We should extract unpublished vulnerabilities from commit histories and issue trackers

• Parse issues and trackers such as github issues. See Process unstructured data sources #251
• Parse CHANGELOGs. See Parse CHANGELOGs to discover new Vulnerabilities #233 and https://github.com/pyupio/changelogs/
• Parse Git commit messages
  • To include fix commits VCIO-next: Add support to track fix commits: Include commits and patches that fix a vulnerability #207
  • To find new or existing vulnerabilities
    • https://github.com/CERTCC/git_vul_driller
    • https://github.com/Ananya-0306/vuln-finder
    • https://github.com/aklyussef/VulnerabilityPatchFinder
    • https://github.com/samaritan/archeogit
    • https://github.com/cve-search/git-vuln-finder

These are valuable information and we can search for CVE and security-related keywords and track these in a curation queue. And eventually submit these as NVD CVEs.

See also:

• Extract interesting data from CVE and other vulnerabilities body #551