Feat: NuGet Scanner (#686 )

* Initial nuget advisory detector code. Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * Added nuget package to scan.go Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * Removed nuget advisory file and instead added csharp/nuget as a driver in driver.go. Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * Removed nuget package from driver. Added ghasnuget as a source in vulnerability.go Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * Updated nuget driver to use correct name and to initialize with the new generic scanner. Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * refactor: cut out to a separate method * chore(mod): update trivy-db * fix(driver): add a general driver * test(ghsa): add nuget * chore: update README Co-authored-by: knqyf263 <knqyf263@gmail.com>
feat(cache): support Redis (#770 )
2025-12-11 07:10:49 -08:00 · 2020-12-21 10:17:15 +02:00 · 2020-12-21 08:26:19 +02:00 · 2020-12-18 07:52:13 +02:00 · 2020-12-17 17:27:36 +02:00 · 2020-12-17 15:35:11 +02:00
85 changed files with 62837 additions and 8152 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -13,16 +13,6 @@ jobs:
    <<: *defaults
    steps:
      - checkout
-      - run:
-          name: Check if there's anything to fix with gofmt
-          command: |
-            if test -z "$(gofmt -l .)"; then
-              echo "Congrats! There is nothing to fix."
-            else
-              echo "The following lines should be fixed."
-              gofmt -s -d .
-              exit 1
-            fi
      - run:
          name: Test
          command: make test
--- a/README.md
+++ b/README.md
@@ -4,9 +4,9 @@
 [![GitHub release](https://img.shields.io/github/release/aquasecurity/trivy.svg)](https://github.com/aquasecurity/trivy/releases/latest)
 [![CircleCI](https://circleci.com/gh/aquasecurity/trivy.svg?style=svg)](https://circleci.com/gh/aquasecurity/trivy)
 [![Go Report Card](https://goreportcard.com/badge/github.com/aquasecurity/trivy)](https://goreportcard.com/report/github.com/aquasecurity/trivy)
-[![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/aquasecurity/trivy/blob/master/LICENSE)
+[![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/aquasecurity/trivy/blob/main/LICENSE)
 [![Docker image](https://images.microbadger.com/badges/version/aquasec/trivy.svg)](https://microbadger.com/images/aquasec/trivy "Get your own version badge on microbadger.com")
-[![codecov](https://codecov.io/gh/aquasecurity/trivy/branch/master/graph/badge.svg)](https://codecov.io/gh/aquasecurity/trivy)
+[![codecov](https://codecov.io/gh/aquasecurity/trivy/branch/main/graph/badge.svg)](https://codecov.io/gh/aquasecurity/trivy)

 A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI.

@@ -23,6 +23,7 @@ A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifa
  * [Debian/Ubuntu](#debianubuntu)
  * [Arch Linux](#arch-linux)
  * [Homebrew](#homebrew)
+  * [Nix/NixOS](#nixnixos)
  * [Install Script](#install-script)
  * [Binary](#binary)
  * [From source](#from-source)
@@ -54,6 +55,7 @@ A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifa
    + [Specify exit code](#specify-exit-code)
    + [Ignore the specified vulnerabilities](#ignore-the-specified-vulnerabilities)
    + [Specify cache directory](#specify-cache-directory)
+    + [Specify cache backend](#specify-cache-backend)
    + [Clear caches](#clear-caches)
    + [Reset](#reset)
    + [Use lightweight DB](#use-lightweight-db)
@@ -100,7 +102,7 @@ See [here](#continuous-integration-ci) for details.

 - Detect comprehensive vulnerabilities
  - OS packages (Alpine, **Red Hat Universal Base Image**, Red Hat Enterprise Linux, CentOS, Oracle Linux, Debian, Ubuntu, Amazon Linux, openSUSE Leap, SUSE Enterprise Linux, Photon OS and Distroless)
-  - **Application dependencies** (Bundler, Composer, Pipenv, Poetry, npm, yarn and Cargo)
+  - **Application dependencies** (Bundler, Composer, Pipenv, Poetry, npm, yarn, Cargo and NuGet)
 - Simple
  - Specify only an image name or artifact name
  - See [Quick Start](#quick-start) and [Examples](#examples)
@@ -125,7 +127,7 @@ See [here](#continuous-integration-ci) for details.
  - local filesystem
  - remote git repository

-Please see [LICENSE](https://github.com/aquasecurity/trivy/blob/master/LICENSE) for Trivy licensing information. Note that Trivy uses vulnerability information from a variety of sources, some of which are licensed for non-commercial use only.
+Please see [LICENSE](https://github.com/aquasecurity/trivy/blob/main/LICENSE) for Trivy licensing information. Note that Trivy uses vulnerability information from a variety of sources, some of which are licensed for non-commercial use only.

 # Installation

@@ -191,11 +193,24 @@ You can use homebrew on macOS and Linux.
 $ brew install aquasecurity/trivy/trivy
 ```

+## Nix/NixOS
+
+You can use nix on Linux or macOS and on others unofficially.
+
+Note that trivy is currently only in the unstable channels.
+
+```
+$ nix-env --install trivy
+```
+
+Or through your configuration on NixOS or with home-manager as usual
+
+
 ## Install Script
 This script downloads Trivy binary based on your OS and architecture.

 ```
-$ curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b /usr/local/bin
+$ curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
 ```

 ## Binary
@@ -319,7 +334,7 @@ Scan your container from inside the container.

 ```
 $ docker run --rm -it alpine:3.11
-/ # curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b /usr/local/bin
+/ # curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
 / # trivy fs /
 ```

@@ -331,7 +346,7 @@ $ cat Dockerfile
 FROM alpine:3.7

 RUN apk add curl \
-    && curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b /usr/local/bin \
+    && curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
    && trivy filesystem --exit-code 1 --no-progress /

 $ docker build -t vulnerable-image .
@@ -630,7 +645,7 @@ $ trivy image --input /path/to/alpine

 ```
 $ docker run --rm -it alpine:3.10.2
-/ # curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b /usr/local/bin
+/ # curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
 / # trivy fs /
 ```

@@ -715,7 +730,7 @@ $ cat Dockerfile
 FROM alpine:3.7

 RUN apk add curl \
-    && curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b /usr/local/bin \
+    && curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin \
    && trivy filesystem --exit-code 1 --no-progress /

 $ docker build -t vulnerable-image .
@@ -728,7 +743,7 @@ $ docker build -t vulnerable-image .
 Sending build context to Docker daemon  31.14MB
 Step 1/2 : FROM alpine:3.7
 ---> 6d1ef012b567
-Step 2/2 : RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b /usr/local/bin && trivy filesystem --exit-code 1 --no-progress /
+Step 2/2 : RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin && trivy filesystem --exit-code 1 --no-progress /
 ---> Running in 27b004205da0
 2020-06-01T14:10:41.261Z        INFO    Need to update DB
 2020-06-01T14:10:41.262Z        INFO    Downloading DB...
@@ -1317,6 +1332,21 @@ Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
 $ trivy --cache-dir /tmp/trivy/ image python:3.4-alpine3.9
 ```

+### Specify cache backend
+[EXPERIMENTAL] This feature might change without preserving backwards compatibility.
+
+Trivy supports local filesystem and Redis as the cache backend. This option is useful especially for client/server mode.
+
+Two options:
+- `fs` 
+  - the cache path can be specified by `--cache-dir`
+- `redis://`
+  - `redis://[HOST]:[PORT]`
+
+```
+$ trivy server --cache-backend redis://localhost:6379
+```
+
 ### Clear caches

 The `--clear-cache` option removes caches. This option is useful if the image which has the same tag is updated (such as when using `latest` tag).
@@ -1459,7 +1489,7 @@ Since in automated scenarios such as CI/CD you are only interested in the end re

 ## GitHub Actions

- Here is the [Trivy Github Action](https://github.com/aquasecurity/trivy-action) (currently Experimental)
+- Here is the [Trivy Github Action](https://github.com/aquasecurity/trivy-action)
 - The Microsoft Azure team have written a [container-scan action](https://github.com/Azure/container-scan) that uses Trivy and Dockle
 - For full control over the options specified to Trivy, this [blog post](https://blog.aquasec.com/devsecops-with-trivy-github-actions) describes adding Trivy into your own GitHub action workflows 

@@ -1671,10 +1701,12 @@ Distroless: https://github.com/GoogleContainerTools/distroless
  - yarn.lock
 - Rust
  - Cargo.lock
+- .NET
+  - packages.lock.json

 The path of these files does not matter.

-Example: https://github.com/aquasecurity/trivy-ci-test/blob/master/Dockerfile
+Example: https://github.com/aquasecurity/trivy-ci-test/blob/main/Dockerfile

 ## Image Tar format
 Trivy scans a tar image with the following format.
@@ -1702,6 +1734,8 @@ Trivy scans a tar image with the following format.
  - https://github.com/advisories?query=ecosystem%3Anpm
 - Rust
  - https://github.com/RustSec/advisory-db
+- .NET
+  - https://github.com/advisories?query=ecosystem%3Anuget

 # Usage
 Trivy has several sub commands, image, fs, repo, client and server.
@@ -1842,7 +1876,7 @@ However, the purpose of this database is to make it possible to know what packag
 As README says, it is not a complete database of all security issues in Alpine.

 `Trivy` collects vulnerability information in Alpine Linux from [Alpine Linux aports repository](https://gitlab.alpinelinux.org/alpine/aports).
-Then, those vulnerabilities will be saved on [vuln-list](https://github.com/aquasecurity/vuln-list/tree/master/alpine).
+Then, those vulnerabilities will be saved on [vuln-list](https://github.com/aquasecurity/vuln-list/tree/main/alpine).

 `alpine-secdb` has 6959 vulnerabilities (as of 2019/05/12).
 `vuln-list` has 11101 vulnerabilities related to Alpine Linux (as of 2019/05/12).
--- a/ci/deploy-deb.sh
+++ b/ci/deploy-deb.sh
@@ -19,4 +19,4 @@ done

 git add .
 git commit -m "Update deb packages"
-git push origin master
+git push origin main
--- a/ci/deploy-rpm.sh
+++ b/ci/deploy-rpm.sh
@@ -23,5 +23,5 @@ done

 git add .
 git commit -m "Update rpm packages"
-git push origin master
+git push origin main

--- a/contrib/Trivy.gitlab-ci.yml
+++ b/contrib/Trivy.gitlab-ci.yml
@@ -13,7 +13,7 @@ Trivy_container_scanning:
    - export TRIVY_VERSION=${TRIVY_VERSION:-v0.4.3}
    - apk add --no-cache curl docker-cli
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
-    - curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b /usr/local/bin ${TRIVY_VERSION}
+    - curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin ${TRIVY_VERSION}
    - curl -sSL -o /tmp/trivy-gitlab.tpl https://github.com/aquasecurity/trivy/raw/${TRIVY_VERSION}/contrib/gitlab.tpl
  script:
    - trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@/tmp/trivy-gitlab.tpl" -o gl-container-scanning-report.json $IMAGE
--- a/contrib/html.tpl
+++ b/contrib/html.tpl
@@ -0,0 +1,123 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+{{- if . }}
+    <style>
+      * {
+        font-family: Arial, Helvetica, sans-serif;
+      }
+      h1 {
+        text-align: center;
+      }
+      .group-header th {
+        font-size: 200%;
+      }
+      .sub-header th {
+        font-size: 150%;
+      }
+      table, th, td {
+        border: 1px solid black;
+        border-collapse: collapse;
+        white-space: nowrap;
+        padding: .3em;
+      }
+      table {
+        margin: 0 auto;
+      }
+      .severity {
+        text-align: center;
+        font-weight: bold;
+        color: #fafafa;
+      }
+      .severity-LOW .severity { background-color: #5fbb31; }
+      .severity-MEDIUM .severity { background-color: #e9c600; }
+      .severity-HIGH .severity { background-color: #ff8800; }
+      .severity-CRITICAL .severity { background-color: #e40000; }
+      .severity-UNKNOWN .severity { background-color: #747474; }
+      .severity-LOW { background-color: #5fbb3160; }
+      .severity-MEDIUM { background-color: #e9c60060; }
+      .severity-HIGH { background-color: #ff880060; }
+      .severity-CRITICAL { background-color: #e4000060; }
+      .severity-UNKNOWN { background-color: #74747460; }
+      table tr td:first-of-type {
+        font-weight: bold;
+      }
+      .links a,
+      .links[data-more-links=on] a {
+        display: block;
+      }
+      .links[data-more-links=off] a:nth-of-type(1n+5) {
+        display: none;
+      }
+      a.toggle-more-links { cursor: pointer; }
+    </style>
+    <title>{{- escapeXML ( index . 0 ).Target }} - Trivy Report - {{ getCurrentTime }}</title>
+    <script>
+      window.onload = function() {
+        document.querySelectorAll('td.links').forEach(function(linkCell) {
+          var links = [].concat.apply([], linkCell.querySelectorAll('a'));
+          [].sort.apply(links, function(a, b) {
+            return a.href > b.href ? 1 : -1;
+          });
+          links.forEach(function(link, idx) {
+            if (links.length > 3 && 3 === idx) {
+              var toggleLink = document.createElement('a');
+              toggleLink.innerText = "Toggle more links";
+              toggleLink.href = "#toggleMore";
+              toggleLink.setAttribute("class", "toggle-more-links");
+              linkCell.appendChild(toggleLink);
+            }
+            linkCell.appendChild(link);
+          });
+        });
+        document.querySelectorAll('a.toggle-more-links').forEach(function(toggleLink) {
+          toggleLink.onclick = function() {
+            var expanded = toggleLink.parentElement.getAttribute("data-more-links");
+            toggleLink.parentElement.setAttribute("data-more-links", "on" === expanded ? "off" : "on");
+            return false;
+          };
+        });
+      };
+    </script>
+  </head>
+  <body>
+    <h1>{{- escapeXML ( index . 0 ).Target }} - Trivy Report - {{ getCurrentTime }}</h1>
+    <table>
+    {{- range . }}
+      <tr class="group-header"><th colspan="6">{{ escapeXML .Type }}</th></tr>
+      {{- if (eq (len .Vulnerabilities) 0) }}
+      <tr><th colspan="6">No Vulnerabilities found</th></tr>
+      {{- else }}
+      <tr class="sub-header">
+        <th>Package</th>
+        <th>Vulnerability ID</th>
+        <th>Severity</th>
+        <th>Installed Version</th>
+        <th>Fixed Version</th>
+        <th>Links</th>
+      </tr>
+        {{- range .Vulnerabilities }}
+      <tr class="severity-{{ escapeXML .Vulnerability.Severity }}">
+        <td class="pkg-name">{{ escapeXML .PkgName }}</td>
+        <td>{{ escapeXML .VulnerabilityID }}</td>
+        <td class="severity">{{ escapeXML .Vulnerability.Severity }}</td>
+        <td class="pkg-version">{{ escapeXML .InstalledVersion }}</td>
+        <td>{{ escapeXML .FixedVersion }}</td>
+        <td class="links" data-more-links="off">
+          {{- range .Vulnerability.References }}
+          <a href={{ escapeXML . | printf "%q" }}>{{ escapeXML . }}</a>
+          {{- end }}
+        </td>
+      </tr>
+        {{- end }}
+      {{- end }}
+    {{- end }}
+    </table>
+{{- else }}
+  </head>
+  <body>
+    <h1>Trivy Returned Empty Report</h1>
+{{- end }}
+  </body>
+</html>
--- a/go.mod
+++ b/go.mod
@@ -4,17 +4,18 @@ go 1.15

