Y
Hacker News
new
|
ask
|
show
|
jobs
by
valkum
1711 days ago
looking at the latest illissued lodash CVE they seem to deliver CVEs that are withdrawn in GH Advisory Database
1 comments
ethomson
1711 days ago
Product Manager for npm here. That was correct. As part of our integration, we were not excluding withdrawn advisories. We've since corrected this. Apologies!
link