Vulnerability

You can check whether there are any vulnerabilities in Open Source and check related information (CVE ID, CVSS Score).

Vulnerability YouTube Guide




Vulnerability List

  • You can check and search for the highest security vulnerability information by version of open source provided in the NVD (National Vulnerability Database)'s NVD Data Feeds.
    VulList
  • (LGE Only) For inquiries on how to resolve security vulnerabilities, please refer to the following link:
    http://collab.lge.com/main/display/SWSEC/How+to+request

1. Search Conditions

You can search by setting OSS Name, OSS Version, CVE ID, etc.

  • OSS Name and OSS Version are not related to the OSS registered in the OSS List; they refer to the NVD Data Feeds Product Name and Version.
  • When "Exact match" is checked, only results that exactly match the OSS Name will be displayed.
  • For CVE ID, only exact matches will be displayed.

2. Search Results

  • Clicking the OSS Name link: All CVE results for the OSS Name and nickname in that row by version will be displayed in a popup.
    • Exact match results for OSS Name, nickname, and version.
    • However, if the version is ‘-‘, all versions will be displayed.
  • Clicking the Nickname link: All CVE results for the specific version based only on the nickname will be displayed in a popup.
    • Exact match results for nickname and version.
    • However, if the version is ‘-‘, all versions will be displayed.
  • Max CVSS Score: The highest critical level for each version of the OSS is displayed.
Severity CVSS Score Range
CriticalIcon Critical 9.0 ~ 10.0
HighIcon High 7.0 ~ 8.9
MediumIcon Medium 4.0 ~ 6.9
LowIcon Low 0.1 ~ 3.9




Vulnerability Details

View Details

  • After searching in the Vulnerability List, click the OSS Name or Nickname link. VulPopUp

Export Vulnerability Information

  • You can check the Max Score for each version of the OSS and subsequent versions corresponding to the OSS you entered.
  • By clicking the Vulnerability link, a popup with detailed information will be displayed.
  • After checking the vulnerability information, you can download it as an Excel file by clicking the Export button on the left. VulExport

View Exported Information

VulExport

  • OSS Name: The OSS Name listed in the OSS Table
  • OSS Version: The version where the vulnerability was found
    • If the OSS version is blank, all versions related to the vulnerability will be displayed.
    • If a specific version is set, lower versions will not be included in the CSV (all higher versions will be included).
  • CVE ID: Security vulnerability ID provided by NVD (National Vulnerability Database)
  • CVSS Score: The Max Score of the vulnerability for the OSS and version
  • Description: Extra information for the OSS
  • Published Date: The date the vulnerability was published by NVD
  • Last Revised: The date the information on the security vulnerability was last revised by NVD
  • Vendor: OSS Vendor (used to distinguish the vendor of the OSS when the OSS Name is the same)