2026-03-27T20:06:52Z https://yabu.me patak https://yabu.me/npub1mger50hx4nnl8k2pjcmy30xuy2pfs2gexmkqf8x8mm7q92d5y5rsjhp6q2 https://media.webtoo.ls/accounts/avatars/109/463/448/067/602/774/original/268804e57696ba44.jpeg https://media.webtoo.ls/accounts/avatars/109/463/448/067/602/774/original/268804e57696ba44.jpeg https://yabu.me/nevent1qqsqhcwvsh8a0lp5l3zfzyn8yv85v4khdw7fy9rxrk8lnzlypncddhszyrdryw37u6kw0u7egxtrvj9ums3g9xpfrymwcpyucl00cq4fksjswr999ym In reply to <a href='/nevent1qqsqkgtrzf7pys2kfa6qrmtzuv7r0uewtflzj2ukq87csdrfngx9wxsknz6h4'>nevent1q…z6h4</a><br/>_________________________<br/><br/>Stats for the Vite repo, of all reported CVEs: 6 published, 33 closed. Every time there is a new CVE, we need to drop what we are doing to check it out because it could be important. The published number should be higher than the noise we get here. GitHub may need to make it harder to create a CVE. 2024-12-11T09:28:10Z https://yabu.me/nevent1qqsqkgtrzf7pys2kfa6qrmtzuv7r0uewtflzj2ukq87csdrfngx9wxszyrdryw37u6kw0u7egxtrvj9ums3g9xpfrymwcpyucl00cq4fksjswc7tw8r if you work on automated security reports tooling, could you please add a disclaimer in all uppercase for your users: &#34;a CVE in a dependency doesn&#39;t imply that it affects the library using it; PLEASE DON&#39;T OPEN A CVE if you can&#39;t share a reproducible attack vector with the maintainers of the lib&#34; 🙏 2024-12-11T09:27:54Z