Consider using project kb's data

[sbs2001]

Project KB contains manually curated commit links which fix particular CVE. It contains commits which actually rectified "vulnerable code" unlike NVD which many times contains commits which tagged release.

Vulncode-db can leverage project KB's data and provide more examples of real world vulnerable code.

Data is at :

https://github.com/SAP/project-kb/blob/master/MSR2019/dataset/vulas_db_msr2019_release.csv
https://github.com/SAP/project-kb/tree/vulnerability-data/statements

FYI project KB is used by https://github.com/eclipse/steady .

[evonide]

I was unaware of this project this is excellent to know thanks a lot for sharing this!
Currently, we're more focused on completing the contributions review system and addressing all issues in https://github.com/google/vulncode-db/milestone/1 to get a first candidate that accepts community content.

However, we'll certainly look into integrating the linked data into Vulncode-DB, too at some later point in time.