Skip to content

OWASP/cve-lite-cli

v1.5.3 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 1mo Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

security cve javascript nodejs owasp security-tools

Summary

AI summary

Updates Validation, critical, and high across a mixed release.

Full changelog

Fixed

  • CVSS vector strings (e.g. `CVSS:3.1/AV:N/...`) were misclassified as low severity because the version number in the prefix (`3.1`) was extracted by the score parser and treated as a base score. All CVSS_V3-backed advisories now fall through to `database_specific.severity` and report the correct label. Packages like `crypto-js` (critical) and `braces` (high) were previously silently under-reported.

Changed

  • condensed README and extracted detailed content into standalone docs: offline advisory DB guide, CI integration guide, architecture overview, comparison guide, roadmap, troubleshooting, and parser coverage matrix
  • docs site updated with SEO meta tags, Open Graph, Twitter Card, JSON-LD structured data, Free/Local/Fast hero pillars, badge section, and GitHub icon nav link
  • screenshots shown side-by-side with click-to-enlarge
  • removed unimplemented SARIF claims from all docs and comparison tables

Validation

  • npm test
  • npm run build
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track OWASP/cve-lite-cli

Get notified when new releases ship.

Sign up free

About OWASP/cve-lite-cli

All releases →

Related context

Beta — feedback welcome: [email protected]