antoinbo

Hi @ayedo, have you found a workaround to detect those vulnerabilities?

I tried to reproduce the issue, but creating a component with the same PURL correctly found the vulnerability. I just found that I miss multiple GHSA for another component, and...

Hi @pregress, do you have OSS Index analyzer enabled? I see that problem seems to be due to OSS Index: https://ossindex.sonatype.org/component/pkg:nuget/System.Text.Json I contacted them to request correction.

@josundt I contacted via the [💬 Report advisory or correction](https://ossindex.sonatype.org/doc/report-vulnerability) link, asking to: > ## Missing or Incorrect Advisory > To report an advisory missing from OSS Index, or a...

Hi @Willimaendu, I was in contact with them, they asked for recommended corrections. No update since. I sent them a reminder today.

No, so my next step will be to check what it detects, as it appears to only report false positives.

I also started a [GitHub Community discussion](https://github.com/orgs/community/discussions/161334) as it will be effort less to find all advisories in the global list :)

I found the repository [github/advisory-database](https://github.com/github/advisory-database). Therefore, I understand ThreadX is not part of [supported ecosystems](https://github.com/github/advisory-database?tab=readme-ov-file#supported-ecosystems), as Dependency-Track ;)

Hi kukwaa, [OSS Index reports it as vulnerable](https://ossindex.sonatype.org/component/pkg:npm/[email protected]), so the issue comes from Sonatype if you use it, do you?