The WP_Http_Client class throws an exception in the event of a WP_Error response.
The Api_Client class catches this and converts it to an error Api_Response instance.
The Api_Response class provides a method for checking whether or not there is an error.
However - The Checker class calls $response->get_vulnerabilities_by_version() without checking for errors. In the event of an error, an empty array is returned.
So basically if the HTTP request fails, the checker is unaware and assumes that no vulnerabilities were detected.
The WP_Http_Client class throws an exception in the event of a WP_Error response.
The Api_Client class catches this and converts it to an error Api_Response instance.
The Api_Response class provides a method for checking whether or not there is an error.
However - The Checker class calls $response->get_vulnerabilities_by_version() without checking for errors. In the event of an error, an empty array is returned.
So basically if the HTTP request fails, the checker is unaware and assumes that no vulnerabilities were detected.