SecurityVulnerability

An individual vulnerability within an Advisory

Fields

advisory (SecurityAdvisory!)

The Advisory associated with this Vulnerability

firstPatchedVersion (SecurityAdvisoryPackageVersion)

The first version containing a fix for the vulnerability

package (SecurityAdvisoryPackage!)

A description of the vulnerable package

severity (SecurityAdvisorySeverity!)

The severity of the vulnerability within this package

updatedAt (DateTime!)

When the vulnerability was last updated

vulnerableVersionRange (String!)

A string that describes the vulnerable package versions. This string follows a basic syntax with a few forms.

  • = 0.2.0 denotes a single vulnerable version.
  • <= 1.0.8 denotes a version range up to and including the specified version
  • < 0.1.11 denotes a version range up to, but excluding, the specified version
  • >= 4.3.0, < 4.3.5 denotes a version range with a known minimum and maximum version.
  • >= 0.0.1 denotes a version range with a known minimum, but no known maximum