CVE-2024-7646 is missing from the DB

Hi,

I"m just wondering why this CVE isn’t in the DB yet? it was release more than 10 days ago and the grype db has been updated since then

Can anyone explain please?

you can use the command
grype db search CVE-2024-7646
and you will find it exists :slight_smile:

the command is available from grype version v0.80.0

1 Like

Hi @Gradge,

Is there a scan where you were expecting to find this CVE matched by grype? Can you tell me a little more about what you were expecting to find?

The NVD record is currently awaiting analysis. It is included in Grype DB because Anchore has added CPEs for it to our own records, since NVD hasn’t analyzed it yet.

Sorry i forgot i was using a cached DB once it was updated i saw the CVE was there, no it wasn’t part of a scan so right now there is no issue.
False alarm

But i was wondering how does Grype handle cases where there is no NVD confirmation so thanks for answering that too @willmurphy