ken-duck
commented
2 years ago Hi! Sorry for the delay, but I respond with good news.
OSS Index is going through a major upgrade, as described here: https://ossindex.sonatype.org/updates-notice
The most clear and obvious benefit is far fewer false negatives and false positives, and vulnerabilities will be added to the system on a much more frequent and rapid basis. Once the upgrade is completed you should see most (if not all) of the reported data issues be resolved.
Vulnerability URL Provide the URL to the vulnerability. For example:
Component URL Provide the URL to the component. For example:
Description OSSIndex reports a CVSS 7.5 / Critical vlnerability in node-fetch. However, the linked advisory is actually 2.6 Low https://github.com/advisories/GHSA-w7rc-rwvf-8q5r. Additionally: