Side note: I wish there was an accepted industry-wide, machine-readable format for security advisories. It's kind of a pain that every project out there defines their own way, ranging from atrocious blog posts:<p><a href="https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html" rel="nofollow">https://chromereleases.googleblog.com/2020/02/stable-channel...</a><p>to plain text files:<p><a href="http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt" rel="nofollow">http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.t...</a><p>or custom XMLs:<p><a href="https://www.openssl.org/news/vulnerabilities.xml" rel="nofollow">https://www.openssl.org/news/vulnerabilities.xml</a><p>The CVRF standard promised to be this but is largely unused since it's fairly rigid and requires a lot of investment to get it right.<p>Even GitHub's advisories are fairly limited in the metadata they provide and only accessible through the GraphQL API.