Somewhere there is a job that ingests advisories from https://github.com/rustsec/advisory-db and republishes them here as GHSAs.
Speaking on behalf of @rustsec, our database contains a mixture of advisories for security vulnerabilities and advisories for other defects which are not immediately security critical, like unsoundness or unmaintained packages (I now regret not more cleanly isolating these advisories).
Here is a recent example: rust-random/rand#1774
These advisories contain an informational field in their metadata, e.g.:
https://github.com/rustsec/advisory-db/blob/cf79a10/crates/rand/RUSTSEC-2026-0097.md?plain=1#L7
This is a request to change the ingestion job which converts RUSTSEC advisories into GHSAs to ignore any advisories containing the informational field as these advisories do not represent specific vulnerabilities.
See also: rustsec/advisory-db#2572
Somewhere there is a job that ingests advisories from https://github.com/rustsec/advisory-db and republishes them here as GHSAs.
Speaking on behalf of @rustsec, our database contains a mixture of advisories for security vulnerabilities and advisories for other defects which are not immediately security critical, like unsoundness or unmaintained packages (I now regret not more cleanly isolating these advisories).
Here is a recent example: rust-random/rand#1774
These advisories contain an
informationalfield in their metadata, e.g.:https://github.com/rustsec/advisory-db/blob/cf79a10/crates/rand/RUSTSEC-2026-0097.md?plain=1#L7
This is a request to change the ingestion job which converts RUSTSEC advisories into GHSAs to ignore any advisories containing the
informationalfield as these advisories do not represent specific vulnerabilities.See also: rustsec/advisory-db#2572