Vulnerability
You can check whether there are any vulnerabilities in Open Source and check related information (CVE ID, CVSS Score).
Vulnerability YouTube Guide
Vulnerability List
- You can check and search for the highest security vulnerability information by version of open source provided in the NVD (National Vulnerability Database)'s NVD Data Feeds.
-
(LGE Only) For inquiries on how to resolve security vulnerabilities, please refer to the following link:
http://collab.lge.com/main/display/SWSEC/How+to+request
1. Search Conditions
You can search by setting OSS Name, OSS Version, CVE ID, etc.
- OSS Name and OSS Version are not related to the OSS registered in the OSS List; they refer to the NVD Data Feeds Product Name and Version.
- When "Exact match" is checked, only results that exactly match the OSS Name will be displayed.
- For CVE ID, only exact matches will be displayed.
2. Search Results
-
Clicking the OSS Name link: All CVE results for the OSS Name and nickname in that row by version will be displayed in a popup.
- Exact match results for OSS Name, nickname, and version.
- However, if the version is ‘-‘, all versions will be displayed.
-
Clicking the Nickname link: All CVE results for the specific version based only on the nickname will be displayed in a popup.
- Exact match results for nickname and version.
- However, if the version is ‘-‘, all versions will be displayed.
- Max CVSS Score: The highest critical level for each version of the OSS is displayed.
Severity | CVSS Score Range |
---|---|
![]() | 9.0 ~ 10.0 |
![]() | 7.0 ~ 8.9 |
![]() | 4.0 ~ 6.9 |
![]() | 0.1 ~ 3.9 |
Vulnerability Details
View Details
- After searching in the Vulnerability List, click the OSS Name or Nickname link.
Export Vulnerability Information
- You can check the Max Score for each version of the OSS and subsequent versions corresponding to the OSS you entered.
- By clicking the Vulnerability link, a popup with detailed information will be displayed.
- After checking the vulnerability information, you can download it as an Excel file by clicking the Export button on the left.
View Exported Information
- OSS Name: The OSS Name listed in the OSS Table
-
OSS Version: The version where the vulnerability was found
- If the OSS version is blank, all versions related to the vulnerability will be displayed.
- If a specific version is set, lower versions will not be included in the CSV (all higher versions will be included).
- CVE ID: Security vulnerability ID provided by NVD (National Vulnerability Database)
- CVSS Score: The Max Score of the vulnerability for the OSS and version
- Description: Extra information for the OSS
- Published Date: The date the vulnerability was published by NVD
- Last Revised: The date the information on the security vulnerability was last revised by NVD
- Vendor: OSS Vendor (used to distinguish the vendor of the OSS when the OSS Name is the same)