Reporting an issue with GitHub Security Advisories

The GitHub Security Advisory page doesn’t appear to have any way to report inaccurate data, and so I am looking for a way to do so.

There is a problem with the fix version details for GHSA-mh7g-99w9-xpjm. Downstream projects which rely on this data are reporting false positive findings in vulnerability scans because of the issue.
There are 3 fix versions for the package in question; one fix version for each major release supported at the time (5.x, 6.x, and 7.x), however GHSA only reports a single fix version for the highest major release at the time, 7.x, which is incorrect.

I was asked here to report the issue to GHSA, but I see no way to do so.

Any guidance on this will be appreciated.

:wave: Welcome!

Thanks for the report. I’ve raised an issue internally and I’ll be back to update when I know more!

1 Like

Hello, I just wanted to follow up and post that I do see this advisory was updated 5 days ago, and scans of this package no longer seem to trigger a vulnerability finding. Thank you very much for the assistance here! It is greatly appreciated!