Name		Name	Last commit message	Last commit date
Latest commit History 7,497 Commits
.github		.github
docs		docs
hack		hack
scripts		scripts
.yam.yaml		.yam.yaml
LICENSE		LICENSE
README.md		README.md
aactl.advisories.yaml		aactl.advisories.yaml
actions-runner-controller.advisories.yaml		actions-runner-controller.advisories.yaml
addon-resizer.advisories.yaml		addon-resizer.advisories.yaml
amass.advisories.yaml		amass.advisories.yaml
amazon-corretto-crypto-provider.advisories.yaml		amazon-corretto-crypto-provider.advisories.yaml
apko.advisories.yaml		apko.advisories.yaml
argo-cd-2.10.advisories.yaml		argo-cd-2.10.advisories.yaml
argo-cd-2.7.advisories.yaml		argo-cd-2.7.advisories.yaml
argo-cd-2.8.advisories.yaml		argo-cd-2.8.advisories.yaml
argo-cd-2.9.advisories.yaml		argo-cd-2.9.advisories.yaml
argo-workflows.advisories.yaml		argo-workflows.advisories.yaml
atlantis.advisories.yaml		atlantis.advisories.yaml
avahi.advisories.yaml		avahi.advisories.yaml
aws-cli-v2.advisories.yaml		aws-cli-v2.advisories.yaml
aws-ebs-csi-driver.advisories.yaml		aws-ebs-csi-driver.advisories.yaml
aws-efs-csi-driver.advisories.yaml		aws-efs-csi-driver.advisories.yaml
aws-flb-cloudwatch.advisories.yaml		aws-flb-cloudwatch.advisories.yaml
aws-flb-firehose.advisories.yaml		aws-flb-firehose.advisories.yaml
aws-flb-kinesis.advisories.yaml		aws-flb-kinesis.advisories.yaml
aws-load-balancer-controller.advisories.yaml		aws-load-balancer-controller.advisories.yaml
aws-network-policy-agent.advisories.yaml		aws-network-policy-agent.advisories.yaml
az.advisories.yaml		az.advisories.yaml
bank-vaults.advisories.yaml		bank-vaults.advisories.yaml
bazel-3.advisories.yaml		bazel-3.advisories.yaml
bazelisk.advisories.yaml		bazelisk.advisories.yaml
bincapz.advisories.yaml		bincapz.advisories.yaml
bind.advisories.yaml		bind.advisories.yaml
binutils.advisories.yaml		binutils.advisories.yaml
bluez.advisories.yaml		bluez.advisories.yaml
bom.advisories.yaml		bom.advisories.yaml
boring-registry.advisories.yaml		boring-registry.advisories.yaml
brotli.advisories.yaml		brotli.advisories.yaml
buf.advisories.yaml		buf.advisories.yaml
buildkitd.advisories.yaml		buildkitd.advisories.yaml
busybox.advisories.yaml		busybox.advisories.yaml
byobu.advisories.yaml		byobu.advisories.yaml
c-ares.advisories.yaml		c-ares.advisories.yaml
caddy.advisories.yaml		caddy.advisories.yaml
cadvisor.advisories.yaml		cadvisor.advisories.yaml
calico.advisories.yaml		calico.advisories.yaml
capslock.advisories.yaml		capslock.advisories.yaml
cass-config-builder.advisories.yaml		cass-config-builder.advisories.yaml
cass-operator.advisories.yaml		cass-operator.advisories.yaml
cassandra-4.1.advisories.yaml		cassandra-4.1.advisories.yaml
cassandra-reaper.advisories.yaml		cassandra-reaper.advisories.yaml
cert-exporter.advisories.yaml		cert-exporter.advisories.yaml
cert-manager-1.11.advisories.yaml		cert-manager-1.11.advisories.yaml
cert-manager-1.12.advisories.yaml		cert-manager-1.12.advisories.yaml
cert-manager-1.13.advisories.yaml		cert-manager-1.13.advisories.yaml
cert-manager-1.14.advisories.yaml		cert-manager-1.14.advisories.yaml
certificate-transparency.advisories.yaml		certificate-transparency.advisories.yaml
cfssl.advisories.yaml		cfssl.advisories.yaml
chartmuseum.advisories.yaml		chartmuseum.advisories.yaml
checkov.advisories.yaml		checkov.advisories.yaml
chezmoi.advisories.yaml		chezmoi.advisories.yaml
chromium.advisories.yaml		chromium.advisories.yaml
cilium-1.14.advisories.yaml		cilium-1.14.advisories.yaml
cilium-1.15.advisories.yaml		cilium-1.15.advisories.yaml
cilium-cli.advisories.yaml		cilium-cli.advisories.yaml
