Problem/query/vulnerabilities API response contains nvd_data attribute for each vulnerability in the result. The value of the attribute represents the NVD assigned CVSS scores. This field is not correctly populated for a small subset of vulnerabilities in the system. Instead of a list of results, the value is a null reference as noted below. The issue affects only those vulnerabilities that exclusively belong in the nvd namespace with grype as the vulnerabilities provider (v2 scanner). It does not affect the legacy vulnerability provider (v1 scanner)
Workaround
The API also supports a namespace query parameter to filter results based on the namespace. Supply it with nvd value to view the NVD CVSS scores
Environment
Problem
/query/vulnerabilities
API response containsnvd_data
attribute for each vulnerability in the result. The value of the attribute represents the NVD assigned CVSS scores. This field is not correctly populated for a small subset of vulnerabilities in the system. Instead of a list of results, the value is a null reference as noted below. The issue affects only those vulnerabilities that exclusively belong in thenvd
namespace with grype as the vulnerabilities provider (v2 scanner). It does not affect the legacy vulnerability provider (v1 scanner)Workaround The API also supports a namespace query parameter to filter results based on the namespace. Supply it with
nvd
value to view the NVD CVSS scores