Do not report ghost package as a fix for vulnerability - Githubissues

aboutcode-org / vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

https://public.vulnerablecode.io

Apache License 2.0

543 stars 201 forks source link

Do not report ghost package as a fix for vulnerability #1679

Open keshav-space opened 2 days ago

keshav-space commented 2 days ago

UI: Package Details

Before	After

UI: Vulnerability Details

Before	After

UI: Package Details with `Latest/Next non-vulnerable`

Before	After

APIv1: /api/vulnerabilities

Before	After

APIv1: /api/packages

Before	After

APIv2: /api/v2/packages with `latest/next non-vulnerable`

Before	After

APIv2: /api/v2/packages with ghost `fixing_vulnerabilities`

Before	After

Resolves https://github.com/aboutcode-org/vulnerablecode/issues/1650