Security advisory credit badge not displayed on profile? #41666

tomaarsen · 2022-12-13T21:04:29Z

tomaarsen
Dec 13, 2022

Select Topic Area

Question

Body

Hello!

According to the docs here, if a submitted security advisory is accepted, you'll get a Security advisory credit badge on your profile. In the past, I have submitted and been credited for GHSA-f8m6-h2c7-8h9x. If I hover over my name in the credits section of that advisory, it says: "1 security advisory credit".

However, despite having this advisory credit, the credit is not displayed on my profile. I do know that it is possible for users to get this info in their Highlights section with just one credit, as I have seen it on other profiles, e.g. https://github.com/robmcl4.

So, my first question is, how can I display my security advisory credit on my profile?

Additionally, I have a second question. In the past, other advisories have been made and published by other CVE Numbering Authorities (CNA), like GHSA-2ww3-fxvq-293j. This vulnerability was resolved by me, but I am not credited in the advisory. Is there something I can do about that?

Thanks all.

Tom Aarsen

LeoDog896 · 2023-02-01T14:02:41Z

LeoDog896
Feb 1, 2023

I have the same issue with GHSA-mc52-jpm2-cqh6, but I didn't create the advisory, but was instead credited for finding and reporting it. However, just like OP, there isn't a badge on my profile either.

4 replies

Xitro01 Jan 24, 2024

Same issue for me (GHSA-fffj-6fr6-3fgf) how did you eventually fix it?

LeoDog896 Jan 24, 2024

It seemed to have fixed itself.

Xitro01 Jan 24, 2024

Strange. I accepted it half a year ago and it still did not appear. So maybe GitHub staff fixed it for you guys?

LeoDog896 Jan 24, 2024

Most likely

litetex · 2024-06-17T19:00:24Z

litetex
Jun 17, 2024

+1

Having the same issue with GHSA-wxrm-jhpf-vp6v

0 replies

tesaguri · 2024-06-20T10:34:56Z

tesaguri
Jun 20, 2024

I have the same issue with my vulnerability reports (GHSA-5prv-r7jg-vrf7, GHSA-xmw2-875x-rq88, GHSA-jhrq-qvrm-qr36, GHSA-qqrm-9grj-6v32, GHSA-2vxv-pv3m-3wvj and GHSA-f7g9-xhcq-5ww6).

So far, the common factor among advisories displayed on profile pages AFAICT is that they are labeled as GitHub Reviewed while the advisories affected by the issues are not. From the description in the linked documentation, it seems that only advisories for libraries in certain ecosystems are considered eligible for this category.

But that is weird given that the documentation of the badges doesn't mention anything about GitHub-reviewed advisories. If that were really the requirement for being displayed in the profile page, I think the documentation should be updated to mention that requirement at least.

0 replies

AstroGD · 2024-07-28T13:42:04Z

AstroGD
Jul 28, 2024

Same issue here with my report GHSA-cj3c-5xpm-cx94 - And it was assigned a CVE so it was reviewed by github, right?

0 replies

2024-09-27T03:30:44Z

github-actions[bot]
bot Sep 27, 2024

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬

0 replies

AstroGD · 2024-10-06T14:21:27Z

AstroGD
Oct 6, 2024

Still not fixed for me

0 replies

AstroGD · 2024-10-12T10:44:09Z

AstroGD
Oct 12, 2024

Finally, the issue got resolved for me.
I contacted GitHub support, and they manually recalculated the security advisory credit score for my profile.
After that, my Score now displays correctly.

So for anyone having the same issue: Contacting GitHub Support does the trick ^^

0 replies

2024-12-12T03:33:59Z

github-actions[bot]
bot Dec 12, 2024

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬

0 replies

This comment was marked as off-topic.

Sign in to view

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Community

Security advisory credit badge not displayed on profile? #41666

{{title}}

Replies: 9 comments 4 replies

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

This comment was marked as off-topic.

{{title}}

{{title}}

Select a reply

Security advisory credit badge not displayed on profile? #41666

Select Topic Area

Body

Replies: 9 comments · 4 replies

github-actions[bot] bot Sep 27, 2024

This comment was marked as off-topic.

github-actions[bot] bot Dec 12, 2024

Replies: 9 comments 4 replies

github-actions[bot]
bot Sep 27, 2024

github-actions[bot]
bot Dec 12, 2024