 require (
 	github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986
-	github.com/aquasecurity/fanal v0.0.0-20201129085323-d57dde147ddc
+	github.com/aquasecurity/fanal v0.0.0-20201218050947-981a0510f9cb
 	github.com/aquasecurity/go-dep-parser v0.0.0-20201028043324-889d4a92b8e0
 	github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce
 	github.com/aquasecurity/go-npm-version v0.0.0-20201110091526-0b796d180798
 	github.com/aquasecurity/go-version v0.0.0-20201115065329-578079e4ab05
-	github.com/aquasecurity/trivy-db v0.0.0-20201117092632-b09c30858fc2
+	github.com/aquasecurity/trivy-db v0.0.0-20201221070121-47d2cc0d7b58
 	github.com/caarlos0/env/v6 v6.0.0
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/cheggaaa/pb/v3 v3.0.3
 	github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7
 	github.com/docker/go-connections v0.4.0
+	github.com/go-redis/redis/v8 v8.4.0
 	github.com/golang/protobuf v1.4.2
 	github.com/google/go-containerregistry v0.0.0-20200331213917-3d03ed9b1ca2
 	github.com/google/go-github/v28 v28.1.1
@@ -35,5 +36,6 @@ require (
 	go.uber.org/zap v1.13.0
 	golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43
 	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
+	google.golang.org/protobuf v1.25.0
 	k8s.io/utils v0.0.0-20201005171033-6301aaf42dc7
 )
--- a/go.sum
+++ b/go.sum
@@ -83,12 +83,16 @@ github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7 h1:uSoVVbwJiQipAclBb
 github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a h1:HbKu58rmZpUGpz5+4FfNmIU+FmZg2P3Xaj2v2bfNWmk=
+github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc=
+github.com/alicebob/miniredis/v2 v2.14.1 h1:GjlbSeoJ24bzdLRs13HoMEeaRZx9kg5nHoRW7QV/nCs=
+github.com/alicebob/miniredis/v2 v2.14.1/go.mod h1:uS970Sw5Gs9/iK3yBg0l9Uj9s25wXxSpQUE9EaJ/Blg=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986 h1:2a30xLN2sUZcMXl50hg+PJCIDdJgIvIbVcKqLJ/ZrtM=
 github.com/aquasecurity/bolt-fixtures v0.0.0-20200903104109-d34e7f983986/go.mod h1:NT+jyeCzXk6vXR5MTkdn4z64TgGfE5HMLC8qfj5unl8=
-github.com/aquasecurity/fanal v0.0.0-20201129085323-d57dde147ddc h1:t0RHZpPaBCihIg6MZvgzRNMaYbTc97gqdrTgTQAnw8A=
-github.com/aquasecurity/fanal v0.0.0-20201129085323-d57dde147ddc/go.mod h1:f0nFZptUaL8ivi5soRDlYnJYFdY0anxlYe4K4z9EGxs=
+github.com/aquasecurity/fanal v0.0.0-20201218050947-981a0510f9cb h1:T48y/j2wvl/xPX2IyV0ogFq+GeCLY+3548awySrUaJU=
+github.com/aquasecurity/fanal v0.0.0-20201218050947-981a0510f9cb/go.mod h1:arUN1lJnuAWLL0PUQ/UYrkAomU/Mby+gCXJMU90GHlA=
 github.com/aquasecurity/go-dep-parser v0.0.0-20201028043324-889d4a92b8e0 h1:cLH3SebzhbJ+jU1GIad8A1N8p7m7OjHhtY6JePISiVc=
 github.com/aquasecurity/go-dep-parser v0.0.0-20201028043324-889d4a92b8e0/go.mod h1:X42mTIRhgPalSm81Om2kD+3ydeunbC8TZtZj1bvgRo8=
 github.com/aquasecurity/go-gem-version v0.0.0-20201115065557-8eed6fe000ce h1:QgBRgJvtEOBtUXilDb1MLi1p1MWoyFDXAu5DEUl5nwM=
@@ -101,8 +105,8 @@ github.com/aquasecurity/go-version v0.0.0-20201115065329-578079e4ab05 h1:q0ZpFBj
 github.com/aquasecurity/go-version v0.0.0-20201115065329-578079e4ab05/go.mod h1:9Beu8XsUNNfzml7WBf3QmyPToP1wm1Gj/Vc5UJKqTzU=
 github.com/aquasecurity/testdocker v0.0.0-20200426142840-5f05bce6f12a h1:hsw7PpiymXP64evn/K7gsj3hWzMqLrdoeE6JkqDocVg=
 github.com/aquasecurity/testdocker v0.0.0-20200426142840-5f05bce6f12a/go.mod h1:psfu0MVaiTDLpNxCoNsTeILSKY2EICBwv345f3M+Ffs=
-github.com/aquasecurity/trivy-db v0.0.0-20201117092632-b09c30858fc2 h1:AXA9aW464copH1GTKv35yCwztJsqDVZWKfCtBuMpI9U=
-github.com/aquasecurity/trivy-db v0.0.0-20201117092632-b09c30858fc2/go.mod h1:+3+NEz0U0NCgO87Cyk0dy3SwH7CI6J4HUeCqqPj1fvQ=
+github.com/aquasecurity/trivy-db v0.0.0-20201221070121-47d2cc0d7b58 h1:TQXXGc1pi2gdRhQYZxib3xBoV64ORC7yllCndZkrf80=
+github.com/aquasecurity/trivy-db v0.0.0-20201221070121-47d2cc0d7b58/go.mod h1:+3+NEz0U0NCgO87Cyk0dy3SwH7CI6J4HUeCqqPj1fvQ=
 github.com/aquasecurity/vuln-list-update v0.0.0-20191016075347-3d158c2bf9a2 h1:xbdUfr2KE4THsFx9CFWtWpU91lF+YhgP46moV94nYTA=
 github.com/aquasecurity/vuln-list-update v0.0.0-20191016075347-3d158c2bf9a2/go.mod h1:6NhOP0CjZJL27bZZcaHECtzWdwDDm2g6yCY0QgXEGQQ=
 github.com/araddon/dateparse v0.0.0-20190426192744-0d74ffceef83/go.mod h1:SLqhdZcd+dF3TEVL2RMoob5bBP5R1P1qkox+HtCBgGI=
@@ -123,6 +127,8 @@ github.com/caarlos0/env/v6 v6.0.0/go.mod h1:+wdyOmtjoZIW2GJOc2OYa5NoOFuWD/bIpWqm
 github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
 github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
+github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cheggaaa/pb/v3 v3.0.3 h1:8WApbyUmgMOz7WIxJVNK0IRDcRfAmTxcEdi0TuxjdP4=
 github.com/cheggaaa/pb/v3 v3.0.3/go.mod h1:Pp35CDuiEpHa/ZLGCtBbM6CBwMstv1bJlG884V+73Yc=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
@@ -160,6 +166,8 @@ github.com/deckarep/golang-set v1.7.1 h1:SCQV0S6gTtp6itiFrTqI+pfmJ4LN85S1YzhDf9r
 github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
 github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
 github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017 h1:2HQmlpI3yI9deH18Q6xiSOIjXD4sLI55Y/gfpa8/558=
 github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
@@ -204,6 +212,8 @@ github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjr
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
 github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
+github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/ghodss/yaml v0.0.0-20180820084758-c7ce16629ff4/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
@@ -245,6 +255,8 @@ github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD87
 github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
 github.com/go-redis/redis v6.15.7+incompatible h1:3skhDh95XQMpnqeqNftPkQD9jL9e5e36z/1SUm6dy1U=
 github.com/go-redis/redis v6.15.7+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
+github.com/go-redis/redis/v8 v8.4.0 h1:J5NCReIgh3QgUJu398hUncxDExN4gMOHI11NVbVicGQ=
+github.com/go-redis/redis/v8 v8.4.0/go.mod h1:A1tbYoHSa1fXwN+//ljcCYYJeLmVrwL9hbQN45Jdy0M=
 github.com/go-restruct/restruct v0.0.0-20191227155143-5734170a48a1 h1:LoN2wx/aN8JPGebG+2DaUyk4M+xRcqJXfuIbs8AWHdE=
 github.com/go-restruct/restruct v0.0.0-20191227155143-5734170a48a1/go.mod h1:KqrpKpn4M8OLznErihXTGLlsXFGeLxHUrLRRI/1YjGk=
 github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
@@ -302,6 +314,8 @@ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2 h1:X2ev0eStA3AbceY54o37/0PQ/UWqKEiiO2dKL5OPaFM=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.3 h1:x95R7cp+rSeeqAMI2knLtQ0DKlaBhv2NrtrOvafPHRo=
+github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-containerregistry v0.0.0-20200331213917-3d03ed9b1ca2 h1:k2YJ1fw6LwICNNUQHZNp9vTtHMuVqHJtMjZOc5SDIJo=
 github.com/google/go-containerregistry v0.0.0-20200331213917-3d03ed9b1ca2/go.mod h1:pD1UFYs7MCAx+ZLShBdttcaOSbyc8F9Na/9IZLNwJeA=
 github.com/google/go-github/v28 v28.1.1 h1:kORf5ekX5qwXO2mGzXXOjMe/g6ap8ahVe0sBEulhSxo=
@@ -388,8 +402,8 @@ github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d h1:X4cedH4
 github.com/knqyf263/go-deb-version v0.0.0-20190517075300-09fca494f03d/go.mod h1:o8sgWoz3JADecfc/cTYD92/Et1yMqMy0utV1z+VaZao=
 github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936 h1:HDjRqotkViMNcGMGicb7cgxklx8OwnjtCBmyWEqrRvM=
 github.com/knqyf263/go-rpm-version v0.0.0-20170716094938-74609b86c936/go.mod h1:i4sF0l1fFnY1aiw08QQSwVAFxHEm311Me3WsU/X7nL0=
-github.com/knqyf263/go-rpmdb v0.0.0-20201028125045-8b9bad79f21b h1:5MvEbqO4ySg0C8GL+SMWiv8iR0iE1r24beGll35qbt0=
-github.com/knqyf263/go-rpmdb v0.0.0-20201028125045-8b9bad79f21b/go.mod h1:ovL3LB9TuA8LoLiEEMNm2fusIwoh+kM+lnhD1QlWAtA=
+github.com/knqyf263/go-rpmdb v0.0.0-20201215100354-a9e3110d8ee1 h1:sRDvjjWoHLWAxtPXBKYRJp8Ot4ugxYE/ZyADl3jzc1g=
+github.com/knqyf263/go-rpmdb v0.0.0-20201215100354-a9e3110d8ee1/go.mod h1:RDPNeIkU5NWXtt0OMEoILyxwUC/DyXeRtK295wpqSi0=
 github.com/knqyf263/nested v0.0.1 h1:Sv26CegUMhjt19zqbBKntjwESdxe5hxVPSk0+AKjdUc=
 github.com/knqyf263/nested v0.0.1/go.mod h1:zwhsIhMkBg90DTOJQvxPkKIypEHPYkgWHs4gybdlUmk=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -454,6 +468,8 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
+github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
+github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
 github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
 github.com/olekukonko/tablewriter v0.0.2-0.20190607075207-195002e6e56a h1:0LD5FJGQpEyD78OdhX97W75RjYmMjfLPp1ePrk5URxs=
@@ -461,12 +477,17 @@ github.com/olekukonko/tablewriter v0.0.2-0.20190607075207-195002e6e56a/go.mod h1
 github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.10.1 h1:q/mM8GF/n0shIN8SaAZ0V+jnLPzen6WIVZdiwrRlMlo=
 github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
+github.com/onsi/ginkgo v1.14.2 h1:8mVmC9kjFFmA8H4pKMUhcblgifdkOIXPvbhN1T36q1M=
+github.com/onsi/ginkgo v1.14.2/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/onsi/gomega v1.7.0 h1:XPnZz8VVBHjVsy1vzJmRwIcSwiUO+JFfrv/xGiigmME=
 github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
+github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/onsi/gomega v1.10.3 h1:gph6h/qe9GSUw1NhH1gp+qb+h8rXD8Cy60Z32Qw3ELA=
+github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
 github.com/open-policy-agent/opa v0.21.1 h1:c4lUnB0mO2KssiUnyh6Y9IGhggvXI3EgObkmhVTvEqQ=
 github.com/open-policy-agent/opa v0.21.1/go.mod h1:cZaTfhxsj7QdIiUI0U9aBtOLLTqVNe+XE60+9kZKLHw=
 github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ=
@@ -587,6 +608,8 @@ github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b/go.mo
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/gopher-lua v0.0.0-20191220021717-ab39c6098bdb h1:ZkM6LRnq40pR1Ox0hTHlnpkcOTuFIDQpZ1IN8rKKhX0=
+github.com/yuin/gopher-lua v0.0.0-20191220021717-ab39c6098bdb/go.mod h1:gqRgreBUhTSL0GeU64rtZ3Uq3wtjOa/TB2YfrtkCbVQ=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0=
 go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
@@ -596,6 +619,8 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opentelemetry.io/otel v0.14.0 h1:YFBEfjCk9MTjaytCNSUkp9Q8lF7QJezA06T71FbQxLQ=
+go.opentelemetry.io/otel v0.14.0/go.mod h1:vH5xEuwy7Rts0GNtsCW3HYQoZDY+OmBJ6t1bFGGlxgw=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.5.1 h1:rsqfU5vBkVknbhUGbAUwQKR2H4ItV8tjJ+6kJX4cxHM=
@@ -689,6 +714,7 @@ golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/
 golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
@@ -718,6 +744,7 @@ golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190204203706-41f3e6584952/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -734,11 +761,14 @@ golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191010194322-b09406accb47/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -755,6 +785,7 @@ golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
--- a/helm/trivy/.helmignore
+++ b/helm/trivy/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- a/helm/trivy/Chart.yaml
+++ b/helm/trivy/Chart.yaml
@@ -0,0 +1,11 @@
+apiVersion: v2
+name: trivy
+version: 0.2.0
+appVersion: "0.14.0"
+description: Trivy helm chart
+keywords:
+  - scanner
+  - trivy
+  - vulnerability
+sources:
+- https://github.com/aquasecurity/trivy
--- a/helm/trivy/README.md
+++ b/helm/trivy/README.md
@@ -0,0 +1,77 @@
+# Trivy Scanner
+
+Trivy vulnerability scanner standalone installation.
+
+## TL;DR;
+
+```
+$ helm install trivy . --namespace trivy --create-namespace
+```
+
+## Introduction
+
+This chart bootstraps a Trivy deployment on a [Kubernetes](http://kubernetes.io) cluster using the
+[Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes 1.12+
+- Helm 3+
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```
+$ helm install my-release .
+```
+
+The command deploys Trivy on the Kubernetes cluster in the default configuration. The [Parameters](#parameters)
+section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`.
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```
+$ helm delete my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Parameters
+
+The following table lists the configurable parameters of the Trivy chart and their default values.
+
+|                 Parameter             |                                Description                              |    Default     |
+|---------------------------------------|-------------------------------------------------------------------------|----------------|
+| `image.registry`                      | Image registry                                                          | `docker.io`    |
+| `image.repository`                    | Image name                                                              | `aquasec/trivy` |
+| `image.tag`                           | Image tag                                                               | `{TAG_NAME}`   |
+| `image.pullPolicy`                    | Image pull policy                                                       | `IfNotPresent` |
+| `replicaCount`                        | Number of Trivy Pods to run                                   | `1`            |
+| `trivy.debugMode`             | The flag to enable or disable Trivy debug mode                          | `false` |
+| `trivy.gitHubToken`           | The GitHub access token to download Trivy DB                            |      |
+| `trivy.skipUpdate`            | The flag to enable or disable Trivy DB downloads from GitHub            | `false`        |
+| `service.type`                        | Kubernetes service type                                                 | `ClusterIP` |
+| `service.port`                        | Kubernetes service port                                                 | `4954`      |
+| `httpProxy`                           | The URL of the HTTP proxy server                                        |     |
+| `httpsProxy`                          | The URL of the HTTPS proxy server                                       |     |
+| `noProxy`                             | The URLs that the proxy settings do not apply to                        |     |
+
+The above parameters map to the env variables defined in [trivy](https://github.com/aquasecurity/trivy#configuration).
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
+
+```
+$ helm install my-release . \
+       --namespace my-namespace \
+       --set "service.port=9090" \
+       --set "trivy.vulnType=os\,library"
+```
+
+## Storage
+
+This chart uses a PersistentVolumeClaim to reduce the number of database downloads between POD restarts or updates. The storageclass should have the reclaim policy  `Retain`.
--- a/helm/trivy/templates/NOTES.txt
+++ b/helm/trivy/templates/NOTES.txt
@@ -0,0 +1,2 @@
+You should be able to access Trivy server installation within
+the cluster at http://{{ include "trivy.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }}
--- a/helm/trivy/templates/_helpers.tpl
+++ b/helm/trivy/templates/_helpers.tpl
@@ -0,0 +1,55 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "trivy.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "trivy.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "trivy.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "trivy.labels" -}}
+app.kubernetes.io/name: {{ include "trivy.name" . }}
+helm.sh/chart: {{ include "trivy.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Return the proper imageRef as used by the container template spec.
+*/}}
+{{- define "trivy.imageRef" -}}
+{{- $registryName := .Values.image.registry -}}
+{{- $repositoryName := .Values.image.repository -}}
+{{- $tag := .Values.image.tag | toString -}}
+{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
+{{- end -}}
--- a/helm/trivy/templates/ingress.yaml
+++ b/helm/trivy/templates/ingress.yaml
@@ -0,0 +1,35 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "trivy.fullname" . -}}
+apiVersion: networking.k8s.io/v1beta1
+kind: Ingress
+metadata:
+  name: {{ include "trivy.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{ include "trivy.labels" . | indent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          - path: /
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $.Values.service.port -}}
+  {{- end }}
+{{- end }}
--- a/helm/trivy/templates/podsecuritypolicy.yaml
+++ b/helm/trivy/templates/podsecuritypolicy.yaml
@@ -0,0 +1,38 @@
+{{- if .Values.rbac.pspEnabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ include "trivy.fullname" . }}
+  labels:
+{{ include "trivy.labels" . | indent 4 }}
+spec:
+  privileged: false
+  allowPrivilegeEscalation: false
+  volumes:
+    - 'configMap'
+    - 'emptyDir'
+    - 'persistentVolumeClaim'
+    - 'secret'
+    - 'projected'
+    - 'downwardAPI'
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'MustRunAsNonRoot'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'MustRunAs'
+    ranges:
+    - min: 1
+      max: 65535
+  fsGroup:
+    rule: 'MustRunAs'
+    ranges:
+    - min: 1
+      max: 65535
+  readOnlyRootFilesystem: true
+  requiredDropCapabilities:
+    - ALL
+{{- end }}
--- a/helm/trivy/templates/role.yaml
+++ b/helm/trivy/templates/role.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "trivy.fullname" . }}
+  labels:
+{{ include "trivy.labels" . | indent 4 }}
+  namespace: {{ .Release.Namespace }}
+{{- if .Values.rbac.pspEnabled }}
+rules:
+- apiGroups:      ['policy']
+  resources:      ['podsecuritypolicies']
+  verbs:          ['use']
+  resourceNames:  [{{ include "trivy.fullname" . }}]
+{{- end }}
+{{- end }}
--- a/helm/trivy/templates/rolebinding.yaml
+++ b/helm/trivy/templates/rolebinding.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "trivy.fullname" . }}
+  labels:
+{{ include "trivy.labels" . | indent 4 }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "trivy.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "trivy.fullname" . }}
+{{- end }}
--- a/helm/trivy/templates/secret.yaml
+++ b/helm/trivy/templates/secret.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "trivy.fullname" . }}
+  labels:
+{{ include "trivy.labels" . | indent 4 }}
+type: Opaque
+data:
+  gitHubToken: {{ .Values.trivy.gitHubToken | default "" | b64enc | quote }}
--- a/helm/trivy/templates/service.yaml
+++ b/helm/trivy/templates/service.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "trivy.fullname" . }}
+  labels:
+{{ include "trivy.labels" . | indent 4 }}
+spec:
+  type: {{ .Values.service.type | default "ClusterIP" }}
+  selector:
+    app.kubernetes.io/name: {{ include "trivy.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+  ports:
+    - name: trivy-http
+      protocol: TCP
+      port: {{ .Values.service.port | default 4954 }}
+      targetPort: {{ .Values.service.port | default 4954 }}
+  sessionAffinity: ClientIP
--- a/helm/trivy/templates/serviceaccount.yaml
+++ b/helm/trivy/templates/serviceaccount.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "trivy.fullname" . }}
+  labels:
+{{ include "trivy.labels" . | indent 4 }}
+  namespace: {{ .Release.Namespace }}
--- a/helm/trivy/templates/statefulset.yaml
+++ b/helm/trivy/templates/statefulset.yaml
@@ -0,0 +1,107 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "trivy.fullname" . }}
+  labels:
+{{ include "trivy.labels" . | indent 4 }}
+spec:
+  podManagementPolicy: "Parallel"
+  serviceName: {{ include "trivy.fullname" . }}
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "trivy.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  {{- if .Values.persistence.enabled }}
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        resources:
+          requests:
+            storage: {{ .Values.persistence.size }}
+        accessModes:
+          - {{ .Values.persistence.accessMode }}
+        storageClassName: {{ .Values.persistence.storageClass }}
+  {{- end }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "trivy.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+      serviceAccountName: {{ include "trivy.fullname" . }}
+      automountServiceAccountToken: false
+      {{- if .Values.podSecurityContext }}
+      securityContext:
+{{ toYaml .Values.podSecurityContext | indent 8 }}
+      {{- end }}
+      containers:
+        - name: main
+          image: {{ template "trivy.imageRef" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+          {{- if .Values.securityContext }}
+          securityContext:
+{{ toYaml .Values.securityContext | indent 12 }}
+          {{- end }}
+          args:
+            - server
+          env:
+            - name: "TRIVY_LISTEN"
+              value: "0.0.0.0:{{ .Values.service.port | default 4954 }}"
+            - name: "TRIVY_CACHE_DIR"
+              value: "/home/scanner/.cache/trivy"
+            - name: "TRIVY_DEBUG"
+              value: {{ .Values.trivy.debugMode | default false | quote }}
+            - name: "TRIVY_SKIP_UPDATE"
+              value: {{ .Values.trivy.skipUpdate | default false | quote }}
+            - name: "TRIVY_GITHUB_TOKEN"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "trivy.fullname" . }}
+                  key: gitHubToken
+            - name: "HTTP_PROXY"
+              value: {{ .Values.httpProxy | quote }}
+            - name: "HTTPS_PROXY"
+              value: {{ .Values.httpsProxy | quote }}
+            - name: "NO_PROXY"
+              value: {{ .Values.noProxy | quote }}
+          ports:
+            - name: trivy-http
+              containerPort: {{ .Values.service.port }}
+          livenessProbe:
+            httpGet:
+              scheme: HTTP
+              path: /healthz
+              port: trivy-http
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 10
+          readinessProbe:
+            httpGet:
+              scheme: HTTP
+              path: /healthz
+              port: trivy-http
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 3
+          volumeMounts:
+            - mountPath: /tmp
+              name: tmp-data
+              readOnly: false
+            - mountPath: /home/scanner/.cache
+              name: data
+              readOnly: false
+          {{- if .Values.resources }}
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+          {{- end }}
+      volumes:
+        - name: tmp-data
+          emptyDir: {}
+        {{- if not .Values.persistence.enabled }}
+        - name: data
+          emptyDir: {}
+        {{- end }}
--- a/helm/trivy/values.yaml
+++ b/helm/trivy/values.yaml
@@ -0,0 +1,87 @@
+nameOverride: ""
+fullnameOverride: ""
+
+image:
+  registry: docker.io
+  repository: aquasec/trivy
+  tag: 0.14.0
+  pullPolicy: IfNotPresent
+
+replicaCount: 1
+
+persistence:
+  enabled: true
+  storageClass: ""
+  accessMode: ReadWriteOnce
+  size: 5Gi
+
+resources:
+  requests:
+    cpu: 200m
+    memory: 512Mi
+  limits:
+    cpu: 1
+    memory: 1Gi
+
+rbac:
+  create: true
+  pspEnabled: true
+
+podSecurityContext:
+  runAsUser: 65534
+  runAsNonRoot: true
+  fsGroup: 65534
+
+securityContext:
+  privileged: false
+  readOnlyRootFilesystem: true
+
+trivy:
+  # debugMode the flag to enable Trivy debug mode
+  debugMode: false
+  # gitHubToken the GitHub access token to download Trivy DB
+  #
+  # Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases.
+  # It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached
+  # in the local file system (`/home/scanner/.cache/trivy/db/trivy.db`). In addition, the database contains the update
+  # timestamp so Trivy can detect whether it should download a newer version from the Internet or use the cached one.
+  # Currently, the database is updated every 12 hours and published as a new release to GitHub.
+  #
+  # Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough
+  # for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000
+  # requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult
+  # https://developer.github.com/v3/#rate-limiting
+  #
+  # You can create a GitHub token by following the instructions in
+  # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
+  gitHubToken: ""
+  # skipUpdate the flag to enable or disable Trivy DB downloads from GitHub
+  #
+  # You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues.
+  # If the flag is enabled you have to manually download the `trivy.db` file and mount it in the
+  # `/home/scanner/.cache/trivy/db/trivy.db` path (see `cacheDir`).
+  skipUpdate: false
+
+service:
+  # type Kubernetes service type
+  type: ClusterIP
+  # port Kubernetes service port
+  port: 4954
+
+ingress:
+  enabled: false
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+  hosts:
+    - host: trivy.example.com
+  tls: []
+  #  - secretName: trivy-example-tls
+  #    hosts:
+  #      - trivy.example.com
+
+# httpProxy the URL of the HTTP proxy server
+httpProxy:
+# httpsProxy the URL of the HTTPS proxy server
+httpsProxy:
+# noProxy the URLs that the proxy settings do not apply to
+noProxy:
--- a/integration/client_server_test.go
+++ b/integration/client_server_test.go
@@ -12,8 +12,10 @@ import (
 	"testing"
 	"time"

