You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks for filing this! Could you please raise this issue in https://github.com/github/advisory-database ? We are getting the GHSA OSV entry from there and they currently do not yet support last_affected.
I came across the guava vulnerability GHSA-5mg8-w23w-74h3 (https://osv.dev/vulnerability/GHSA-5mg8-w23w-74h3) for which GHSA declares the affected version range as
<= 29.0
.In OSV, this is represented as:
Given the constraint
<= 29.0
, I would've expected the following:The range currently advertised by OSV will raise lots of false positives, considering the latest guava version is
31.1
.The text was updated successfully, but these errors were encountered: