Skip to content

Regarding cvss (v2, v3, v4) fields #1007

New issue
New issue
Open
Open
Regarding cvss (v2, v3, v4) fields#1007
@jasnow

Description

@jasnow
jasnow
opened on Mar 2, 2026

March 2, 2026 Expectation Regarding cvss (v2, v3, v4) fields

Choices

  1. Accept having only 1 automatic CVSS value from GHSA.
    A. AS-IS: Accept the current algorithm.
    B. Fix it: One value from GHSA - set cvss_v3 or cvss_v4 value.
    • More details in comments below.
  2. Add one or more cvss values from non-GHSA source.
    A. Choices:
    • Create separate tool to cvss values. Run after github_advisory_sync.rb.
    • Add external call for data inside github_advisory_sync.rb script.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions