GitHub Advisory Database now supports Erlang and Elixir packages!

GitHub has expanded its Advisory Database to include curated security advisories for languages compiled to run on the BEAM virtual machine, such as Elixir and Erlang, aiming to enhance the security of software supply chains by providing comprehensive vulnerability information and remediation guidance. This addition brings the database's coverage to nine ecosystems, including Composer, Go, Maven, npm, NuGet, pip, RubyGems, Rust, and now Erlang, allowing developers to check for security issues directly on GitHub. The database, which is open source and licensed under Creative Commons Attribution 4.0, supports contributions from the community, enabling security researchers and enthusiasts to add relevant information about Hex packages. This initiative is part of GitHub's broader mission to offer free and open security data to empower the industry, and is led by Madison Oliver, a senior security manager at GitHub with extensive experience in vulnerability reporting and response.