+	"github.com/docker/go-connections/nat"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	testcontainers "github.com/testcontainers/testcontainers-go"
 	"github.com/urfave/cli/v2"

 	"github.com/aquasecurity/trivy/internal"
@@ -320,9 +322,19 @@ func TestClientServer(t *testing.T) {
 			},
 			golden: "testdata/alpine-310.asff.golden",
 		},
+		{
+			name: "alpine 3.10 integration with html template",
+			testArgs: args{
+				Format:       "template",
+				TemplatePath: "@../contrib/html.tpl",
+				Version:      "dev",
+				Input:        "testdata/fixtures/alpine-310.tar.gz",
+			},
+			golden: "testdata/alpine-310.html.golden",
+		},
 	}

-	app, addr, cacheDir := setup(t, "", "")
+	app, addr, cacheDir := setup(t, setupOptions{})

 	for _, c := range cases {
 		t.Run(c.name, func(t *testing.T) {
@@ -384,7 +396,10 @@ func TestClientServerWithToken(t *testing.T) {

 	serverToken := "token"
 	serverTokenHeader := "Trivy-Token"
-	app, addr, cacheDir := setup(t, serverToken, serverTokenHeader)
+	app, addr, cacheDir := setup(t, setupOptions{
+		token:       serverToken,
+		tokenHeader: serverTokenHeader,
+	})
 	defer os.RemoveAll(cacheDir)

 	for _, c := range cases {
@@ -408,7 +423,54 @@ func TestClientServerWithToken(t *testing.T) {
 	}
 }

-func setup(t *testing.T, token, tokenHeader string) (*cli.App, string, string) {
+func TestClientServerWithRedis(t *testing.T) {
+	// Set up a Redis container
+	ctx := context.Background()
+	redisC, addr := setupRedis(t, ctx)
+
+	// Set up Trivy server
+	app, addr, cacheDir := setup(t, setupOptions{cacheBackend: addr})
+	defer os.RemoveAll(cacheDir)
+
+	// Test parameters
+	testArgs := args{
+		Version: "dev",
+		Input:   "testdata/fixtures/centos-7.tar.gz",
+	}
+	golden := "testdata/centos-7.json.golden"
+
+	t.Run("centos 7", func(t *testing.T) {
+		osArgs, outputFile, cleanup := setupClient(t, testArgs, addr, cacheDir, golden)
+		defer cleanup()
+
+		// Run Trivy client
+		err := app.Run(osArgs)
+		require.NoError(t, err)
+
+		compare(t, golden, outputFile)
+	})
+
+	// Terminate the Redis container
+	require.NoError(t, redisC.Terminate(ctx))
+
+	t.Run("sad path", func(t *testing.T) {
+		osArgs, _, cleanup := setupClient(t, testArgs, addr, cacheDir, golden)
+		defer cleanup()
+
+		// Run Trivy client
+		err := app.Run(osArgs)
+		require.NotNil(t, err)
+		assert.Contains(t, err.Error(), "connect: connection refused")
+	})
+}
+
+type setupOptions struct {
+	token        string
+	tokenHeader  string
+	cacheBackend string
+}
+
+func setup(t *testing.T, options setupOptions) (*cli.App, string, string) {
 	t.Helper()
 	version := "dev"

@@ -424,7 +486,7 @@ func setup(t *testing.T, token, tokenHeader string) (*cli.App, string, string) {
 		// Setup CLI App
 		app := internal.NewApp(version)
 		app.Writer = ioutil.Discard
-		osArgs := setupServer(addr, token, tokenHeader, cacheDir)
+		osArgs := setupServer(addr, options.token, options.tokenHeader, cacheDir, options.cacheBackend)

 		// Run Trivy server
 		app.Run(osArgs)
@@ -441,11 +503,14 @@ func setup(t *testing.T, token, tokenHeader string) (*cli.App, string, string) {
 	return app, addr, cacheDir
 }

-func setupServer(addr, token, tokenHeader, cacheDir string) []string {
+func setupServer(addr, token, tokenHeader, cacheDir, cacheBackend string) []string {
 	osArgs := []string{"trivy", "server", "--skip-update", "--cache-dir", cacheDir, "--listen", addr}
 	if token != "" {
 		osArgs = append(osArgs, []string{"--token", token, "--token-header", tokenHeader}...)
 	}
+	if cacheBackend != "" {
+		osArgs = append(osArgs, "--cache-backend", cacheBackend)
+	}
 	return osArgs
 }

@@ -509,6 +574,32 @@ func setupClient(t *testing.T, c args, addr string, cacheDir string, golden stri
 	return osArgs, outputFile, cleanup
 }

+func setupRedis(t *testing.T, ctx context.Context) (testcontainers.Container, string) {
+	t.Helper()
+	imageName := "redis:5.0"
+	port := "6379/tcp"
+	req := testcontainers.ContainerRequest{
+		Name:         "redis",
+		Image:        imageName,
+		ExposedPorts: []string{port},
+	}
+
+	redis, err := testcontainers.GenericContainer(ctx, testcontainers.GenericContainerRequest{
+		ContainerRequest: req,
+		Started:          true,
+	})
+	require.NoError(t, err)
+
+	ip, err := redis.Host(ctx)
+	require.NoError(t, err)
+
+	p, err := redis.MappedPort(ctx, nat.Port(port))
+	require.NoError(t, err)
+
+	addr := fmt.Sprintf("redis://%s:%s", ip, p.Port())
+	return redis, addr
+}
+
 func compare(t *testing.T, wantFile, gotFile string) {
 	t.Helper()
 	// Compare want and got
@@ -517,5 +608,9 @@ func compare(t *testing.T, wantFile, gotFile string) {
 	got, err := ioutil.ReadFile(gotFile)
 	assert.NoError(t, err)

