https://github.com/cpan-security/cpan-advisory-database
https://github.com/cpan-security/cpan-advisory-database
cpan security vulnerability vulnerability-identification
Last synced: 14 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/cpan-security/cpan-advisory-database
- Owner: CPAN-Security
- Created: 2023-05-19T19:17:15.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-10-08T16:53:23.000Z (over 1 year ago)
- Last Synced: 2025-03-11T00:16:40.000Z (10 months ago)
- Topics: cpan, security, vulnerability, vulnerability-identification
- Size: 187 KB
- Stars: 5
- Watchers: 10
- Forks: 1
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
Awesome Lists containing this project
README
# The CPAN Advisory Database
This is a community owned repository of advisories for Perl modules and
distributions published on [CPAN](https://metacpan.org).
All advisories are stored as individual JSON files in this repository,
formatted using the [Open Source Vulnerability (OSV) format](https://ossf.github.io/osv-schema/).
It is maintained by the CPAN Security Working Group, under the Perl Toolchain Gang and MetaCPAN.
## Repository Structure
`advisories/`
Folder that stores all published advisories, ready for public consumption.
`triage/`
Folder that stores entries not yet assigned to a CPAN Advisory Id.
`triage/last_visited_index`
Keeps track of the last visited index on NVD, so
[cpansec-admin](https://metacpan.org/pod/CPANSEC::Admin) doesn't
have to re-scan everything when it runs.
`triage/false_positives`
a list of CVE entries that are marked as a false positive by moderation,
meaning they were found by `cpansec-admin` but are not - nor have ever been -
on CPAN. Those will be ignored by `cpansec-admin` when it runs.