cilium-envoy.advisories.yaml		cilium-envoy.advisories.yaml
clamav.advisories.yaml		clamav.advisories.yaml
cloud-sql-proxy.advisories.yaml		cloud-sql-proxy.advisories.yaml
cloudflared.advisories.yaml		cloudflared.advisories.yaml
cloudwatch-exporter.advisories.yaml		cloudwatch-exporter.advisories.yaml
cluster-api-controller.advisories.yaml		cluster-api-controller.advisories.yaml
cluster-autoscaler-1.25.advisories.yaml		cluster-autoscaler-1.25.advisories.yaml
cluster-autoscaler-1.26.advisories.yaml		cluster-autoscaler-1.26.advisories.yaml
cluster-autoscaler-1.27.advisories.yaml		cluster-autoscaler-1.27.advisories.yaml
cluster-autoscaler-1.28.advisories.yaml		cluster-autoscaler-1.28.advisories.yaml
cluster-autoscaler-1.29.advisories.yaml		cluster-autoscaler-1.29.advisories.yaml
cluster-proportional-autoscaler.advisories.yaml		cluster-proportional-autoscaler.advisories.yaml
clusterctl.advisories.yaml		clusterctl.advisories.yaml
cni-plugins.advisories.yaml		cni-plugins.advisories.yaml
conda.advisories.yaml		conda.advisories.yaml
configmap-reload.advisories.yaml		configmap-reload.advisories.yaml
configurable-http-proxy.advisories.yaml		configurable-http-proxy.advisories.yaml
confluent-common-docker.advisories.yaml		confluent-common-docker.advisories.yaml
confluent-docker-utils.advisories.yaml		confluent-docker-utils.advisories.yaml
confluent-kafka.advisories.yaml		confluent-kafka.advisories.yaml
conftest.advisories.yaml		conftest.advisories.yaml
consul-1.15.advisories.yaml		consul-1.15.advisories.yaml
consul-1.16.advisories.yaml		consul-1.16.advisories.yaml
containerd.advisories.yaml		containerd.advisories.yaml
controller-gen.advisories.yaml		controller-gen.advisories.yaml
coredns.advisories.yaml		coredns.advisories.yaml
coreutils.advisories.yaml		coreutils.advisories.yaml
cortex.advisories.yaml		cortex.advisories.yaml
cosign.advisories.yaml		cosign.advisories.yaml
crane.advisories.yaml		crane.advisories.yaml
cri-tools.advisories.yaml		cri-tools.advisories.yaml
croc.advisories.yaml		croc.advisories.yaml
crossplane-provider-aws.advisories.yaml		crossplane-provider-aws.advisories.yaml
crossplane-provider-azure.advisories.yaml		crossplane-provider-azure.advisories.yaml

Repository files navigation

advisories

Security advisory data for the Wolfi distribution.

Introduction

This repository is where we store Wolfi's security advisory data. Each Wolfi package is represented with a <package-name>.advisories.yaml file, if there are any advisories recorded for the given package.

The purpose of the advisory data is to record all investigated package vulnerabilities and indicate the latest understanding of whether or not the package is affected by the vulnerability.

Interpreting the data

Each package advisories file in this repository has a list of one or more advisories. Each advisory is named by an ID (e.g. "CVE-2023-12345") and contains a list of timestamped events that describe the investigation of a vulnerability's impact on the given package.

Event Types

For a detailed look at the current event types, see the Event Types document.

Using the data

The best way to interact with the data in this repo is to use wolfictl. Run wolfictl advisory -h to see a list of commands designed to interact with this dataset.

For example, to see advisories for every package in Wolfi:

$ wolfictl advisory list
apko: CVE-2023-28840: fixed (0.7.3-r1)
apko: CVE-2023-28841: fixed (0.7.3-r1)
apko: CVE-2023-28842: fixed (0.7.3-r1)
bind: CVE-2018-5736: fixed (9.18.10-r0)
(and so on...)

License

wolfi-dev/advisories

Folders and files

Latest commit

History