A structured feed of real advisories, plus a narrative digest generated by an open-source model reading public reporting. No paid data feed, no paid LLM API — see exactly how each is built below.
Pulled automatically from the GitHub Advisory Database — real advisories affecting npm, PyPI, Go, RubyGems, Maven, crates.io and GitHub Actions, updated daily. No LLM in the loop: names and version ranges come straight from the advisory record.
| Package | Ecosystem | Affected | Patched | Severity | Advisory |
|---|---|---|---|---|---|
| Fetching latest advisories… | |||||
These results are sourced from the public web — specifically the GitHub Advisory Database — and are surfaced here automatically without manual verification by PurpleLotus. Advisory data can be incomplete, disputed, or updated after this page was generated. Always confirm affected/patched versions against the linked upstream advisory before taking action on your own systems.
A local, fully open-source model (Llama 3.2, run via Ollama — no paid API) reads recent public reporting via open web search and drafts a short digest below. Unlike the structured feed above, this is narrative synthesis, not a database record. Treat it as a pointer to go read the real articles, not as a verified fact sheet.
Loading digest…
This digest is generated automatically by an open-weight language model summarizing public web search results. It has not been fact-checked by PurpleLotus and may contain inaccuracies, outdated information, or misattributed details. Always verify against the linked sources before relying on any specific claim, date, or figure.