Get more details on match suggestion
You can assess the likelihood that this is the correct match by viewing the trend of reported vulnerabilities over time and the known versions for this match suggestion. Multiple matches that have a trend of reported vulnerabilities and that match your dependency’s versions (or at least version formats) are considered stronger matches.
Match details modal sections
Reported vulnerabilities over time
Multiple matches that have a trend of reported vulnerabilities indicate that this is a frequently-used dependency. If you don’t see many reported vulnerabilities over time, it is likely that this is not the correct match. Check that the dependency’s versions (or at least version formats) are considered strong matches.
Known versions
These are the known versions for this suggested match that are coming from the CVE vulnerability ID. Check that your dependency’s versions (or at least version formats) match these.
Last updated