-
The api endpoint at https://ossindex.sonatype.org/api/v3/component-report
returns a CVSSv3.1 vector, but the library ossindex-service-client defaults to "CVSSv2" because it does not start with "CVSSv…
-
-
Hi,
it seems like that version 0.9.x of openssl-sys (I can tell that all versions of 0.9.x up to the latest 0.9.104 is in the list, but you need to register to see this information) if affected by …
-
Using config similar to below (obfuscated) - the excluded artefact is still included in the network request to query the index.
The excluded artefact is one of our internal dependencies. We do not w…
-
I am trying to use `jake` to query vulnerabilties of conda package as listed from an environment.
This constructs a Conda packge URL (purl) as described in https://github.com/package-url/purl-spec/…
-
**Vulnerability URL**
Provide the URL to the vulnerability. For example:
```
https://ossindex.sonatype.org/vulnerability/CVE-2022-34265
```
**Component URL**
Provide the URL to the component. …
-
When building with `mvn -T1.0C`, I get this warning (when executing `audit`):
```
[WARNING] *****************************************************************
[WARNING] * Your build is requesting pa…
seanf updated
5 years ago
-
**Vulnerability URL**
Provide the URL to the OSS Index vulnerability. eg:
```
https://ossindex.sonatype.org/vulnerability/6bf898dc-eafe-44f0-80da-8809557a6ace?component-type=nuget&component-name=Um…
-
OSSIndex uses incorrect package versions, which causes mismatches with packages from the PHP and Go ecosystems.
Example:
Package: https://packagist.org/packages/phpmailer/phpmailer
Version: `v…
-
**Vulnerability URL**
https://ossindex.sonatype.org/vulnerability/sonatype-2020-0926?component-type=maven&component-name=com.google.guava/guava
**Component URL**
https://ossindex.sonatype.org/com…