cve-bin-tool icon indicating copy to clipboard operation
cve-bin-tool copied to clipboard
verified publisher icon intel

bug: HTML report does not include all CVEs correctly

Open stjen opened this issue 1 year ago • 1 comments

Description

The HTML report generation does not correctly include all CVEs for a specific product in a specific version.

When comparing to vulnerability.json, the issues are not found in the "all" tab, nor the print mode (see below)

image

image

They are however present in the HTML report, but hidden under the "New" tab:

image

To reproduce

I can reproduce it on our codebase, but also with the attached vulnerability.json file:

  1. cve-bin-tool -S high --detailed -l info --affected-versions -i vulnerability.json --offline -f html -o vulnerability.html

Expected behaviour:

All CVE's visible in print mode

Actual behaviour:

No CVE's visible in print mode

Version/platform info

Version of CVE-bin-tool( e.g. output of cve-bin-tool --version): Verified in cve-bin-tool 3.3 and 3.4 Installed from pypi or github? Pypi Operating system: Linux and Mac Python version (e.g. python3 --version): Python 3.12.3 Running in any particular CI environment we should know about? No

Anything else?

The file to recreate the issue, which was originally created with the command cve-bin-tool -S high --detailed -l info --affected-versions mac_build/bin/* -f json,html -o vulnerability.html

vulnerability.json

stjen avatar Sep 24 '24 10:09 stjen

Thanks. Not sure what's going on here, but that's definitely a bug.

terriko avatar Sep 24 '24 16:09 terriko

I am looking into this issue.

Arnavk194 avatar Mar 10 '25 13:03 Arnavk194