You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The fact that GitHub specifies a field named severity whose values look very similar to CVE severities is a "coincidence" - it's not there for all databases, and there's no guarantee about how it's qualified unlike the official severity field which is where osv.dev gets its "9.3 Critical" score from
Describe the bug
There are many CVEs Severity missmatch between OSV JSON doc and OSV GHSA html page.
for example
CVE-2019-12243
JSON -
https://api.osv.dev/v1/vulns/GHSA-6g5f-f5pm-mjrg
"severity":"HIGH"
"cvss":9.3
OSV -
https://osv.dev/vulnerability/GHSA-6g5f-f5pm-mjrg
"severity":"Critical"
"cvss":9.3
Github -
GHSA-6g5f-f5pm-mjrg
"severity":"High"
"cvss":8.9
Please advice.
To Reproduce
Steps to reproduce the behaviour:
Expected behaviour
Both severity will be same level
Screenshots
List of all GO CVEs that having the same issue:
['CVE-2024-23448', 'CVE-2024-8676', 'CVE-2024-22393', 'CVE-2024-22278', 'CVE-2024-22032', 'CVE-2024-8572', 'CVE-2019-12243', 'CVE-2020-2023', 'CVE-2020-5415', 'CVE-2021-27358', 'CVE-2021-28484', 'CVE-2022-43760', 'CVE-2024-8986', 'CVE-2022-45157', 'CVE-2014-9357', 'CVE-2022-39201', 'CVE-2022-39306', 'CVE-2024-48057', 'CVE-2022-39307', 'GO-2024-3112', 'GO-2024-3059', 'GO-2022-0398', 'CVE-2022-35957', 'CVE-2022-3328', 'CVE-2024-7558', 'CVE-2024-47616', 'CVE-2024-47182', 'CVE-2024-47062', 'CVE-2024-47060', 'CVE-2024-46989', 'CVE-2024-45496', 'CVE-2024-45410', 'CVE-2024-45401', 'CVE-2023-34758', 'CVE-2024-45310', 'CVE-2024-45258', 'CVE-2024-45054', 'CVE-2024-45040', 'CVE-2024-43405', 'CVE-2024-42497', 'CVE-2024-42490', 'CVE-2024-42480', 'CVE-2017-18367', 'CVE-2024-41926', 'CVE-2024-41820', 'CVE-2024-41264', 'CVE-2024-41255', 'CVE-2024-41144', 'CVE-2024-41122', 'CVE-2022-46156', 'CVE-2024-40884', 'CVE-2024-39909', 'CVE-2024-39837', 'CVE-2024-39777', 'CVE-2022-31123', 'CVE-2022-31097', 'CVE-2024-39274', 'CVE-2024-38361', 'CVE-2024-38359', 'CVE-2024-8038', 'CVE-2023-46738', 'CVE-2023-46739', 'CVE-2023-46740', 'CVE-2024-36814', 'CVE-2024-36621', 'CVE-2024-36536', 'CVE-2024-36492', 'CVE-2022-29946', 'CVE-2023-32196', 'CVE-2024-52010', 'CVE-2023-30625', 'CVE-2023-30464', 'CVE-2024-7387', 'CVE-2019-19023', 'CVE-2024-33522', 'CVE-2024-32868', 'CVE-2024-9355', 'CVE-2024-31450', 'CVE-2024-3056', 'CVE-2024-29977', 'CVE-2024-29892', 'CVE-2024-29069', 'CVE-2024-9312', 'CVE-2024-27304', 'CVE-2024-6535', 'CVE-2024-6508', 'CVE-2022-26652', 'CVE-2021-21404', 'CVE-2021-21291', 'CVE-2024-8996', 'CVE-2024-8975', 'CVE-2024-5321', 'CVE-2020-12458', 'CVE-2020-12459', 'CVE-2020-13788', 'CVE-2020-14040', 'CVE-2021-42576', 'CVE-2023-28452', 'CVE-2020-8567', 'CVE-2020-7956', 'CVE-2024-10006', 'CVE-2023-37469', 'CVE-2024-10975', 'CVE-2024-1313', 'CVE-2024-1402', 'CVE-2024-1442', 'CVE-2024-1485', 'CVE-2024-24786', 'CVE-2024-1887', 'CVE-2024-8462', 'CVE-2024-24774', 'CVE-2024-2447', 'CVE-2024-23647']
The text was updated successfully, but these errors were encountered: