Drill down on a specific advisory to see the following details:

  • Overview of the severity, exploitability label, date published, and last update
  • Description from NVD or GitHub advisories with a link to view the CVE listing directly in the NVD database

Tabs with the following information:

  • Affected packages with a table listing all of the affected packages, and the current advisory status (fixed, unaffected, pending upstream fix, etc.), fixed version (if available), and last update.

    When drilling down from the Advisories table, a filter is applied by default for a specific package. Clear the filter to see all affected packages.

  • Severity details with the CVSS vector details and CVSS version information

  • Exploitability details with reference links and EPSS probability and percentile rank and CISA KEV details.

Status History

For every affected package, expand the listing to view a history of the advisory statuses. You will see when the advisory came under review and the different updates provided with the rationale, when applicable.

Examples for status notes:

  • If a package is listed as unaffected by the CVE, it will explain why the advisory is a false-positive. For example, the vulnerable code may not be present in the Minimus package.
  • If a fix is not planned, the note will explain why. For example the package may have reached its end-of-life (EOL).