Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bug: HTML report does not include all CVEs correctly #4469

Open
stjen opened this issue Sep 24, 2024 · 1 comment
Open

bug: HTML report does not include all CVEs correctly #4469

stjen opened this issue Sep 24, 2024 · 1 comment
Labels
bug Something isn't working
Milestone

Comments

@stjen
Copy link

stjen commented Sep 24, 2024

Description

The HTML report generation does not correctly include all CVEs for a specific product in a specific version.

When comparing to vulnerability.json, the issues are not found in the "all" tab, nor the print mode (see below)

image

image

They are however present in the HTML report, but hidden under the "New" tab:

image

To reproduce

I can reproduce it on our codebase, but also with the attached vulnerability.json file:

  1. cve-bin-tool -S high --detailed -l info --affected-versions -i vulnerability.json --offline -f html -o vulnerability.html

Expected behaviour:

All CVE's visible in print mode

Actual behaviour:

No CVE's visible in print mode

Version/platform info

Version of CVE-bin-tool( e.g. output of cve-bin-tool --version): Verified in cve-bin-tool 3.3 and 3.4
Installed from pypi or github? Pypi
Operating system: Linux and Mac
Python version (e.g. python3 --version): Python 3.12.3
Running in any particular CI environment we should know about? No

Anything else?

The file to recreate the issue, which was originally created with the command
cve-bin-tool -S high --detailed -l info --affected-versions mac_build/bin/* -f json,html -o vulnerability.html

vulnerability.json

@stjen stjen added the bug Something isn't working label Sep 24, 2024
@stjen stjen changed the title bug: HTML report does not include severities bug: HTML report does not include all CVE's correctly Sep 24, 2024
@stjen stjen changed the title bug: HTML report does not include all CVE's correctly bug: HTML report does not include all CVEs correctly Sep 24, 2024
@terriko
Copy link
Contributor

terriko commented Sep 24, 2024

Thanks. Not sure what's going on here, but that's definitely a bug.

@terriko terriko added this to the future milestone Sep 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants