Snyk Vulnerability Database
This is the vulnerability database used by Snyk, a tool that helps you find and fix known vulnerabilities in your Node.js dependencies, both ad hoc and as part of your CI (Build) system.
data/npm folder you will find a list of folders that match the names of vulnerable npm packages, then a
YYYYMMDD folder containing the data files.
For example, the latest Denial of Service vulnerability in the
ms package will have the following path
data/ npm/ bassmaster/ 20140927/ README.md data.json bussmaster_vuln_fix.patch jsonwebtoken/ 20150331/ README.md data.json 20150304/ README.md data.json
data.json file contains the actual information about the vulnerability. It can optionally reference other files, like the vulnerability description (README.md) or patch files located in the same folder.
Key attributes of the vulnerability data file: (full schema)
title: title of the vulnerability
credit: list of credited reporters
description: vulnerability description. Can reference an external file, i.e.
vulnerable: vulnerable versions semver range
CVSSv3: CVSS v3 score
severity: severity of the vulnerability
urls: list of patch files or urls. Can point to a local file
file://fix.patchor file url (i.e.
version: applicable versions semver range
Unified GNU diff formatted patch files are used to make the minimal modifications required to fix the vulnerability.