thomasredlin

Any update on this? With ``` 7 ``` I also just noticed that some vulnerabilities in the report get suppressed because CVSSv2 is below 7 **although** CVSSv3 is above 7...

@aikebah You're right. Unfortunately, the case where a CVE was unscored and later on received a score below 7 happened much more often. I guess a more severe or critical...

However, I still want to provide examples where a CVE was unscored at first, sometimes with no textual description to help triage, or links to actually understand the problem. (You...

I can also confirm that the issue is fixed with the 8.9 nightly `8.9-20240607003743+0000`, so it will probably be included in 8.9 RC's and the upcoming Gradle 8.9.

lz4 is now `at.yawk.lz4:lz4-java` with a patch for CVE‐2025‐12183 (8.8/10) See: https://nvd.nist.gov/vuln/detail/CVE-2025-12183 https://ossindex.sonatype.org/vulnerability/CVE-2025-12183 https://github.com/yawkat/lz4-java