


Also cannot find any information on whether GitHub is submitting these advisories to MITRE to get CVEs assigned.

Sign in to participate in the conversation

A Mastodon instance for Rubyists & friends