Thanks for the positive feedback everybody!
This is now public at pypa/advisory-db on GitHub (I’m not allowed to post the full link here for some reason) and currently contains 550~ advisories dating back to 2019 (more will be backfilled soon).
2 Likes
The repo is here: GitHub - pypa/advisory-db: Security advisory database for Python packages published on pypi.org
If you would like to use the CVE database, Thoth’s resolver can automatically remove packages with vulnerabilities stated in the database - see the demo:
Currently, we are ingesting dependency data for other operating systems than Red Hat Enterprise Linux 8 and UBI 8 (with Python 3.8).
If you would like to consume recommendations for other operating systems, feel free to let us know to eventually prioritize data ingestion based on the user base.
And last but not least, thanks for the database!
1 Like