Add level of severity for PHP Security Advisories
TheGarious opened this issue · 3 comments
TheGarious commented
For each update i don't have a level of severity from this vulnerability.
I don't know if possible to graduate each vulnerability, else how evaluate level of severity.
Thanks,
fabpot commented
No, this information does not exist, but should be part of any CVE. I think we should not duplicate the information.
Szasza commented
@fabpot avoiding the duplication is certainly a good approach, but what about the advisories which don't have a CVE reference? Should the goal be in these cases to create a matching CVE?
fabpot commented
Indeed, I think getting a CVE is the way to go to give more details. This repository is "just" a database that references where to find more information.