Dataset for Golang featuring vulnerable code and corresponding fixes, covering both CVE-based and synthetic issues
-
CVE info is taken from NVD, Golang vuln db and CVEFixes dataset
-
The schema of the dataset is compatible with OSV schema specification.
-
The unified vulnerability file adds NVD metrics, repository info and commits info.
-
The Python representation of the schema can be seen here.
-
The CVEs generated for all extracted vulnerabilities is present here
-
The original Go vulnerability db files are uploaded here
-
The NVD vulnerability db files are uploaded here
-
Last update time of Go VulnDB: June 10 2024
- File changes are taken from CVEFixes dataset or direct git pull through references in CVEInfo
- A few change sets those are very large (>4MB) are dropped. This number is very small for now (<5)
- The zipped changes files are present here
- Checkout the repository
- Create a venv
- Activate the venv and install
pip-tools pip-compile requirements.in -o requirements.txt- For upgrading dependencies, add
--upgradeto above