CVE in a package dependency #825

ssheladiya · 2025-03-05T23:29:55Z

ssheladiya
Mar 5, 2025

Where do we report if there is a know CVE in one of the dependency?

ssheladiya · 2025-03-05T23:30:39Z

ssheladiya
Mar 5, 2025
Author

@kmcginnes maybe you have some idea around that?

2 replies

kmcginnes Mar 10, 2025
Maintainer

~~You can create a GitHub issue with the details if it is already public knowledge (i.e. Docker found issues or some other automated tool).~~

If it is a new vulnerability that is not public knowledge, then we would like the chance to close it before it becomes public. We don't have many non-public forms of communication for this project yet. But you can find me and some of my other team mates on the Tinkerpop Discord server.

kmcginnes Mar 10, 2025
Maintainer

Actually, I stand corrected. The repo Readme section has a "Security" tab that has all the security reporting information and useful links.

https://github.com/aws/graph-explorer?tab=security-ov-file

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE in a package dependency #825

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 2 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

CVE in a package dependency #825

Uh oh!

ssheladiya Mar 5, 2025

Replies: 1 comment · 2 replies

Uh oh!

ssheladiya Mar 5, 2025 Author

Uh oh!

Uh oh!

kmcginnes Mar 10, 2025 Maintainer

Uh oh!

kmcginnes Mar 10, 2025 Maintainer

ssheladiya
Mar 5, 2025

Replies: 1 comment 2 replies

ssheladiya
Mar 5, 2025
Author

kmcginnes Mar 10, 2025
Maintainer

kmcginnes Mar 10, 2025
Maintainer