vulnerablecode icon indicating copy to clipboard operation
vulnerablecode copied to clipboard
verified publisher icon nexB

Conflicting advisories

Open TG1999 opened this issue 7 months ago • 0 comments

While working on advisory rearchitecture I was easily able to see conflicting advisories talking about same vulnerability but with different version ranges.

  • https://github.com/advisories/GHSA-cf66-xwfp-gvc4
  • https://github.com/nodejs/security-wg/blob/main/vuln/npm/485.json
  • https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/webpack-dev-server/CVE-2018-14732.yml
  • https://nvd.nist.gov/vuln/detail/CVE-2018-14732#range-14726889

Gitlab and NVD says this vulnerability is fixed by 3.1.6 and NPM and GHSA says it's fixed by 3.1.11 reporting 3.1.6 as vulnerable too.

TG1999 avatar Jun 02 '25 13:06 TG1999