Vulnerability

You can check whether there are any vulnerabilities in Open Source and check related information (CVE ID, CVSS Score).

Vulnerability YouTube Guide




Vulnerability List

1. Search Conditions

You can search by setting OSS Name, OSS Version, CVE ID, etc.

  • OSS Name and OSS Version are not related to the OSS registered in the OSS List; they refer to the NVD Data Feeds Product Name and Version.
  • When "Exact match" is checked, only results that exactly match the OSS Name will be displayed.
  • For CVE ID, only exact matches will be displayed.

2. Search Results

  • Clicking the OSS Name link: All CVE results for the OSS Name and nickname in that row by version will be displayed in a popup.
    • Exact match results for OSS Name, nickname, and version.
    • However, if the version is ‘-‘, all versions will be displayed.
  • Clicking the Nickname link: All CVE results for the specific version based only on the nickname will be displayed in a popup.
    • Exact match results for nickname and version.
    • However, if the version is ‘-‘, all versions will be displayed.
  • Max CVSS Score: The highest critical level for each version of the OSS is displayed.
Severity CVSS Score Range
CriticalIcon Critical 9.0 ~ 10.0
HighIcon High 7.0 ~ 8.9
MediumIcon Medium 4.0 ~ 6.9
LowIcon Low 0.1 ~ 3.9

3.Export Vulnerability Information

  • After checking the vulnerability information, you can download it as an Excel file by clicking the Export button on the left.
    VulExport

  • View Exported Information
    VulExport

    • OSS Name: The OSS Name listed in the OSS Table
    • OSS Version: The version where the vulnerability was found
      • If the OSS version is blank, all versions related to the vulnerability will be displayed.
      • If a specific version is set, lower versions will not be included in the CSV (all higher versions will be included).
    • CVE ID: Security vulnerability ID provided by NVD (National Vulnerability Database)
    • CVSS Score: The Max Score of the vulnerability for the OSS and version
    • Description: Extra information for the OSS
    • Published Date: The date the vulnerability was published by NVD
    • Last Revised: The date the information on the security vulnerability was last revised by NVD
    • Vendor: OSS Vendor (used to distinguish the vendor of the OSS when the OSS Name is the same)




Vulnerability Details

  • After searching in the Vulnerability List and click on the link for the OSS Name or Nickname, you can see the detailed screen.
    VulPopUp