Skip to main content

Searching by Package

You can search for a package in order to find out whether the package has known vulnerabilities, which vulnerabilities it has, and which versions are the most secure.

To search for a package:

  1. Go to AppSec Knowledge Center > Package tab (default).

    6426919520.png
  2. For the Language, select from the drop-down list the language of the package.

  3. In the Package search box, begin typing in the name of the package, a drop-down list of auto-complete options is shown. Click on the desired package.

    Once you enter the package name, the Available Versions section shows a series of color coded markers indicating the versions that have know vulnerabilities (red) and those that don’t (grey).

    6426460699.png
  4. Select the package version using one of the following methods:

    • In the Version search box, begin typing in the version number, a drop-down list of auto-complete options is shown. Click on the desired version. OR

    • Click on the marker in the Available Versions section representing the desired version.

  5. Click Search.

    A list of vulnerabilities that affect the specified package is shown below the Available Versions section.

Viewing Package Search Results

The search results show all vulnerabilities that affect the specified package version. The header bar shows the name and version of the package as well as the date that it was published. The table at the bottom of the page shows a list of all of the vulnerabilities that affect the package. You can click on a row to show details about that vulnerability in the Vulnerability tab.

The following table describes the information shown for each vulnerability associated with the package.

Item

Description

Possible Values

Risk Level

The severity level of the vulnerability, based on its CVSS score in the NVD.

  • HIGH (RED) - (7.1 to 10.0)

  • MEDIUM (ORANGE) - (3.1 to 7.0)

  • LOW (GREY) - (0.0 - 3.0)

For more info see Severity Levels.

ID

The ID of the CVE or Cx listing.

e.g., CVE-2020-8840

CWE

The ID of the CWE listing.

e.g., 502

Published Date

The date that the vulnerability was published in the CVE database.

e.g., Jun 24, 2020