Did you know that GitHub maintains a public database of known CVEs and security advisories for open-source codebases? The database is a public Git repository that holds JSON files in OSV format, partitioned by date. This is the data that's displayed on the github.com/advisories page, which also powers Dependabot alerts! Since it's just a Git repo, we wanted to take it for a spin with MergeStat to
![Querying GitHub Security Advisories With SQL 🛡️ | MergeStat Documentation](https://cdn-ak-scissors.b.st-hatena.com/image/square/b8b6753952542b80260be3943809f77251459b6f/height=288;version=1;width=512/https%3A%2F%2Fdocs.mergestat.com%2Fassets%2Fimages%2Fgithub-advisory-database-files-sync-05df9064bb76304f90b2b2eedaf53026.jpg)