-	assert.JSONEq(t, string(want), string(got))
+	if strings.HasSuffix(wantFile, ".json.golden") {
+		assert.JSONEq(t, string(want), string(got))
+	} else {
+		assert.EqualValues(t, string(want), string(got))
+	}
 }
--- a/integration/testdata/alpine-310-ignore-cveids.json.golden
+++ b/integration/testdata/alpine-310-ignore-cveids.json.golden
@@ -14,10 +14,22 @@
        "SeveritySource": "nvd",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551",
        "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
-        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-200"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html",
          "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
@@ -29,7 +41,9 @@
          "https://www.debian.org/security/2019/dsa-4594",
          "https://www.openssl.org/news/secadv/20191206.txt",
          "https://www.tenable.com/security/tns-2019-09"
-        ]
+        ],
+        "PublishedDate": "2019-12-06T18:15:00Z",
+        "LastModifiedDate": "2019-12-25T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1547",
@@ -44,6 +58,19 @@
        "Title": "openssl: side-channel weak encryption vulnerability",
        "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 1.9
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+            "V3Score": 5.5
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://arxiv.org/abs/1909.01785",
@@ -54,7 +81,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T16:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1551",
@@ -67,10 +96,22 @@
        "SeveritySource": "nvd",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551",
        "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
-        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-200"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html",
          "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
@@ -82,7 +123,9 @@
          "https://www.debian.org/security/2019/dsa-4594",
          "https://www.openssl.org/news/secadv/20191206.txt",
          "https://www.tenable.com/security/tns-2019-09"
-        ]
+        ],
+        "PublishedDate": "2019-12-06T18:15:00Z",
+        "LastModifiedDate": "2019-12-25T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1547",
@@ -97,6 +140,19 @@
        "Title": "openssl: side-channel weak encryption vulnerability",
        "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 1.9
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+            "V3Score": 5.5
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://arxiv.org/abs/1909.01785",
@@ -107,7 +163,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T16:15:00Z"
      }
    ]
  }
--- a/integration/testdata/alpine-310-ignore-unfixed.json.golden
+++ b/integration/testdata/alpine-310-ignore-unfixed.json.golden
@@ -16,6 +16,19 @@
        "Title": "openssl: information disclosure in fork()",
        "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-330"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be",
@@ -23,7 +36,9 @@
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://support.f5.com/csp/article/K44070243",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-19T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1551",
@@ -36,10 +51,22 @@
        "SeveritySource": "nvd",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551",
        "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
-        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-200"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html",
          "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
@@ -51,7 +78,9 @@
          "https://www.debian.org/security/2019/dsa-4594",
          "https://www.openssl.org/news/secadv/20191206.txt",
          "https://www.tenable.com/security/tns-2019-09"
-        ]
+        ],
+        "PublishedDate": "2019-12-06T18:15:00Z",
+        "LastModifiedDate": "2019-12-25T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1563",
@@ -66,6 +95,19 @@
        "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
        "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 4.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 3.7
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563",
@@ -75,7 +117,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1547",
@@ -90,6 +134,19 @@
        "Title": "openssl: side-channel weak encryption vulnerability",
        "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 1.9
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+            "V3Score": 5.5
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://arxiv.org/abs/1909.01785",
@@ -100,7 +157,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T16:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1549",
@@ -115,6 +174,19 @@
        "Title": "openssl: information disclosure in fork()",
        "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-330"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be",
@@ -122,7 +194,9 @@
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://support.f5.com/csp/article/K44070243",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-19T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1551",
@@ -135,10 +209,22 @@
        "SeveritySource": "nvd",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551",
        "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
-        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-200"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html",
          "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
@@ -150,7 +236,9 @@
          "https://www.debian.org/security/2019/dsa-4594",
          "https://www.openssl.org/news/secadv/20191206.txt",
          "https://www.tenable.com/security/tns-2019-09"
-        ]
+        ],
+        "PublishedDate": "2019-12-06T18:15:00Z",
+        "LastModifiedDate": "2019-12-25T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1563",
@@ -165,6 +253,19 @@
        "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
        "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 4.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 3.7
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563",
@@ -174,7 +275,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1547",
@@ -189,6 +292,19 @@
        "Title": "openssl: side-channel weak encryption vulnerability",
        "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 1.9
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+            "V3Score": 5.5
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://arxiv.org/abs/1909.01785",
@@ -199,7 +315,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T16:15:00Z"
      }
    ]
  }
--- a/integration/testdata/alpine-310-medium-high.json.golden
+++ b/integration/testdata/alpine-310-medium-high.json.golden
@@ -16,6 +16,19 @@
        "Title": "openssl: information disclosure in fork()",
        "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-330"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be",
@@ -23,7 +36,9 @@
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://support.f5.com/csp/article/K44070243",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-19T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1551",
@@ -36,10 +51,22 @@
        "SeveritySource": "nvd",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551",
        "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
-        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-200"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html",
          "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
@@ -51,7 +78,9 @@
          "https://www.debian.org/security/2019/dsa-4594",
          "https://www.openssl.org/news/secadv/20191206.txt",
          "https://www.tenable.com/security/tns-2019-09"
-        ]
+        ],
+        "PublishedDate": "2019-12-06T18:15:00Z",
+        "LastModifiedDate": "2019-12-25T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1563",
@@ -66,6 +95,19 @@
        "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
        "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 4.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 3.7
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563",
@@ -75,7 +117,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1549",
@@ -90,6 +134,19 @@
        "Title": "openssl: information disclosure in fork()",
        "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-330"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be",
@@ -97,7 +154,9 @@
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://support.f5.com/csp/article/K44070243",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-19T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1551",
@@ -110,10 +169,22 @@
        "SeveritySource": "nvd",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551",
        "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
-        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-200"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html",
          "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
@@ -125,7 +196,9 @@
          "https://www.debian.org/security/2019/dsa-4594",
          "https://www.openssl.org/news/secadv/20191206.txt",
          "https://www.tenable.com/security/tns-2019-09"
-        ]
+        ],
+        "PublishedDate": "2019-12-06T18:15:00Z",
+        "LastModifiedDate": "2019-12-25T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1563",
@@ -140,6 +213,19 @@
        "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
        "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 4.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 3.7
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563",
@@ -149,7 +235,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T11:15:00Z"
      }
    ]
  }
--- a/integration/testdata/alpine-310-registry.json.golden
+++ b/integration/testdata/alpine-310-registry.json.golden
@@ -1,6 +1,6 @@
 [
  {
-    "Target": "localhost:32787/alpine:3.10 (alpine 3.10.2)",
+    "Target": "localhost:32799/alpine:3.10 (alpine 3.10.2)",
    "Type": "alpine",
    "Vulnerabilities": [
      {
@@ -17,6 +17,19 @@
        "Title": "openssl: information disclosure in fork()",
        "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-330"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be",
@@ -24,7 +37,9 @@
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://support.f5.com/csp/article/K44070243",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-19T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1551",
@@ -38,10 +53,22 @@
        "SeveritySource": "nvd",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551",
        "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
-        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-200"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html",
          "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
@@ -53,7 +80,9 @@
          "https://www.debian.org/security/2019/dsa-4594",
          "https://www.openssl.org/news/secadv/20191206.txt",
          "https://www.tenable.com/security/tns-2019-09"
-        ]
+        ],
+        "PublishedDate": "2019-12-06T18:15:00Z",
+        "LastModifiedDate": "2019-12-25T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1563",
@@ -69,6 +98,19 @@
        "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
        "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 4.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 3.7
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563",
@@ -78,7 +120,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1547",
@@ -94,6 +138,19 @@
        "Title": "openssl: side-channel weak encryption vulnerability",
        "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 1.9
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+            "V3Score": 5.5
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://arxiv.org/abs/1909.01785",
@@ -104,7 +161,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T16:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1549",
@@ -120,6 +179,19 @@
        "Title": "openssl: information disclosure in fork()",
        "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-330"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be",
@@ -127,7 +199,9 @@
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://support.f5.com/csp/article/K44070243",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-19T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1551",
@@ -141,10 +215,22 @@
        "SeveritySource": "nvd",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551",
        "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
-        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-200"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html",
          "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
@@ -156,7 +242,9 @@
          "https://www.debian.org/security/2019/dsa-4594",
          "https://www.openssl.org/news/secadv/20191206.txt",
          "https://www.tenable.com/security/tns-2019-09"
-        ]
+        ],
+        "PublishedDate": "2019-12-06T18:15:00Z",
+        "LastModifiedDate": "2019-12-25T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1563",
@@ -172,6 +260,19 @@
        "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
        "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 4.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 3.7
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563",
@@ -181,7 +282,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1547",
@@ -197,6 +300,19 @@
        "Title": "openssl: side-channel weak encryption vulnerability",
        "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 1.9
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+            "V3Score": 5.5
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://arxiv.org/abs/1909.01785",
@@ -207,7 +323,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T16:15:00Z"
      }
    ]
  }
--- a/integration/testdata/alpine-310.asff.golden
+++ b/integration/testdata/alpine-310.asff.golden
@@ -37,8 +37,8 @@
                        "Patched Package": "1.1.1d-r0",
                        "NvdCvssScoreV3": "0",
                        "NvdCvssVectorV3": "",
-                        "NvdCvssScoreV2": "0",
-                        "NvdCvssVectorV2": ""
+                        "NvdCvssScoreV2": "5",
+                        "NvdCvssVectorV2": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
                    }
                }
            }
@@ -59,7 +59,7 @@
            "Normalized": 40
        },
        "Title": "Trivy found a vulnerability to CVE-2019-1551 in container testdata/fixtures/alpine-310.tar.gz (alpine 3.10.2)",
-        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).",
        "Remediation": {
            "Recommendation": {
                "Text": "More information on this vulnerability is provided in the hyperlink",
@@ -83,8 +83,8 @@
                        "Patched Package": "1.1.1d-r2",
                        "NvdCvssScoreV3": "0",
                        "NvdCvssVectorV3": "",
-                        "NvdCvssScoreV2": "0",
-                        "NvdCvssVectorV2": ""
+                        "NvdCvssScoreV2": "5",
+                        "NvdCvssVectorV2": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
                    }
                }
            }
@@ -129,8 +129,8 @@
                        "Patched Package": "1.1.1d-r0",
                        "NvdCvssScoreV3": "0",
                        "NvdCvssVectorV3": "",
-                        "NvdCvssScoreV2": "0",
-                        "NvdCvssVectorV2": ""
+                        "NvdCvssScoreV2": "4.3",
+                        "NvdCvssVectorV2": "AV:N/AC:M/Au:N/C:P/I:N/A:N"
                    }
                }
            }
@@ -175,8 +175,8 @@
                        "Patched Package": "1.1.1d-r0",
                        "NvdCvssScoreV3": "0",
                        "NvdCvssVectorV3": "",
-                        "NvdCvssScoreV2": "0",
-                        "NvdCvssVectorV2": ""
+                        "NvdCvssScoreV2": "1.9",
+                        "NvdCvssVectorV2": "AV:L/AC:M/Au:N/C:P/I:N/A:N"
                    }
                }
            }
@@ -221,8 +221,8 @@
                        "Patched Package": "1.1.1d-r0",
                        "NvdCvssScoreV3": "0",
                        "NvdCvssVectorV3": "",
-                        "NvdCvssScoreV2": "0",
-                        "NvdCvssVectorV2": ""
+                        "NvdCvssScoreV2": "5",
+                        "NvdCvssVectorV2": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
                    }
                }
            }
@@ -243,7 +243,7 @@
            "Normalized": 40
        },
        "Title": "Trivy found a vulnerability to CVE-2019-1551 in container testdata/fixtures/alpine-310.tar.gz (alpine 3.10.2)",
-        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).",
        "Remediation": {
            "Recommendation": {
                "Text": "More information on this vulnerability is provided in the hyperlink",
@@ -267,8 +267,8 @@
                        "Patched Package": "1.1.1d-r2",
                        "NvdCvssScoreV3": "0",
                        "NvdCvssVectorV3": "",
-                        "NvdCvssScoreV2": "0",
-                        "NvdCvssVectorV2": ""
+                        "NvdCvssScoreV2": "5",
+                        "NvdCvssVectorV2": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
                    }
                }
            }
@@ -313,8 +313,8 @@
                        "Patched Package": "1.1.1d-r0",
                        "NvdCvssScoreV3": "0",
                        "NvdCvssVectorV3": "",
-                        "NvdCvssScoreV2": "0",
-                        "NvdCvssVectorV2": ""
+                        "NvdCvssScoreV2": "4.3",
+                        "NvdCvssVectorV2": "AV:N/AC:M/Au:N/C:P/I:N/A:N"
                    }
                }
            }
@@ -359,8 +359,8 @@
                        "Patched Package": "1.1.1d-r0",
                        "NvdCvssScoreV3": "0",
                        "NvdCvssVectorV3": "",
-                        "NvdCvssScoreV2": "0",
-                        "NvdCvssVectorV2": ""
+                        "NvdCvssScoreV2": "1.9",
+                        "NvdCvssVectorV2": "AV:L/AC:M/Au:N/C:P/I:N/A:N"
                    }
                }
            }
--- a/integration/testdata/alpine-310.gitlab.golden
+++ b/integration/testdata/alpine-310.gitlab.golden
@@ -51,7 +51,7 @@
      "id": "CVE-2019-1551",
      "category": "container_scanning",
      "message": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
-      "description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+      "description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).",
      "cve": "CVE-2019-1551",
      "severity": "Medium",
      "confidence": "Unknown",
@@ -79,8 +79,6 @@
        }
      ],
      "links": [{
-          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html"
-        },{
          "url": "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html"
        },{
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551"
@@ -257,7 +255,7 @@
      "id": "CVE-2019-1551",
      "category": "container_scanning",
      "message": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
-      "description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+      "description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).",
      "cve": "CVE-2019-1551",
      "severity": "Medium",
      "confidence": "Unknown",
@@ -285,8 +283,6 @@
        }
      ],
      "links": [{
-          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html"
-        },{
          "url": "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html"
        },{
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551"
--- a/integration/testdata/alpine-310.html.golden
+++ b/integration/testdata/alpine-310.html.golden
@@ -0,0 +1,237 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+    <style>
+      * {
+        font-family: Arial, Helvetica, sans-serif;
+      }
+      h1 {
+        text-align: center;
+      }
+      .group-header th {
+        font-size: 200%;
+      }
+      .sub-header th {
+        font-size: 150%;
+      }
+      table, th, td {
+        border: 1px solid black;
+        border-collapse: collapse;
+        white-space: nowrap;
+        padding: .3em;
+      }
+      table {
+        margin: 0 auto;
+      }
+      .severity {
+        text-align: center;
+        font-weight: bold;
+        color: #fafafa;
+      }
+      .severity-LOW .severity { background-color: #5fbb31; }
+      .severity-MEDIUM .severity { background-color: #e9c600; }
+      .severity-HIGH .severity { background-color: #ff8800; }
+      .severity-CRITICAL .severity { background-color: #e40000; }
+      .severity-UNKNOWN .severity { background-color: #747474; }
+      .severity-LOW { background-color: #5fbb3160; }
+      .severity-MEDIUM { background-color: #e9c60060; }
+      .severity-HIGH { background-color: #ff880060; }
+      .severity-CRITICAL { background-color: #e4000060; }
+      .severity-UNKNOWN { background-color: #74747460; }
+      table tr td:first-of-type {
+        font-weight: bold;
+      }
+      .links a,
+      .links[data-more-links=on] a {
+        display: block;
+      }
+      .links[data-more-links=off] a:nth-of-type(1n+5) {
+        display: none;
