unexpected results for a specific commit ID

21 views
Skip to first unread message

Egon Kocjan

unread,
Apr 28, 2025, 1:56:41 PMApr 28
to osv-discuss
Hi

When running OSV Scanner 2.0.1 on this osv-scanner.json lockfile:

{"results":[{"source":{},"packages":[{"package":{"name":"https://github.com/jquery/jquery-mou...@3.0.6","commit":"a06ef4e1a127795606642c55e22d4f2945edc061"}}]}]}

I get many CVEs for a seemingly unrelated project https://github.com/librenms/librenms, for example https://osv.dev/vulnerability/CVE-2024-47523

Is there any info how vulns are tagged with commit IDs? This one looks like it's not tagged correctly.

Regards
Egon


Egon Kocjan

unread,
Apr 29, 2025, 5:04:24 PMApr 29
to osv-discuss
Sorry for spam (I missed github repo), posted issue here instead:
Reply all
Reply to author
Forward
0 new messages