google
`Fix available` tags are not accurate when multiple ecosystems are combined together
The vulnerability list page on OSV.dev currently displays a Fix available tag for vulnerabilities if at least one affected package has a fix. But when filtering vulnerabilities by a specific ecosystem, the Fix available tag remains the same even if the fix is only available for a package in a different ecosystem. It would be more accurate to display the Fix available tag based on the currently selected ecosystem filter.
Example: https://osv.dev/vulnerability/CVE-2024-43374 (no fix for Debian)
This issue has not had any activity for 60 days and will be automatically closed in two weeks
See https://github.com/google/osv.dev/blob/master/CONTRIBUTING.md for how to contribute a PR if you're interested in helping out.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}