+      }
+      a.toggle-more-links { cursor: pointer; }
+    </style>
+    <title>testdata/fixtures/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2020-08-10T07:28:17.000958601Z</title>
+    <script>
+      window.onload = function() {
+        document.querySelectorAll('td.links').forEach(function(linkCell) {
+          var links = [].concat.apply([], linkCell.querySelectorAll('a'));
+          [].sort.apply(links, function(a, b) {
+            return a.href > b.href ? 1 : -1;
+          });
+          links.forEach(function(link, idx) {
+            if (links.length > 3 && 3 === idx) {
+              var toggleLink = document.createElement('a');
+              toggleLink.innerText = "Toggle more links";
+              toggleLink.href = "#toggleMore";
+              toggleLink.setAttribute("class", "toggle-more-links");
+              linkCell.appendChild(toggleLink);
+            }
+            linkCell.appendChild(link);
+          });
+        });
+        document.querySelectorAll('a.toggle-more-links').forEach(function(toggleLink) {
+          toggleLink.onclick = function() {
+            var expanded = toggleLink.parentElement.getAttribute("data-more-links");
+            toggleLink.parentElement.setAttribute("data-more-links", "on" === expanded ? "off" : "on");
+            return false;
+          };
+        });
+      };
+    </script>
+  </head>
+  <body>
+    <h1>testdata/fixtures/alpine-310.tar.gz (alpine 3.10.2) - Trivy Report - 2020-08-10T07:28:17.000958601Z</h1>
+    <table>
+      <tr class="group-header"><th colspan="6">alpine</th></tr>
+      <tr class="sub-header">
+        <th>Package</th>
+        <th>Vulnerability ID</th>
+        <th>Severity</th>
+        <th>Installed Version</th>
+        <th>Fixed Version</th>
+        <th>Links</th>
+      </tr>
+      <tr class="severity-MEDIUM">
+        <td class="pkg-name">libcrypto1.1</td>
+        <td>CVE-2019-1549</td>
+        <td class="severity">MEDIUM</td>
+        <td class="pkg-version">1.1.1c-r0</td>
+        <td>1.1.1d-r0</td>
+        <td class="links" data-more-links="off">
+          <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549</a>
+          <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be</a>
+          <a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/</a>
+          <a href="https://security.netapp.com/advisory/ntap-20190919-0002/">https://security.netapp.com/advisory/ntap-20190919-0002/</a>
+          <a href="https://support.f5.com/csp/article/K44070243">https://support.f5.com/csp/article/K44070243</a>
+          <a href="https://www.openssl.org/news/secadv/20190910.txt">https://www.openssl.org/news/secadv/20190910.txt</a>
+        </td>
+      </tr>
+      <tr class="severity-MEDIUM">
+        <td class="pkg-name">libcrypto1.1</td>
+        <td>CVE-2019-1551</td>
+        <td class="severity">MEDIUM</td>
+        <td class="pkg-version">1.1.1c-r0</td>
+        <td>1.1.1d-r2</td>
+        <td class="links" data-more-links="off">
+          <a href="http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html">http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html</a>
+          <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551</a>
+          <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f</a>
+          <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98</a>
+          <a href="https://github.com/openssl/openssl/pull/10575">https://github.com/openssl/openssl/pull/10575</a>
+          <a href="https://seclists.org/bugtraq/2019/Dec/39">https://seclists.org/bugtraq/2019/Dec/39</a>
+          <a href="https://seclists.org/bugtraq/2019/Dec/46">https://seclists.org/bugtraq/2019/Dec/46</a>
+          <a href="https://security.netapp.com/advisory/ntap-20191210-0001/">https://security.netapp.com/advisory/ntap-20191210-0001/</a>
+          <a href="https://www.debian.org/security/2019/dsa-4594">https://www.debian.org/security/2019/dsa-4594</a>
+          <a href="https://www.openssl.org/news/secadv/20191206.txt">https://www.openssl.org/news/secadv/20191206.txt</a>
+          <a href="https://www.tenable.com/security/tns-2019-09">https://www.tenable.com/security/tns-2019-09</a>
+        </td>
+      </tr>
+      <tr class="severity-MEDIUM">
+        <td class="pkg-name">libcrypto1.1</td>
+        <td>CVE-2019-1563</td>
+        <td class="severity">MEDIUM</td>
+        <td class="pkg-version">1.1.1c-r0</td>
+        <td>1.1.1d-r0</td>
+        <td class="links" data-more-links="off">
+          <a href="http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html">http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html</a>
+          <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563</a>
+          <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64</a>
+          <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97</a>
+          <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f</a>
+          <a href="https://seclists.org/bugtraq/2019/Sep/25">https://seclists.org/bugtraq/2019/Sep/25</a>
+          <a href="https://security.netapp.com/advisory/ntap-20190919-0002/">https://security.netapp.com/advisory/ntap-20190919-0002/</a>
+          <a href="https://www.openssl.org/news/secadv/20190910.txt">https://www.openssl.org/news/secadv/20190910.txt</a>
+        </td>
+      </tr>
+      <tr class="severity-LOW">
+        <td class="pkg-name">libcrypto1.1</td>
+        <td>CVE-2019-1547</td>
+        <td class="severity">LOW</td>
+        <td class="pkg-version">1.1.1c-r0</td>
+        <td>1.1.1d-r0</td>
+        <td class="links" data-more-links="off">
+          <a href="http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html">http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html</a>
+          <a href="https://arxiv.org/abs/1909.01785">https://arxiv.org/abs/1909.01785</a>
+          <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547</a>
+          <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46</a>
+          <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8</a>
+          <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a</a>
+          <a href="https://seclists.org/bugtraq/2019/Sep/25">https://seclists.org/bugtraq/2019/Sep/25</a>
+          <a href="https://security.netapp.com/advisory/ntap-20190919-0002/">https://security.netapp.com/advisory/ntap-20190919-0002/</a>
+          <a href="https://www.openssl.org/news/secadv/20190910.txt">https://www.openssl.org/news/secadv/20190910.txt</a>
+        </td>
+      </tr>
+      <tr class="severity-MEDIUM">
+        <td class="pkg-name">libssl1.1</td>
+        <td>CVE-2019-1549</td>
+        <td class="severity">MEDIUM</td>
+        <td class="pkg-version">1.1.1c-r0</td>
+        <td>1.1.1d-r0</td>
+        <td class="links" data-more-links="off">
+          <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549</a>
+          <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be</a>
+          <a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/</a>
+          <a href="https://security.netapp.com/advisory/ntap-20190919-0002/">https://security.netapp.com/advisory/ntap-20190919-0002/</a>
+          <a href="https://support.f5.com/csp/article/K44070243">https://support.f5.com/csp/article/K44070243</a>
+          <a href="https://www.openssl.org/news/secadv/20190910.txt">https://www.openssl.org/news/secadv/20190910.txt</a>
+        </td>
+      </tr>
+      <tr class="severity-MEDIUM">
+        <td class="pkg-name">libssl1.1</td>
+        <td>CVE-2019-1551</td>
+        <td class="severity">MEDIUM</td>
+        <td class="pkg-version">1.1.1c-r0</td>
+        <td>1.1.1d-r2</td>
+        <td class="links" data-more-links="off">
+          <a href="http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html">http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html</a>
+          <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551</a>
+          <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f</a>
+          <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98</a>
+          <a href="https://github.com/openssl/openssl/pull/10575">https://github.com/openssl/openssl/pull/10575</a>
+          <a href="https://seclists.org/bugtraq/2019/Dec/39">https://seclists.org/bugtraq/2019/Dec/39</a>
+          <a href="https://seclists.org/bugtraq/2019/Dec/46">https://seclists.org/bugtraq/2019/Dec/46</a>
+          <a href="https://security.netapp.com/advisory/ntap-20191210-0001/">https://security.netapp.com/advisory/ntap-20191210-0001/</a>
+          <a href="https://www.debian.org/security/2019/dsa-4594">https://www.debian.org/security/2019/dsa-4594</a>
+          <a href="https://www.openssl.org/news/secadv/20191206.txt">https://www.openssl.org/news/secadv/20191206.txt</a>
+          <a href="https://www.tenable.com/security/tns-2019-09">https://www.tenable.com/security/tns-2019-09</a>
+        </td>
+      </tr>
+      <tr class="severity-MEDIUM">
+        <td class="pkg-name">libssl1.1</td>
+        <td>CVE-2019-1563</td>
+        <td class="severity">MEDIUM</td>
+        <td class="pkg-version">1.1.1c-r0</td>
+        <td>1.1.1d-r0</td>
+        <td class="links" data-more-links="off">
+          <a href="http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html">http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html</a>
+          <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563</a>
+          <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64</a>
+          <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97</a>
+          <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f</a>
+          <a href="https://seclists.org/bugtraq/2019/Sep/25">https://seclists.org/bugtraq/2019/Sep/25</a>
+          <a href="https://security.netapp.com/advisory/ntap-20190919-0002/">https://security.netapp.com/advisory/ntap-20190919-0002/</a>
+          <a href="https://www.openssl.org/news/secadv/20190910.txt">https://www.openssl.org/news/secadv/20190910.txt</a>
+        </td>
+      </tr>
+      <tr class="severity-LOW">
+        <td class="pkg-name">libssl1.1</td>
+        <td>CVE-2019-1547</td>
+        <td class="severity">LOW</td>
+        <td class="pkg-version">1.1.1c-r0</td>
+        <td>1.1.1d-r0</td>
+        <td class="links" data-more-links="off">
+          <a href="http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html">http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html</a>
+          <a href="https://arxiv.org/abs/1909.01785">https://arxiv.org/abs/1909.01785</a>
+          <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547</a>
+          <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=21c856b75d81eff61aa63b4f036bb64a85bf6d46</a>
+          <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=30c22fa8b1d840036b8e203585738df62a03cec8</a>
+          <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a</a>
+          <a href="https://seclists.org/bugtraq/2019/Sep/25">https://seclists.org/bugtraq/2019/Sep/25</a>
+          <a href="https://security.netapp.com/advisory/ntap-20190919-0002/">https://security.netapp.com/advisory/ntap-20190919-0002/</a>
+          <a href="https://www.openssl.org/news/secadv/20190910.txt">https://www.openssl.org/news/secadv/20190910.txt</a>
+        </td>
+      </tr>
+    </table>
+  </body>
+</html>
--- a/integration/testdata/alpine-310.json.golden
+++ b/integration/testdata/alpine-310.json.golden
@@ -16,6 +16,19 @@
        "Title": "openssl: information disclosure in fork()",
        "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-330"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be",
@@ -23,7 +36,9 @@
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://support.f5.com/csp/article/K44070243",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-19T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1551",
@@ -36,10 +51,22 @@
        "SeveritySource": "nvd",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551",
        "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
-        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-200"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html",
          "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
@@ -51,7 +78,9 @@
          "https://www.debian.org/security/2019/dsa-4594",
          "https://www.openssl.org/news/secadv/20191206.txt",
          "https://www.tenable.com/security/tns-2019-09"
-        ]
+        ],
+        "PublishedDate": "2019-12-06T18:15:00Z",
+        "LastModifiedDate": "2019-12-25T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1563",
@@ -66,6 +95,19 @@
        "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
        "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 4.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 3.7
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563",
@@ -75,7 +117,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1547",
@@ -90,6 +134,19 @@
        "Title": "openssl: side-channel weak encryption vulnerability",
        "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 1.9
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+            "V3Score": 5.5
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://arxiv.org/abs/1909.01785",
@@ -100,7 +157,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T16:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1549",
@@ -115,6 +174,19 @@
        "Title": "openssl: information disclosure in fork()",
        "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-330"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be",
@@ -122,7 +194,9 @@
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://support.f5.com/csp/article/K44070243",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-19T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1551",
@@ -135,10 +209,22 @@
        "SeveritySource": "nvd",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551",
        "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
-        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-200"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html",
          "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
@@ -150,7 +236,9 @@
          "https://www.debian.org/security/2019/dsa-4594",
          "https://www.openssl.org/news/secadv/20191206.txt",
          "https://www.tenable.com/security/tns-2019-09"
-        ]
+        ],
+        "PublishedDate": "2019-12-06T18:15:00Z",
+        "LastModifiedDate": "2019-12-25T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1563",
@@ -165,6 +253,19 @@
        "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
        "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 4.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 3.7
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563",
@@ -174,7 +275,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1547",
@@ -189,6 +292,19 @@
        "Title": "openssl: side-channel weak encryption vulnerability",
        "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 1.9
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+            "V3Score": 5.5
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://arxiv.org/abs/1909.01785",
@@ -199,7 +315,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T16:15:00Z"
      }
    ]
  }
--- a/integration/testdata/alpine-310.sarif.golden
+++ b/integration/testdata/alpine-310.sarif.golden
@@ -212,7 +212,7 @@
          "ruleIndex": 1,
          "level": "error",
          "message": {
-            "text": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t)."
+            "text": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t)."
          },
          "locations": [{
            "physicalLocation": {
@@ -292,7 +292,7 @@
          "ruleIndex": 5,
          "level": "error",
          "message": {
-            "text": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t)."
+            "text": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t)."
          },
          "locations": [{
            "physicalLocation": {
--- a/integration/testdata/alpine-39.json.golden
+++ b/integration/testdata/alpine-39.json.golden
@@ -16,6 +16,19 @@
        "Title": "openssl: information disclosure in fork()",
        "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-330"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be",
@@ -23,7 +36,9 @@
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://support.f5.com/csp/article/K44070243",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-19T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1551",
@@ -36,10 +51,22 @@
        "SeveritySource": "nvd",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551",
        "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
-        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-200"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html",
          "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
@@ -51,7 +78,9 @@
          "https://www.debian.org/security/2019/dsa-4594",
          "https://www.openssl.org/news/secadv/20191206.txt",
          "https://www.tenable.com/security/tns-2019-09"
-        ]
+        ],
+        "PublishedDate": "2019-12-06T18:15:00Z",
+        "LastModifiedDate": "2019-12-25T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1563",
@@ -66,6 +95,19 @@
        "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
        "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 4.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 3.7
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563",
@@ -75,7 +117,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1547",
@@ -90,6 +134,19 @@
        "Title": "openssl: side-channel weak encryption vulnerability",
        "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 1.9
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+            "V3Score": 5.5
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://arxiv.org/abs/1909.01785",
@@ -100,7 +157,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T16:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1549",
@@ -115,6 +174,19 @@
        "Title": "openssl: information disclosure in fork()",
        "Description": "OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-330"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be",
@@ -122,7 +194,9 @@
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://support.f5.com/csp/article/K44070243",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-19T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1551",
@@ -135,10 +209,22 @@
        "SeveritySource": "nvd",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551",
        "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
-        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-200"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html",
          "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
@@ -150,7 +236,9 @@
          "https://www.debian.org/security/2019/dsa-4594",
          "https://www.openssl.org/news/secadv/20191206.txt",
          "https://www.tenable.com/security/tns-2019-09"
-        ]
+        ],
+        "PublishedDate": "2019-12-06T18:15:00Z",
+        "LastModifiedDate": "2019-12-25T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1563",
@@ -165,6 +253,19 @@
        "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
        "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 4.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 3.7
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563",
@@ -174,7 +275,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1547",
@@ -189,6 +292,19 @@
        "Title": "openssl: side-channel weak encryption vulnerability",
        "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 1.9
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+            "V3Score": 5.5
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://arxiv.org/abs/1909.01785",
@@ -199,7 +315,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T16:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-14697",
@@ -212,12 +330,24 @@
        "SeveritySource": "nvd",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14697",
        "Description": "musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.",
-        "Severity": "HIGH",
+        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+            "V2Score": 7.5,
+            "V3Score": 9.8
+          }
+        },
        "References": [
          "http://www.openwall.com/lists/oss-security/2019/08/06/4",
-          "https://security.gentoo.org/glsa/202003-13",
          "https://www.openwall.com/lists/musl/2019/08/06/1"
-        ]
+        ],
+        "PublishedDate": "2019-08-06T16:15:00Z",
+        "LastModifiedDate": "2019-08-14T17:28:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-14697",
@@ -230,12 +360,24 @@
        "SeveritySource": "nvd",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14697",
        "Description": "musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.",
-        "Severity": "HIGH",
+        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+            "V2Score": 7.5,
+            "V3Score": 9.8
+          }
+        },
        "References": [
          "http://www.openwall.com/lists/oss-security/2019/08/06/4",
-          "https://security.gentoo.org/glsa/202003-13",
          "https://www.openwall.com/lists/musl/2019/08/06/1"
-        ]
+        ],
+        "PublishedDate": "2019-08-06T16:15:00Z",
+        "LastModifiedDate": "2019-08-14T17:28:00Z"
      }
    ]
  }
--- a/integration/testdata/amazon-1.json.golden
