looking at the latest illissued lodash CVE they seem to deliver CVEs that are wi... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

valkum on Oct 7, 2021 | parent | context | favorite | on: GitHub Advisory Database now powers NPM audit

looking at the latest illissued lodash CVE they seem to deliver CVEs that are withdrawn in GH Advisory Database

ethomson on Oct 7, 2021 [–]

Product Manager for npm here. That was correct. As part of our integration, we were not excluding withdrawn advisories. We've since corrected this. Apologies!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact