Skip to content

Commit 3cc8751

Browse files
authored
Ignore bogus nette/database GHSA/CVE
Ignore GHSA-f626-677r-j5vq which is, per nette/database#314, a documented and intended feature. The PoC repo and the article from the GHSA are now gone and the CVE itself (CVE-2024-55586) is disputed.
1 parent 6b3921e commit 3cc8751

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

src/Roave/SecurityAdvisories/AdvisorySources/GetAdvisoriesFromGithubApi.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ final class GetAdvisoriesFromGithubApi implements GetAdvisories
4444
'GHSA-cg28-v4wq-whv5', // @see https://phpc.social/@wouterj/113588554019692959
4545
// @see https://github.com/github/advisory-database/pull/5047, advisory is for the tarball version only
4646
'GHSA-j5g2-q29x-cw3h',
47+
'GHSA-f626-677r-j5vq', // @see https://github.com/nette/database/issues/314
4748
];
4849
private const GRAPHQL_QUERY = 'query {
4950
securityVulnerabilities(ecosystem: COMPOSER, first: 100 %s) {

0 commit comments

Comments
 (0)