Contact Us
Open Data · Refreshed Daily

Everything we're tracking right now.

A structured feed of real advisories, plus a narrative digest generated by an open-source model reading public reporting. No paid data feed, no paid LLM API — see exactly how each is built below.

Ongoing supply chain attacks this month.

Pulled automatically from the GitHub Advisory Database — real advisories affecting npm, PyPI, Go, RubyGems, Maven, crates.io and GitHub Actions, updated daily. No LLM in the loop: names and version ranges come straight from the advisory record.

Loading feed status…
Package Ecosystem Affected Patched Severity Advisory
Fetching latest advisories…
Disclaimer

These results are sourced from the public web — specifically the GitHub Advisory Database — and are surfaced here automatically without manual verification by PurpleLotus. Advisory data can be incomplete, disputed, or updated after this page was generated. Always confirm affected/patched versions against the linked upstream advisory before taking action on your own systems.

⚠ AI-Generated · Unverified

Notable incidents, in plain language.

A local, fully open-source model (Llama 3.2, run via Ollama — no paid API) reads recent public reporting via open web search and drafts a short digest below. Unlike the structured feed above, this is narrative synthesis, not a database record. Treat it as a pointer to go read the real articles, not as a verified fact sheet.

Loading digest…

Disclaimer

This digest is generated automatically by an open-weight language model summarizing public web search results. It has not been fact-checked by PurpleLotus and may contain inaccuracies, outdated information, or misattributed details. Always verify against the linked sources before relying on any specific claim, date, or figure.

PurpleLotus