Notice the <* for the first result. This should instead show comma separated list of all versions mentioned in the original report along with the version passed by the caller.
This is fixed with 1.2.0. I have also improved version include and exclude logic. There is some more work required to make it accurate, for instance, improving the complex utils.version_compare
While constructing the Vulnerability Occurrence the code is using the cpe uri instead of the version list from the original Vulnerability.
https://github.com/AppThreat/vulnerability-db/blob/6775575cc5e7b11885f7af2d44b5540ad15a17f6/vdb/lib/utils.py#L370
This is causing some weird search behaviour as demonstrated below:
Notice the
<*
for the first result. This should instead show comma separated list of all versions mentioned in the original report along with the version passed by the caller.