+++ b/integration/testdata/amazon-1.json.golden
--- a/integration/testdata/amazon-2.json.golden
+++ b/integration/testdata/amazon-2.json.golden
--- a/integration/testdata/centos-6.json.golden
+++ b/integration/testdata/centos-6.json.golden
--- a/integration/testdata/centos-7-ignore-unfixed.json.golden
+++ b/integration/testdata/centos-7-ignore-unfixed.json.golden
--- a/integration/testdata/centos-7-low-high.json.golden
+++ b/integration/testdata/centos-7-low-high.json.golden
--- a/integration/testdata/centos-7.json.golden
+++ b/integration/testdata/centos-7.json.golden
--- a/integration/testdata/debian-buster-ignore-unfixed.json.golden
+++ b/integration/testdata/debian-buster-ignore-unfixed.json.golden
@@ -16,14 +16,31 @@
        "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write",
        "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 6.4
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094",
          "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html",
          "https://seclists.org/bugtraq/2019/Sep/58",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887",
          "https://usn.ubuntu.com/4142-2/",
+          "https://usn.ubuntu.com/usn/usn-4142-1",
+          "https://usn.ubuntu.com/usn/usn-4142-2",
          "https://www.debian.org/security/2019/dsa-4535"
-        ]
+        ],
+        "PublishedDate": "2019-09-24T22:15:00Z",
+        "LastModifiedDate": "2019-09-28T03:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5188",
@@ -38,14 +55,30 @@
        "Title": "e2fsprogs: Out-of-bounds write in  e2fsck/rehash.c",
        "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973",
-          "https://usn.ubuntu.com/4249-1/"
-        ]
+          "https://usn.ubuntu.com/4249-1/",
+          "https://usn.ubuntu.com/usn/usn-4249-1"
+        ],
+        "PublishedDate": "2020-01-08T16:15:00Z",
+        "LastModifiedDate": "2020-01-28T06:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5094",
@@ -60,14 +93,31 @@
        "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write",
        "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 6.4
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094",
          "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html",
          "https://seclists.org/bugtraq/2019/Sep/58",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887",
          "https://usn.ubuntu.com/4142-2/",
+          "https://usn.ubuntu.com/usn/usn-4142-1",
+          "https://usn.ubuntu.com/usn/usn-4142-2",
          "https://www.debian.org/security/2019/dsa-4535"
-        ]
+        ],
+        "PublishedDate": "2019-09-24T22:15:00Z",
+        "LastModifiedDate": "2019-09-28T03:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5188",
@@ -82,14 +132,30 @@
        "Title": "e2fsprogs: Out-of-bounds write in  e2fsck/rehash.c",
        "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973",
-          "https://usn.ubuntu.com/4249-1/"
-        ]
+          "https://usn.ubuntu.com/4249-1/",
+          "https://usn.ubuntu.com/usn/usn-4249-1"
+        ],
+        "PublishedDate": "2020-01-08T16:15:00Z",
+        "LastModifiedDate": "2020-01-28T06:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5094",
@@ -104,14 +170,31 @@
        "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write",
        "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 6.4
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094",
          "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html",
          "https://seclists.org/bugtraq/2019/Sep/58",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887",
          "https://usn.ubuntu.com/4142-2/",
+          "https://usn.ubuntu.com/usn/usn-4142-1",
+          "https://usn.ubuntu.com/usn/usn-4142-2",
          "https://www.debian.org/security/2019/dsa-4535"
-        ]
+        ],
+        "PublishedDate": "2019-09-24T22:15:00Z",
+        "LastModifiedDate": "2019-09-28T03:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5188",
@@ -126,14 +209,30 @@
        "Title": "e2fsprogs: Out-of-bounds write in  e2fsck/rehash.c",
        "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973",
-          "https://usn.ubuntu.com/4249-1/"
-        ]
+          "https://usn.ubuntu.com/4249-1/",
+          "https://usn.ubuntu.com/usn/usn-4249-1"
+        ],
+        "PublishedDate": "2020-01-08T16:15:00Z",
+        "LastModifiedDate": "2020-01-28T06:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-18224",
@@ -148,6 +247,19 @@
        "Title": "libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c",
        "Description": "idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 5.6
+          }
+        },
        "References": [
          "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224",
@@ -155,8 +267,11 @@
          "https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/",
-          "https://usn.ubuntu.com/4168-1/"
-        ]
+          "https://usn.ubuntu.com/4168-1/",
+          "https://usn.ubuntu.com/usn/usn-4168-1"
+        ],
+        "PublishedDate": "2019-10-21T17:15:00Z",
+        "LastModifiedDate": "2019-10-29T19:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-17594",
@@ -171,13 +286,28 @@
        "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c",
        "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-125"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 5.3
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594",
          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html",
          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html"
-        ]
+        ],
+        "PublishedDate": "2019-10-14T21:15:00Z",
+        "LastModifiedDate": "2019-12-26T15:35:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-17595",
@@ -192,13 +322,28 @@
        "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c",
        "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-125"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
+            "V2Score": 5.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
+            "V3Score": 5.4
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595",
          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html",
          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html"
-        ]
+        ],
+        "PublishedDate": "2019-10-14T21:15:00Z",
+        "LastModifiedDate": "2019-12-23T19:26:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5094",
@@ -213,14 +358,31 @@
        "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write",
        "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 6.4
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094",
          "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html",
          "https://seclists.org/bugtraq/2019/Sep/58",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887",
          "https://usn.ubuntu.com/4142-2/",
+          "https://usn.ubuntu.com/usn/usn-4142-1",
+          "https://usn.ubuntu.com/usn/usn-4142-2",
          "https://www.debian.org/security/2019/dsa-4535"
-        ]
+        ],
+        "PublishedDate": "2019-09-24T22:15:00Z",
+        "LastModifiedDate": "2019-09-28T03:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5188",
@@ -235,14 +397,30 @@
        "Title": "e2fsprogs: Out-of-bounds write in  e2fsck/rehash.c",
        "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973",
-          "https://usn.ubuntu.com/4249-1/"
-        ]
+          "https://usn.ubuntu.com/4249-1/",
+          "https://usn.ubuntu.com/usn/usn-4249-1"
+        ],
+        "PublishedDate": "2020-01-08T16:15:00Z",
+        "LastModifiedDate": "2020-01-28T06:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-15718",
@@ -256,7 +434,22 @@
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15718",
        "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS",
        "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.",
-        "Severity": "LOW",
+        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-284"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
+            "V2Score": 2.1,
+            "V3Score": 5.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 5.3
+          }
+        },
        "References": [
          "http://linux.oracle.com/cve/CVE-2019-15718.html",
          "http://linux.oracle.com/errata/ELSA-2019-3592.html",
@@ -265,8 +458,11 @@
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/",
-          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/"
-        ]
+          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/",
+          "https://usn.ubuntu.com/usn/usn-4120-1"
+        ],
+        "PublishedDate": "2019-09-04T12:15:00Z",
+        "LastModifiedDate": "2019-09-19T04:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-17594",
@@ -281,13 +477,28 @@
        "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c",
        "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-125"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 5.3
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594",
          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html",
          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html"
-        ]
+        ],
+        "PublishedDate": "2019-10-14T21:15:00Z",
+        "LastModifiedDate": "2019-12-26T15:35:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-17595",
@@ -302,13 +513,28 @@
        "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c",
        "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-125"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
+            "V2Score": 5.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
+            "V3Score": 5.4
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595",
          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html",
          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html"
-        ]
+        ],
+        "PublishedDate": "2019-10-14T21:15:00Z",
+        "LastModifiedDate": "2019-12-23T19:26:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-15718",
@@ -322,7 +548,22 @@
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15718",
        "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS",
        "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.",
-        "Severity": "LOW",
+        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-284"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
+            "V2Score": 2.1,
+            "V3Score": 5.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 5.3
+          }
+        },
        "References": [
          "http://linux.oracle.com/cve/CVE-2019-15718.html",
          "http://linux.oracle.com/errata/ELSA-2019-3592.html",
@@ -331,8 +572,11 @@
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/",
-          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/"
-        ]
+          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/",
+          "https://usn.ubuntu.com/usn/usn-4120-1"
+        ],
+        "PublishedDate": "2019-09-04T12:15:00Z",
+        "LastModifiedDate": "2019-09-19T04:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-17594",
@@ -347,13 +591,28 @@
        "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c",
        "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-125"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 5.3
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594",
          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html",
          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html"
-        ]
+        ],
+        "PublishedDate": "2019-10-14T21:15:00Z",
+        "LastModifiedDate": "2019-12-26T15:35:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-17595",
@@ -368,13 +627,28 @@
        "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c",
        "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-125"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
+            "V2Score": 5.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
+            "V3Score": 5.4
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595",
          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html",
          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html"
-        ]
+        ],
+        "PublishedDate": "2019-10-14T21:15:00Z",
+        "LastModifiedDate": "2019-12-23T19:26:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-17594",
@@ -389,13 +663,28 @@
        "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c",
        "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-125"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 5.3
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594",
          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html",
          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html"
-        ]
+        ],
+        "PublishedDate": "2019-10-14T21:15:00Z",
+        "LastModifiedDate": "2019-12-26T15:35:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-17595",
@@ -410,13 +699,28 @@
        "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c",
        "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-125"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
+            "V2Score": 5.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
+            "V3Score": 5.4
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595",
          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html",
          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html"
-        ]
+        ],
+        "PublishedDate": "2019-10-14T21:15:00Z",
+        "LastModifiedDate": "2019-12-23T19:26:00Z"
      }
    ]
  }
--- a/integration/testdata/debian-buster.json.golden
+++ b/integration/testdata/debian-buster.json.golden
--- a/integration/testdata/debian-stretch.json.golden
+++ b/integration/testdata/debian-stretch.json.golden
--- a/integration/testdata/distroless-base-ignore-unfixed.json.golden
+++ b/integration/testdata/distroless-base-ignore-unfixed.json.golden
@@ -16,6 +16,19 @@
        "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
        "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 4.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 3.7
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563",
@@ -25,7 +38,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1563",
@@ -40,6 +55,19 @@
        "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
        "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 4.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 3.7
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563",
@@ -49,7 +77,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T11:15:00Z"
      }
    ]
  }
--- a/integration/testdata/distroless-base.json.golden
+++ b/integration/testdata/distroless-base.json.golden
@@ -3,34 +3,6 @@
    "Target": "testdata/fixtures/distroless-base.tar.gz (debian 9.9)",
    "Type": "debian",
    "Vulnerabilities": [
-      {
-        "VulnerabilityID": "CVE-2018-1000001",
-        "PkgName": "libc6",
-        "InstalledVersion": "2.24-11+deb9u4",
-        "Layer": {
-          "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5"
-        },
-        "SeveritySource": "nvd",
-        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000001",
-        "Title": "glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation",
-        "Description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.",
-        "Severity": "HIGH",
-        "References": [
-          "http://linux.oracle.com/cve/CVE-2018-1000001.html",
-          "http://linux.oracle.com/errata/ELSA-2018-0805.html",
-          "http://seclists.org/oss-sec/2018/q1/38",
-          "http://www.securityfocus.com/bid/102525",
-          "http://www.securitytracker.com/id/1040162",
-          "https://access.redhat.com/errata/RHSA-2018:0805",
-          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001",
-          "https://security.netapp.com/advisory/ntap-20190404-0003/",
-          "https://usn.ubuntu.com/3534-1/",
-          "https://usn.ubuntu.com/3536-1/",
-          "https://www.exploit-db.com/exploits/43775/",
-          "https://www.exploit-db.com/exploits/44889/",
-          "https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/"
-        ]
-      },
      {
        "VulnerabilityID": "CVE-2018-6485",
        "PkgName": "libc6",
@@ -42,7 +14,22 @@
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6485",
        "Title": "glibc: Integer overflow in posix_memalign in memalign functions",
        "Description": "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.",
-        "Severity": "HIGH",
+        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-190"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+            "V2Score": 7.5,
+            "V3Score": 9.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 5.3
+          }
+        },
        "References": [
          "http://bugs.debian.org/878159",
          "http://linux.oracle.com/cve/CVE-2018-6485.html",
@@ -54,8 +41,11 @@
          "https://security.netapp.com/advisory/ntap-20190404-0003/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=22343",
          "https://usn.ubuntu.com/4218-1/",
+          "https://usn.ubuntu.com/usn/usn-4218-1",
          "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
-        ]
+        ],
+        "PublishedDate": "2018-02-01T14:29:00Z",
+        "LastModifiedDate": "2019-12-10T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-6551",
@@ -68,13 +58,30 @@
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6551",
        "Title": "glibc: integer overflow in malloc functions",
        "Description": "The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.",
-        "Severity": "HIGH",
+        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-119"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+            "V2Score": 7.5,
+            "V3Score": 9.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 5.3
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6551",
          "https://security.netapp.com/advisory/ntap-20190404-0003/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=22774",
          "https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22"
-        ]
+        ],
+        "PublishedDate": "2018-02-02T14:29:00Z",
+        "LastModifiedDate": "2019-04-04T11:29:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-9169",
@@ -87,7 +94,22 @@
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9169",
        "Title": "glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read",
        "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.",
-        "Severity": "HIGH",
+        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-125"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+            "V2Score": 7.5,
+            "V3Score": 9.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
+            "V3Score": 6.5
+          }
+        },
        "References": [
          "http://www.securityfocus.com/bid/107160",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9169",
@@ -98,19 +120,9 @@
          "https://sourceware.org/bugzilla/show_bug.cgi?id=24114",
          "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9",
          "https://support.f5.com/csp/article/K54823184"
-        ]
-      },
-      {
-        "VulnerabilityID": "CVE-2020-1752",
-        "PkgName": "libc6",
-        "InstalledVersion": "2.24-11+deb9u4",
-        "Layer": {
-          "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5"
-        },
-        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1752",
-        "Title": "glibc: use-after-free in glob() function when expanding ~user",
-        "Description": "A use-after-free vulnerability was found in glibc in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution.",
-        "Severity": "HIGH"
+        ],
+        "PublishedDate": "2019-02-26T02:29:00Z",
+        "LastModifiedDate": "2019-04-16T05:29:00Z"
      },
      {
        "VulnerabilityID": "CVE-2009-5155",
@@ -123,7 +135,22 @@
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2009-5155",
        "Title": "glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect result",
        "Description": "In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.",
-        "Severity": "MEDIUM",
+        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-19"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V2Score": 5,
+            "V3Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "http://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=5513b40999149090987a0341c018d05d3eea1272",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5155",
@@ -135,7 +162,59 @@
          "https://sourceware.org/bugzilla/show_bug.cgi?id=18986",
          "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=eb04c21373e2a2885f3d52ff192b0499afe3c672",
          "https://support.f5.com/csp/article/K64119434"
-        ]
+        ],
+        "PublishedDate": "2019-02-26T02:29:00Z",
+        "LastModifiedDate": "2019-03-25T17:29:00Z"
+      },
+      {
+        "VulnerabilityID": "CVE-2018-1000001",
+        "PkgName": "libc6",
+        "InstalledVersion": "2.24-11+deb9u4",
+        "Layer": {
+          "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5"
+        },
+        "SeveritySource": "nvd",
+        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000001",
+        "Title": "glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation",
