Total CVEsβ
Criticalβclick to filter β
High βclick to filter β
Medium β click to filter β
Low β click to filter β
Packagesβ
How is Risk Score calculated?
Risk Score
Focuses on recent activity (last 24 months) weighted by severity:
- Critical CVE = 4 points
- High CVE = 2 points
- Medium CVE = 1 point
- Low CVE = 0 points
A component with 300 old CVEs that have all been patched scores 0. One actively receiving critical CVEs scores high.
Trend
Compares CVE activity in the last 12 months vs the prior 12 months:
- β Increasing β more CVEs recently, worsening
- β Decreasing β fewer CVEs recently, improving
- β Stable β no change
Min Safe Version
The highest fixed version referenced across all CVEs for that package. β No fix means OSV records no fixed version for one or more CVEs.