Visual Studio NuGet says I have 3 vulnerable packages, then shows me 0
So NuGet says I have 3 vulnerable packages. But when I then ask for a listing of the vulnerable packages, I get 0. What is going on here?
Update: And it gets weirder. I updated Visual Studio and now:
- Looking at NuGet for the solution it says I have 1 vulnerable package, but shows 0.
- Looking at NuGet for my main web project it says I have 5 vulnerable packages - and shows all 5.
So clearly there's some bugs around this in the latest Visual Studio pre-release.
Ways to check risk:
dotnet list package --vulnerable
or (including transitive packages):
dotnet list package --vulnerable --include-transitive
If there is really some risk packages there, then you will get:
NuGet obtains its information regarding Common Vulnerabilities and Exposures (CVE) and GitHub Security Advisories (GHSA) directly from the centralized GitHub Advisory Database. This database provides listings of known vulnerabilities, where a CVE is a list of publicly disclosed computer security flaws, and a GHSA is a GitHub Security Advisory. Nuget package management risk report based on this.
So if you couldn't find the risk packages via the command, then it s believed that the situation you encountered is caused by temporary issue of Visual Studio preview version.
- Can Someone explain the Purpose of the different Build Actions in VS 2008?
- How do I port code that contains #pragma optimize( "a" ) from VC++7 to VC++9?
- Compiler Error for unknown reasons (C++)
- x86 MUL Instruction from VS 2008/2010
- Duplicate characters when typing in VS 2022 .cs page
- Data not aligned correctly in Visual Studio if run in debugger
- Is there a format code shortcut for Visual Studio?
- Is there a way to drag & drop to copy files between two visual studio instances?
- Order of Using Directives in C# - Alphabetically
- Visual Studio 2008 - jump to line number shortcut
- What is Inline Frame in c++/VS?
- New tuple syntax not working in C# version 7
- "No tests found to run" Xunit test not detected in Test explorer, Visual Studio 2022
- How can I make control+click do a "Go To Definition"?
- Access ComboBox.SelectedItem from a different form
- Is there a quick way to navigate to the underlying object of a variable in Visual Studio?
- What is this Icon in the Visual Studio 2008 debugger strip?
- How to stop Visual Studio from adding IIS Express to launchsettings
- How to use MapStaticAssets if upgrading from .NET 8
- Why Doesn't the Visual Studio 2010 Debugger See static const Class Members?
- Visual Studio 2015 Ctrl + D (code duplication) not working (keyboard shortcut scheme issue with Resharper)
- How to disable warnings at solution level in .NET projects
- How to use Obfuscar in the publish process of .NET Applications
- Compile SFML with /MT flag in Visual Studio
- Getting a certificate error whenever i run any web app in visual studio 2022
- Cannot open source file gtest/gtest.h
- How do I generate a constructor from class fields using Visual Studio (and/or ReSharper)?
- VS 2022 errors ENC0020, ENC0021 even though code changes were made prior to starting debug session
- Visual Studio Docker Project outside Visual Studio gives Empty reply from server
- VS 2008 C++ build output?