Thank you for your answer! I still have another two questions: for CVE-2021-43818 exists a page with information about the vulnerable package, lxml. It is written that the package is vulnerable and there is no fix. This is the download link for one of the vulnerable version: http://security-cdn.debian.org/pool/main/l/lxml/python-lxml_3.7.1-1+deb9u3_arm64.deb So why doesn't this cve exist in the json file?
Another example is CVE-2021-2166. It is written that the package is vulnerable and there is no fix. This is the download link for one of the vulnerable version: http://security-cdn.debian.org/pool/main/m/mariadb-10.3/mariadb-server-10.3_10.3.25-0+deb10u1_i386.deb mysql-8.0 is vulnerable and no fixed exists and still the cve doesn't exist in the json file. > On 27 Dec 2021, at 14:00, Adi Matalon <[email protected]> > wrote: > > Thank you for your answer! > I still have another two questions: > > for CVE-2021-43818 exists a page with information about the vulnerable > package, lxml. > It is written that the package is vulnerable and there is no fix. > This is the download link for one of the vulnerable version: > http://security-cdn.debian.org/pool/main/l/lxml/python-lxml_3.7.1-1+deb9u3_arm64.deb > So why doesn't this cve exist in the json file? > > Another example is CVE-2021-2166. > It is written that the package is vulnerable and there is no fix. > This is the download link for one of the vulnerable version: > http://security-cdn.debian.org/pool/main/m/mariadb-10.3/mariadb-server-10.3_10.3.25-0+deb10u1_i386.deb > mysql-8.0 is vulnerable and no fixed exists and still the cve doesn't exist > in the json file.