+        "Description": "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.",
+        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "V2Score": 7.2,
+            "V3Score": 7.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 7
+          }
+        },
+        "References": [
+          "http://linux.oracle.com/cve/CVE-2018-1000001.html",
+          "http://linux.oracle.com/errata/ELSA-2018-0805.html",
+          "http://seclists.org/oss-sec/2018/q1/38",
+          "http://www.openwall.com/lists/oss-security/2018/01/11/5",
+          "http://www.securityfocus.com/bid/102525",
+          "http://www.securitytracker.com/id/1040162",
+          "https://access.redhat.com/errata/RHSA-2018:0805",
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001",
+          "https://lists.samba.org/archive/rsync/2018-February/031478.html",
+          "https://security.netapp.com/advisory/ntap-20190404-0003/",
+          "https://sourceware.org/bugzilla/show_bug.cgi?id=18203",
+          "https://usn.ubuntu.com/3534-1/",
+          "https://usn.ubuntu.com/3536-1/",
+          "https://usn.ubuntu.com/usn/usn-3534-1",
+          "https://usn.ubuntu.com/usn/usn-3536-1",
+          "https://www.exploit-db.com/exploits/43775/",
+          "https://www.exploit-db.com/exploits/44889/",
+          "https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/"
+        ],
+        "PublishedDate": "2018-01-31T14:29:00Z",
+        "LastModifiedDate": "2019-10-03T00:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2016-10739",
@@ -149,6 +228,21 @@
        "Title": "glibc: getaddrinfo should reject IP addresses with trailing characters",
        "Description": "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-20"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+            "V2Score": 4.6,
+            "V3Score": 5.3
+          },
+          "redhat": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          }
+        },
        "References": [
          "http://linux.oracle.com/cve/CVE-2016-10739.html",
          "http://linux.oracle.com/errata/ELSA-2019-3513.html",
@@ -158,7 +252,9 @@
          "https://bugzilla.redhat.com/show_bug.cgi?id=1347549",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10739",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=20018"
-        ]
+        ],
+        "PublishedDate": "2019-01-21T19:29:00Z",
+        "LastModifiedDate": "2019-08-06T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-12132",
@@ -172,6 +268,21 @@
        "Title": "glibc: Fragmentation attacks possible when EDNS0 is enabled",
        "Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-770"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
+            "V2Score": 4.3,
+            "V3Score": 5.9
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N",
+            "V3Score": 3
+          }
+        },
        "References": [
          "http://linux.oracle.com/cve/CVE-2017-12132.html",
          "http://linux.oracle.com/errata/ELSA-2018-0805.html",
@@ -180,19 +291,9 @@
          "https://arxiv.org/pdf/1205.4011.pdf",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12132",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=21361"
-        ]
-      },
-      {
-        "VulnerabilityID": "CVE-2020-1751",
-        "PkgName": "libc6",
-        "InstalledVersion": "2.24-11+deb9u4",
-        "Layer": {
-          "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5"
-        },
-        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1751",
-        "Title": "glibc: array overflow in backtrace on powerpc",
-        "Description": "No description is available for this CVE.",
-        "Severity": "MEDIUM"
+        ],
+        "PublishedDate": "2017-08-01T16:29:00Z",
+        "LastModifiedDate": "2019-10-03T00:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2010-4051",
@@ -206,6 +307,16 @@
        "Title": "CVE-2010-4052 glibc: De-recursivise regular expression engine",
        "Description": "The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a \"RE_DUP_MAX overflow.\"",
        "Severity": "LOW",
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 2.1
+          }
+        },
        "References": [
          "http://cxib.net/stuff/proftpd.gnu.c",
          "http://seclists.org/fulldisclosure/2011/Jan/78",
@@ -218,7 +329,9 @@
          "http://www.securityfocus.com/archive/1/515589/100/0/threaded",
          "http://www.securityfocus.com/bid/45233",
          "https://bugzilla.redhat.com/show_bug.cgi?id=645859"
-        ]
+        ],
+        "PublishedDate": "2011-01-13T19:00:00Z",
+        "LastModifiedDate": "2018-10-10T20:06:00Z"
      },
      {
        "VulnerabilityID": "CVE-2010-4052",
@@ -232,6 +345,19 @@
        "Title": "CVE-2010-4051 CVE-2010-4052 glibc: De-recursivise regular expression engine",
        "Description": "Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-399"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 2.1
+          }
+        },
        "References": [
          "http://cxib.net/stuff/proftpd.gnu.c",
          "http://seclists.org/fulldisclosure/2011/Jan/78",
@@ -244,7 +370,9 @@
          "http://www.securityfocus.com/archive/1/515589/100/0/threaded",
          "http://www.securityfocus.com/bid/45233",
          "https://bugzilla.redhat.com/show_bug.cgi?id=645859"
-        ]
+        ],
+        "PublishedDate": "2011-01-13T19:00:00Z",
+        "LastModifiedDate": "2018-10-10T20:06:00Z"
      },
      {
        "VulnerabilityID": "CVE-2010-4756",
@@ -258,11 +386,26 @@
        "Title": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions",
        "Description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-399"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
+            "V2Score": 4
+          },
+          "redhat": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          }
+        },
        "References": [
          "http://cxib.net/stuff/glob-0day.c",
          "http://securityreason.com/achievement_securityalert/89",
          "http://securityreason.com/exploitalert/9223"
-        ]
+        ],
+        "PublishedDate": "2011-03-02T20:00:00Z",
+        "LastModifiedDate": "2011-03-04T05:00:00Z"
      },
      {
        "VulnerabilityID": "CVE-2015-8985",
@@ -276,13 +419,30 @@
        "Title": "glibc: potential denial of service in pop_fail_stack()",
        "Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-19"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V2Score": 4.3,
+            "V3Score": 5.9
+          },
+          "redhat": {
+            "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
+            "V2Score": 1.9
+          }
+        },
        "References": [
          "http://www.openwall.com/lists/oss-security/2017/02/14/9",
          "http://www.securityfocus.com/bid/76916",
          "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779392",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8985",
          "https://security.gentoo.org/glsa/201908-06"
-        ]
+        ],
+        "PublishedDate": "2017-03-20T16:59:00Z",
+        "LastModifiedDate": "2019-08-15T18:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2016-10228",
@@ -296,11 +456,29 @@
        "Title": "glibc: iconv program can hang when invoked with the -c option",
        "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-20"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V2Score": 4.3,
+            "V3Score": 5.9
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
+            "V3Score": 3.3
+          }
+        },
        "References": [
          "http://openwall.com/lists/oss-security/2017/03/01/10",
          "http://www.securityfocus.com/bid/96525",
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=19519"
-        ]
+        ],
+        "PublishedDate": "2017-03-02T01:59:00Z",
+        "LastModifiedDate": "2017-03-04T02:59:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-20796",
@@ -314,13 +492,31 @@
        "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c",
        "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-674"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V2Score": 5,
+            "V3Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+            "V3Score": 5.3
+          }
+        },
        "References": [
          "http://www.securityfocus.com/bid/107160",
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796",
          "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141",
          "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html",
          "https://security.netapp.com/advisory/ntap-20190315-0002/",
          "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS"
-        ]
+        ],
+        "PublishedDate": "2019-02-26T02:29:00Z",
+        "LastModifiedDate": "2019-11-05T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1010022",
@@ -334,9 +530,26 @@
        "Title": "glibc: stack guard protection bypass",
        "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-119"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+            "V2Score": 7.5,
+            "V3Score": 9.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 8.1
+          }
+        },
        "References": [
          "https://sourceware.org/bugzilla/show_bug.cgi?id=22850"
-        ]
+        ],
+        "PublishedDate": "2019-07-15T04:15:00Z",
+        "LastModifiedDate": "2019-07-18T15:44:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1010023",
@@ -350,11 +563,28 @@
        "Title": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation",
        "Description": "GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-264"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+            "V2Score": 6.8,
+            "V3Score": 8.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+            "V3Score": 7.8
+          }
+        },
        "References": [
          "http://www.securityfocus.com/bid/109167",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=22851",
          "https://support.f5.com/csp/article/K11932200?utm_source=f5support\u0026amp;utm_medium=RSS"
-        ]
+        ],
+        "PublishedDate": "2019-07-15T04:15:00Z",
+        "LastModifiedDate": "2019-10-09T20:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1010024",
@@ -368,11 +598,28 @@
        "Title": "glibc: ASLR bypass using cache of thread stack and heap",
        "Description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-200"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V2Score": 5,
+            "V3Score": 5.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 5.3
+          }
+        },
        "References": [
          "http://www.securityfocus.com/bid/109162",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=22852",
          "https://support.f5.com/csp/article/K06046097"
-        ]
+        ],
+        "PublishedDate": "2019-07-15T04:15:00Z",
+        "LastModifiedDate": "2019-09-20T07:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1010025",
@@ -386,9 +633,26 @@
        "Title": "glibc: information disclosure of heap addresses of pthread_created thread",
        "Description": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\"",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-200"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V2Score": 5,
+            "V3Score": 5.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 2.9
+          }
+        },
        "References": [
          "https://sourceware.org/bugzilla/show_bug.cgi?id=22853"
-        ]
+        ],
+        "PublishedDate": "2019-07-15T04:15:00Z",
+        "LastModifiedDate": "2019-08-05T22:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19126",
@@ -402,10 +666,25 @@
        "Title": "glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries",
        "Description": "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-200"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 2.1
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 2.9
+          }
+        },
        "References": [
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=25204"
-        ]
+        ],
+        "PublishedDate": "2019-11-19T22:15:00Z",
+        "LastModifiedDate": "2020-01-21T01:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-6488",
@@ -419,11 +698,28 @@
        "Title": "glibc: Incorrect attempt to use a 64-bit register for size_t in assembly codes results in segmentation fault",
        "Description": "The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-404"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "V2Score": 4.6,
+            "V3Score": 7.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+            "V3Score": 5.5
+          }
+        },
        "References": [
          "http://www.securityfocus.com/bid/106671",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6488",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=24097"
-        ]
+        ],
+        "PublishedDate": "2019-01-18T19:29:00Z",
+        "LastModifiedDate": "2019-02-05T17:30:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-7309",
@@ -437,12 +733,30 @@
        "Title": "glibc: memcmp function incorrectly returns zero",
        "Description": "In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-119"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+            "V2Score": 2.1,
+            "V3Score": 5.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
+            "V3Score": 3.3
+          }
+        },
        "References": [
          "http://www.securityfocus.com/bid/106835",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7309",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=24155",
-          "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html"
-        ]
+          "https://sourceware.org/ml/libc-alpha/2019-02/msg00041.html",
+          "https://sourceware.org/ml/libc-alpha/2019-02/msg00063.html"
+        ],
+        "PublishedDate": "2019-02-03T02:29:00Z",
+        "LastModifiedDate": "2019-02-27T18:07:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-9192",
@@ -456,28 +770,28 @@
        "Title": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c",
        "Description": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-399"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V2Score": 5,
+            "V3Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
+            "V3Score": 2.8
+          }
+        },
        "References": [
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=24269",
          "https://support.f5.com/csp/article/K26346590?utm_source=f5support\u0026amp;utm_medium=RSS"
-        ]
-      },
-      {
-        "VulnerabilityID": "CVE-2020-10029",
-        "PkgName": "libc6",
-        "InstalledVersion": "2.24-11+deb9u4",
-        "Layer": {
-          "DiffID": "sha256:dffd9992ca398466a663c87c92cfea2a2db0ae0cf33fcb99da60eec52addbfc5"
-        },
-        "SeveritySource": "nvd",
-        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-10029",
-        "Title": "glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions",
-        "Description": "The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.",
-        "Severity": "LOW",
-        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00033.html",
-          "https://sourceware.org/bugzilla/show_bug.cgi?id=25487",
-          "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=9333498794cde1d5cca518badf79533a24114b6f"
-        ]
+        ],
+        "PublishedDate": "2019-02-26T18:29:00Z",
+        "LastModifiedDate": "2019-11-05T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1563",
@@ -492,6 +806,19 @@
        "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
        "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 4.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 3.7
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563",
@@ -501,7 +828,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2007-6755",
@@ -515,6 +844,19 @@
        "Title": "Dual_EC_DRBG: weak pseudo random number generator",
        "Description": "The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \"skeleton key\" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values.  NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-310"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
+            "V2Score": 5.8
+          },
+          "redhat": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
+            "V2Score": 5.8
+          }
+        },
        "References": [
          "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/",
          "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html",
@@ -524,7 +866,9 @@
          "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect",
          "http://www.securityfocus.com/bid/63657",
          "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html"
-        ]
+        ],
+        "PublishedDate": "2013-10-11T22:55:00Z",
+        "LastModifiedDate": "2016-11-28T19:07:00Z"
      },
      {
        "VulnerabilityID": "CVE-2010-0928",
@@ -538,6 +882,15 @@
        "Title": "openssl: RSA authentication weakness",
        "Description": "OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \"fault-based attack.\"",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-310"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:H/Au:N/C:C/I:N/A:N",
+            "V2Score": 4
+          }
+        },
        "References": [
          "http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/",
          "http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf",
@@ -545,7 +898,9 @@
          "http://www.osvdb.org/62808",
          "http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/",
          "https://exchange.xforce.ibmcloud.com/vulnerabilities/56750"
-        ]
+        ],
+        "PublishedDate": "2010-03-05T19:30:00Z",
+        "LastModifiedDate": "2017-08-17T01:32:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1551",
@@ -557,10 +912,22 @@
        "SeveritySource": "debian",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551",
        "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
-        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-200"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html",
          "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
@@ -572,7 +939,9 @@
          "https://www.debian.org/security/2019/dsa-4594",
          "https://www.openssl.org/news/secadv/20191206.txt",
          "https://www.tenable.com/security/tns-2019-09"
-        ]
+        ],
+        "PublishedDate": "2019-12-06T18:15:00Z",
+        "LastModifiedDate": "2019-12-25T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1563",
@@ -587,6 +956,19 @@
        "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
        "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 4.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 3.7
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563",
@@ -596,7 +978,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2007-6755",
@@ -610,6 +994,19 @@
        "Title": "Dual_EC_DRBG: weak pseudo random number generator",
        "Description": "The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \"skeleton key\" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values.  NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-310"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
+            "V2Score": 5.8
+          },
+          "redhat": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
+            "V2Score": 5.8
+          }
+        },
        "References": [
          "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/",
          "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html",
@@ -619,7 +1016,9 @@
          "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect",
          "http://www.securityfocus.com/bid/63657",
          "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html"
-        ]
+        ],
+        "PublishedDate": "2013-10-11T22:55:00Z",
+        "LastModifiedDate": "2016-11-28T19:07:00Z"
      },
      {
        "VulnerabilityID": "CVE-2010-0928",
@@ -633,6 +1032,15 @@
        "Title": "openssl: RSA authentication weakness",
        "Description": "OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \"fault-based attack.\"",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-310"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:H/Au:N/C:C/I:N/A:N",
+            "V2Score": 4
+          }
+        },
        "References": [
          "http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/",
          "http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf",
@@ -640,7 +1048,9 @@
          "http://www.osvdb.org/62808",
          "http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/",
          "https://exchange.xforce.ibmcloud.com/vulnerabilities/56750"
-        ]
+        ],
+        "PublishedDate": "2010-03-05T19:30:00Z",
+        "LastModifiedDate": "2017-08-17T01:32:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1551",
@@ -652,10 +1062,22 @@
        "SeveritySource": "debian",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551",
        "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
-        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-200"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html",
          "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
@@ -667,7 +1089,9 @@
          "https://www.debian.org/security/2019/dsa-4594",
          "https://www.openssl.org/news/secadv/20191206.txt",
          "https://www.tenable.com/security/tns-2019-09"
-        ]
+        ],
