Skip to content

OWASP/cve-lite-cli

v1.5.4 Bugfix

This release fixes issues for SREs watching stability and regressions.

Published 1mo Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

security cve javascript nodejs owasp security-tools

Summary

AI summary

Fixed validation table rendering and transitive finding duplication issues

Full changelog

Fixed

  • OSV `MODERATE` severity label now correctly maps to `medium` — packages like `got` and `micromatch` were previously classified as `unknown` and excluded from the default medium+ findings table
  • Validation table (Package / Current / Recommended target / Versions scanned / Still known vulnerable) now renders for urgent (high/critical) direct fix sections; it was missing after packages were reclassified from low to high by the CVSS vector fix in v1.5.3
  • Transitive findings without a parent upgrade path no longer appear in the no-auto-fix section; they are already covered by fix plan step 2, so the duplication was confusing

Changed

  • Renamed "Not included automatically" to "No auto-fix command available for these direct dependencies" to accurately describe what is shown

Validation

  • npm test
  • npm run build
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track OWASP/cve-lite-cli

Get notified when new releases ship.

Sign up free

About OWASP/cve-lite-cli

All releases →

Related context

Beta — feedback welcome: [email protected]