The Open Source Software Advisory (OSSA) Database is a community-driven repository that collects and maintains structured advisories for open-source packages. These advisories highlight issues such as package deprecations, license concerns, security risks, and other factors affecting software sustainability.
This repository is designed to be neutral and independent, providing information that is generic and not tied to any specific organization, use case, or company. It serves as a reference database for Open Source ecosystems and does not constitute legal advice.
advisories/– The directory containing JSON advisory files following the OSSA schema.docs/– Documentation related to the schema and advisory guidelines.
Each advisory is formatted according to the OSSA Schema and contains:
- Unique Identifier (
id) - Package Details (
package_name,purls) - Severity Assessment (
severity,affected_versions) - Approvals & Metadata (
approvals,last_updated) - External References (
references,licenses)
For full details, refer to the OSSA Advisory Schema.
- This repository provides general information about Open Source Software Advisories.
- It is not specific to any company, project, or use case.
- It does not constitute legal or compliance advice.
Contributions are welcome! To contribute:
- Fork the repository.
- Add or update an advisory in the
advisories/directory. - Validate your changes using the OSSA validator.
- Submit a pull request.
For discussions and improvements, please open an issue.
All content in this repository is licensed under the MIT License. See the LICENSE file for details.