| Table of Contents |
|---|
...
The Vulnerabilities Report provides a table with the following columns of information:
Severity: The severity of a vulnerability is between a range of 0 to 10, and has three severity levels for CVSS2 and five severity levels for CVSS3 as displayed below:
CVSS v2.0 Ratings | CVSS v3.0 Ratings | ||
|---|---|---|---|
Severity | Base Score Range | Severity | Base Score Range |
None | 0.0 | ||
Low | 0.0-3.9 | Low | 0.1-3.9 |
Medium | 4.0-6.9 | Medium | 4.0-6.9 |
High | 7.0-10.0 | High | 7.0-8.9 |
Critical | 9.0-10.0 | ||
Library: The library that was detected as vulnerable. Clicking the library name opens its Library Details page.
Occurrences: The number of projects in which the library was used. Clicking the 'Details' link opens a popup with more information.
Vulnerability ID: The vulnerability identifier, which can consist of two vulnerability types: 'CVE' and 'WS' (see definitions in Working with Vulnerabilities). Clicking the 'Vulnerability ID' link displays the vulnerability details, a link to MITRE source, the CVSS3 base score metrics (when available), a link to the library's CVE web page (when relevant) and provides a fix (if it exists).
CVSS 3 Score: For more information, refer to this article. If CVSS 3 Score metrics are not found, then CVSS 2.0 metrics are displayed. Clicking the score link opens a pop-up window with more information on the score.
CVSS 2.0 Score: The CVSS 2.0 score.
Published: Date the vulnerability was published.
Top Fix: The best fix that matches the vulnerability. Fixes may vary (e.g., 'patch available', 'change some of the source files', etc.)
...