Missing Vulnerable information

[VASAVI512]

Hello,

Please find the details below. Though vulnerability is shown in NVD, its not captured in Sonatype. example: Purl url is not showing any vulnerable information in sonatpe search " https://ossindex.sonatype.org/search" Let us know why is it not showing any information in here.

Advisory details

   "name" : "Flask-Cors",
    "version" : "3.0.6",
    "purl" : "pkg:conda/flask-cors@3.0.6-py37_0-win-64",
URL: https://flask-cors.corydolphin.com/
  format: <Conda>

Regards, Vasavi

[ken-duck]

Sorry for the delay. We are still working on developing processes to handle issues, and I have been away for a while (catching up now)!

This issue has been passed to the research team on our internal tracking system, and I will report back here once more is known.

[ken-duck]

Very sorry for the delay. As you may have noticed, a number of issues have fallen through the cracks, and we are in the process of catching up and cleaning things up.

Thank you for your report. We are migrating to a new email-based reporting system in order to better mesh with our internal processes, which will allow us to be more reactive to our users. I have moved your request to the internal tracking system and the research team will look into the issue shortly.

If you notice further issues or would like to follow up on this one, please email ossindex@sonatype.org

[ken-duck]

One added thing. OSS Index does not currently handle PURLs with postfixes after the version number like that supplied in your example.

pkg:conda/flask-cors@3.0.6-py37_0-win-64

The version as expected by OSS Index is as follows:

https://ossindex.sonatype.org/component/pkg:conda/flask-cors@3.0.6

I am adding a story to our internal tracking to look into handling these sorts of postfixes in the future.