...
The Early Warning Report displays vulnerabilities that have automatically been identified by WhiteSourceMend, and are undergoing a certification review by the WhiteSource Mend research team. Once they are certified, they will be removed from the report, and will instead appear as part of the Vulnerabilities Report. The certified vulnerabilities will trigger the creation of alerts and, according to the user’s configuration, might also trigger policy matching with the libraries in which they appear.
...
Severity: The severity of a vulnerability is between a range of 0 to 10, and has three severity levels for CVSS2 and five severity levels for CVSS3 as displayed below:
CVSS v2.0 Ratings | CVSS v3.0 Ratings | ||
|---|---|---|---|
Severity | Base Score Range | Severity | Base Score Range |
None | 0.0 | ||
Low | 0.0-3.9 | Low | 0.1-3.9 |
Medium | 4.0-6.9 | Medium | 4.0-6.9 |
High | 7.0-10.0 | High | 7.0-8.9 |
Critical | 9.0-10.0 | ||
Library: The library that was detected as vulnerable. Clicking the library name opens its Library Details page.
Early Warning ID: The early warning identifier, Clicking the 'Early Warning' link displays the vulnerability details, a link to MITRE source, the CVSS3 base score metrics (when available), a link to the library's CVE web page (when relevant) and provides a fix (if it exists).
Source File: File where the vulnerability was found.
CVSS Score: The vulnerability's Common Vulnerability Scoring System (CVSS) score.
CVSS Type: CVSS 1, CVSS 2, etc. Refer here for more information.
Creation Date: The date when the vulnerability was created.
Modified Date: The date when the vulnerability was last modified.
Product: The product where the vulnerability was found.
Project: The project where the vulnerability was found.
Confidence Score: The estimation of how certain the algorithm is that the newly identified CVE is a legitimate vulnerability.
...