+        "PublishedDate": "2019-12-06T18:15:00Z",
+        "LastModifiedDate": "2019-12-25T11:15:00Z"
      }
    ]
  }
--- a/integration/testdata/distroless-python27.json.golden
+++ b/integration/testdata/distroless-python27.json.golden
--- a/integration/testdata/fluentd-multiple-lockfiles.json.golden
+++ b/integration/testdata/fluentd-multiple-lockfiles.json.golden
@@ -16,14 +16,30 @@
        "Title": "e2fsprogs: Out-of-bounds write in  e2fsck/rehash.c",
        "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973",
-          "https://usn.ubuntu.com/4249-1/"
-        ]
+          "https://usn.ubuntu.com/4249-1/",
+          "https://usn.ubuntu.com/usn/usn-4249-1"
+        ],
+        "PublishedDate": "2020-01-08T16:15:00Z",
+        "LastModifiedDate": "2020-01-28T06:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5188",
@@ -38,14 +54,30 @@
        "Title": "e2fsprogs: Out-of-bounds write in  e2fsck/rehash.c",
        "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973",
-          "https://usn.ubuntu.com/4249-1/"
-        ]
+          "https://usn.ubuntu.com/4249-1/",
+          "https://usn.ubuntu.com/usn/usn-4249-1"
+        ],
+        "PublishedDate": "2020-01-08T16:15:00Z",
+        "LastModifiedDate": "2020-01-28T06:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5188",
@@ -60,14 +92,30 @@
        "Title": "e2fsprogs: Out-of-bounds write in  e2fsck/rehash.c",
        "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973",
-          "https://usn.ubuntu.com/4249-1/"
-        ]
+          "https://usn.ubuntu.com/4249-1/",
+          "https://usn.ubuntu.com/usn/usn-4249-1"
+        ],
+        "PublishedDate": "2020-01-08T16:15:00Z",
+        "LastModifiedDate": "2020-01-28T06:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-18224",
@@ -82,6 +130,19 @@
        "Title": "libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c",
        "Description": "idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 5.6
+          }
+        },
        "References": [
          "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224",
@@ -89,8 +150,11 @@
          "https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/",
-          "https://usn.ubuntu.com/4168-1/"
-        ]
+          "https://usn.ubuntu.com/4168-1/",
+          "https://usn.ubuntu.com/usn/usn-4168-1"
+        ],
+        "PublishedDate": "2019-10-21T17:15:00Z",
+        "LastModifiedDate": "2019-10-29T19:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5188",
@@ -105,14 +169,30 @@
        "Title": "e2fsprogs: Out-of-bounds write in  e2fsck/rehash.c",
        "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973",
-          "https://usn.ubuntu.com/4249-1/"
-        ]
+          "https://usn.ubuntu.com/4249-1/",
+          "https://usn.ubuntu.com/usn/usn-4249-1"
+        ],
+        "PublishedDate": "2020-01-08T16:15:00Z",
+        "LastModifiedDate": "2020-01-28T06:15:00Z"
      }
    ]
  }
--- a/integration/testdata/opensuse-leap-151.json.golden
+++ b/integration/testdata/opensuse-leap-151.json.golden
@@ -19,22 +19,6 @@
          "https://www.suse.com/support/security/rating/"
        ]
      },
-      {
-        "VulnerabilityID": "openSUSE-SU-2020:0381-1",
-        "PkgName": "glibc",
-        "InstalledVersion": "2.26-lp151.18.7",
-        "FixedVersion": "2.26-lp151.19.3.1",
-        "Layer": {
-          "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff"
-        },
-        "Title": "Security update for glibc",
-        "Description": "This update for glibc fixes the following issues:\n\n- CVE-2020-10029: Fixed a potential overflow in  on-stack buffer \n  during range reduction (bsc#1165784).\t  \n- Fixed an issue where pthread were not always locked correctly (bsc#1164505).\n- Document mprotect and introduce section on memory protection (bsc#1163184).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
-        "Severity": "LOW",
-        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00033.html",
-          "https://www.suse.com/support/security/rating/"
-        ]
-      },
      {
        "VulnerabilityID": "openSUSE-SU-2020:0166-1",
        "PkgName": "libcom_err2",
@@ -99,22 +83,6 @@
          "https://www.suse.com/support/security/rating/"
        ]
      },
-      {
-        "VulnerabilityID": "openSUSE-SU-2020:0379-1",
-        "PkgName": "libnghttp2-14",
-        "InstalledVersion": "1.39.2-lp151.3.3.1",
-        "FixedVersion": "1.40.0-lp151.3.6.1",
-        "Layer": {
-          "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff"
-        },
-        "Title": "Security update for nghttp2",
-        "Description": "This update for nghttp2 fixes the following issues:\n\nnghttp2 was update to version 1.40.0 (bsc#1166481)\n\n- lib: Add nghttp2_check_authority as public API\n- lib: Fix the bug that stream is closed with wrong error code\n- lib: Faster huffman encoding and decoding\n- build: Avoid filename collision of static and dynamic lib\n- build: Add new flag ENABLE_STATIC_CRT for Windows\n- build: cmake: Support building nghttpx with systemd\n- third-party: Update neverbleed to fix memory leak\n- nghttpx: Fix bug that mruby is incorrectly shared between backends\n- nghttpx: Reconnect h1 backend if it lost connection before sending headers\n- nghttpx: Returns 408 if backend timed out before sending headers\n- nghttpx: Fix request stal\n\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
-        "Severity": "HIGH",
-        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html",
-          "https://www.suse.com/support/security/rating/"
-        ]
-      },
      {
        "VulnerabilityID": "openSUSE-SU-2020:0062-1",
        "PkgName": "libopenssl1_1",
@@ -291,22 +259,6 @@
          "https://www.suse.com/support/security/rating/"
        ]
      },
-      {
-        "VulnerabilityID": "openSUSE-SU-2020:0302-1",
-        "PkgName": "permissions",
-        "InstalledVersion": "20181116-lp151.4.6.1",
-        "FixedVersion": "20181116-lp151.4.12.1",
-        "Layer": {
-          "DiffID": "sha256:f7f9ae80878a1c56d8f9ca977a5d844168f7afc0c1429feef9366e713eac06ff"
-        },
-        "Title": "Security update for permissions",
-        "Description": "This update for permissions fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-3687: Fixed a privilege escalation which could allow a local user to read network traffic if wireshark is installed (bsc#1148788)\n- CVE-2020-8013: Fixed an issue where chkstat set unintended setuid/capabilities for mrsh and wodim (bsc#1163922).\n\nNon-security issues fixed:\n\n- Fixed a regression where chkstat breaks without /proc available (bsc#1160764, bsc#1160594).\n- Fixed capability handling when doing multiple permission changes at once (bsc#1161779).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
-        "Severity": "MEDIUM",
-        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00010.html",
-          "https://www.suse.com/support/security/rating/"
-        ]
-      },
      {
        "VulnerabilityID": "openSUSE-SU-2019:2551-1",
        "PkgName": "terminfo-base",
--- a/integration/testdata/oraclelinux-6-slim.json.golden
+++ b/integration/testdata/oraclelinux-6-slim.json.golden
@@ -4,52 +4,57 @@
    "Type": "oracle",
    "Vulnerabilities": [
      {
-        "VulnerabilityID": "CVE-2019-5482",
-        "PkgName": "curl",
-        "InstalledVersion": "7.19.7-53.0.2.el6_9",
-        "FixedVersion": "7.19.7-54.0.2.el6_10",
+        "VulnerabilityID": "CVE-2019-3862",
+        "PkgName": "libssh2",
+        "InstalledVersion": "1.4.2-2.el6_7.1",
+        "FixedVersion": "1.4.2-2.0.1.el6_7.1",
        "Layer": {
          "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08"
        },
        "SeveritySource": "nvd",
-        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482",
-        "Title": "curl: heap buffer overflow in function tftp_receive_packet()",
-        "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.",
-        "Severity": "HIGH",
-        "References": [
-          "http://linux.oracle.com/cve/CVE-2019-5482.html",
-          "http://linux.oracle.com/errata/ELSA-2020-5562.html",
-          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html",
-          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html",
-          "https://curl.haxx.se/docs/CVE-2019-5482.html",
-          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482",
-          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/",
-          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"
-        ]
-      },
-      {
-        "VulnerabilityID": "CVE-2019-5482",
-        "PkgName": "libcurl",
-        "InstalledVersion": "7.19.7-53.0.2.el6_9",
-        "FixedVersion": "7.19.7-54.0.2.el6_10",
-        "Layer": {
-          "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08"
+        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3862",
+        "Title": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request",
+        "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",
+        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-125"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
+            "V2Score": 6.4,
+            "V3Score": 9.1
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 7.3
+          }
        },
-        "SeveritySource": "nvd",
-        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-5482",
-        "Title": "curl: heap buffer overflow in function tftp_receive_packet()",
-        "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.",
-        "Severity": "HIGH",
        "References": [
-          "http://linux.oracle.com/cve/CVE-2019-5482.html",
-          "http://linux.oracle.com/errata/ELSA-2020-5562.html",
-          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html",
-          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html",
-          "https://curl.haxx.se/docs/CVE-2019-5482.html",
-          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482",
-          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/",
-          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"
-        ]
+          "http://linux.oracle.com/cve/CVE-2019-3862.html",
+          "http://linux.oracle.com/errata/ELSA-2019-4693.html",
+          "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html",
+          "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html",
+          "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html",
+          "http://www.openwall.com/lists/oss-security/2019/03/18/3",
+          "http://www.securityfocus.com/bid/107485",
+          "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862",
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862",
+          "https://github.com/libssh2/libssh2/pull/316",
+          "https://libssh2.org/CVE-2019-3862.html",
+          "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html",
+          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/",
+          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/",
+          "https://seclists.org/bugtraq/2019/Apr/25",
+          "https://seclists.org/bugtraq/2019/Mar/25",
+          "https://security.netapp.com/advisory/ntap-20190327-0005/",
+          "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767",
+          "https://www.debian.org/security/2019/dsa-4431",
+          "https://www.libssh2.org/CVE-2019-3862.html"
+        ],
+        "PublishedDate": "2019-03-21T16:01:00Z",
+        "LastModifiedDate": "2019-04-15T12:31:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-3855",
@@ -64,6 +69,21 @@
        "Title": "libssh2: Integer overflow in transport read resulting in out of bounds write",
        "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-190"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+            "V2Score": 9.3,
+            "V3Score": 8.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "http://linux.oracle.com/cve/CVE-2019-3855.html",
          "http://linux.oracle.com/errata/ELSA-2019-1652.html",
@@ -76,6 +96,7 @@
          "https://access.redhat.com/errata/RHSA-2019:1175",
          "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3855",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855",
+          "https://github.com/libssh2/libssh2/pull/315",
          "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/",
@@ -85,7 +106,9 @@
          "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767",
          "https://www.debian.org/security/2019/dsa-4431",
          "https://www.libssh2.org/CVE-2019-3855.html"
-        ]
+        ],
+        "PublishedDate": "2019-03-21T21:29:00Z",
+        "LastModifiedDate": "2019-05-14T21:29:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-3856",
@@ -99,7 +122,22 @@
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3856",
        "Title": "libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write",
        "Description": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.",
-        "Severity": "MEDIUM",
+        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-190"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+            "V2Score": 6.8,
+            "V3Score": 8.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "http://linux.oracle.com/cve/CVE-2019-3856.html",
          "http://linux.oracle.com/errata/ELSA-2019-1652.html",
@@ -109,13 +147,16 @@
          "https://access.redhat.com/errata/RHSA-2019:1175",
          "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856",
+          "https://github.com/libssh2/libssh2/pull/315",
          "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/",
          "https://seclists.org/bugtraq/2019/Apr/25",
          "https://security.netapp.com/advisory/ntap-20190327-0005/",
          "https://www.debian.org/security/2019/dsa-4431",
          "https://www.libssh2.org/CVE-2019-3856.html"
-        ]
+        ],
+        "PublishedDate": "2019-03-25T19:29:00Z",
+        "LastModifiedDate": "2019-05-14T21:29:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-3857",
@@ -129,7 +170,22 @@
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3857",
        "Title": "libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write",
        "Description": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.",
-        "Severity": "MEDIUM",
+        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-190"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+            "V2Score": 6.8,
+            "V3Score": 8.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "http://linux.oracle.com/cve/CVE-2019-3857.html",
          "http://linux.oracle.com/errata/ELSA-2019-1652.html",
@@ -139,47 +195,16 @@
          "https://access.redhat.com/errata/RHSA-2019:1175",
          "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3857",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857",
+          "https://github.com/libssh2/libssh2/pull/315",
          "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/",
          "https://seclists.org/bugtraq/2019/Apr/25",
          "https://security.netapp.com/advisory/ntap-20190327-0005/",
          "https://www.debian.org/security/2019/dsa-4431",
          "https://www.libssh2.org/CVE-2019-3857.html"
-        ]
-      },
-      {
-        "VulnerabilityID": "CVE-2019-3862",
-        "PkgName": "libssh2",
-        "InstalledVersion": "1.4.2-2.el6_7.1",
-        "FixedVersion": "1.4.2-2.0.1.el6_7.1",
-        "Layer": {
-          "DiffID": "sha256:a6f189f69066d36aff8efe2602482d28c02de433aef44ee9087b291df7e8fd08"
-        },
-        "SeveritySource": "nvd",
-        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3862",
-        "Title": "libssh2: Out-of-bounds memory comparison with specially crafted message channel request",
-        "Description": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",
-        "Severity": "MEDIUM",
-        "References": [
-          "http://linux.oracle.com/cve/CVE-2019-3862.html",
-          "http://linux.oracle.com/errata/ELSA-2019-4693.html",
-          "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html",
-          "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html",
-          "http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html",
-          "http://www.openwall.com/lists/oss-security/2019/03/18/3",
-          "http://www.securityfocus.com/bid/107485",
-          "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3862",
-          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862",
-          "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html",
-          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/",
-          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/",
-          "https://seclists.org/bugtraq/2019/Apr/25",
-          "https://seclists.org/bugtraq/2019/Mar/25",
-          "https://security.netapp.com/advisory/ntap-20190327-0005/",
-          "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767",
-          "https://www.debian.org/security/2019/dsa-4431",
-          "https://www.libssh2.org/CVE-2019-3862.html"
-        ]
+        ],
+        "PublishedDate": "2019-03-25T19:29:00Z",
+        "LastModifiedDate": "2019-05-14T21:29:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-3863",
@@ -193,7 +218,22 @@
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-3863",
        "Title": "libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes",
        "Description": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.",
-        "Severity": "MEDIUM",
+        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+            "V2Score": 6.8,
+            "V3Score": 8.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "http://linux.oracle.com/cve/CVE-2019-3863.html",
          "http://linux.oracle.com/errata/ELSA-2019-1652.html",
@@ -203,13 +243,16 @@
          "https://access.redhat.com/errata/RHSA-2019:1175",
          "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3863",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863",
+          "https://github.com/libssh2/libssh2/pull/315",
          "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/",
          "https://seclists.org/bugtraq/2019/Apr/25",
          "https://security.netapp.com/advisory/ntap-20190327-0005/",
          "https://www.debian.org/security/2019/dsa-4431",
          "https://www.libssh2.org/CVE-2019-3863.html"
-        ]
+        ],
+        "PublishedDate": "2019-03-25T18:29:00Z",
+        "LastModifiedDate": "2019-05-14T21:29:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-11745",
@@ -224,6 +267,19 @@
        "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate",
        "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
+            "V2Score": 6.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 8.1
+          }
+        },
        "References": [
          "http://linux.oracle.com/cve/CVE-2019-11745.html",
          "http://linux.oracle.com/errata/ELSA-2019-4190.html",
@@ -235,10 +291,18 @@
          "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes",
          "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes",
          "https://usn.ubuntu.com/4241-1/",
+          "https://usn.ubuntu.com/usn/usn-4203-1",
+          "https://usn.ubuntu.com/usn/usn-4203-2",
+          "https://usn.ubuntu.com/usn/usn-4216-1",
+          "https://usn.ubuntu.com/usn/usn-4216-2",
+          "https://usn.ubuntu.com/usn/usn-4241-1",
+          "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745",
          "https://www.mozilla.org/security/advisories/mfsa2019-36/",
          "https://www.mozilla.org/security/advisories/mfsa2019-37/",
          "https://www.mozilla.org/security/advisories/mfsa2019-38/"
-        ]
+        ],
+        "PublishedDate": "2020-01-08T20:15:00Z",
+        "LastModifiedDate": "2020-01-16T19:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-11745",
@@ -253,6 +317,19 @@
        "Title": "nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate",
        "Description": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
+            "V2Score": 6.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 8.1
+          }
+        },
        "References": [
          "http://linux.oracle.com/cve/CVE-2019-11745.html",
          "http://linux.oracle.com/errata/ELSA-2019-4190.html",
@@ -264,10 +341,18 @@
          "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes",
          "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes",
          "https://usn.ubuntu.com/4241-1/",
+          "https://usn.ubuntu.com/usn/usn-4203-1",
+          "https://usn.ubuntu.com/usn/usn-4203-2",
+          "https://usn.ubuntu.com/usn/usn-4216-1",
+          "https://usn.ubuntu.com/usn/usn-4216-2",
+          "https://usn.ubuntu.com/usn/usn-4241-1",
+          "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-11745",
          "https://www.mozilla.org/security/advisories/mfsa2019-36/",
          "https://www.mozilla.org/security/advisories/mfsa2019-37/",
          "https://www.mozilla.org/security/advisories/mfsa2019-38/"
-        ]
+        ],
+        "PublishedDate": "2020-01-08T20:15:00Z",
+        "LastModifiedDate": "2020-01-16T19:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1559",
@@ -282,6 +367,21 @@
        "Title": "openssl: 0-byte record padding oracle",
        "Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-200"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
+            "V2Score": 4.3,
+            "V3Score": 5.9
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
+            "V3Score": 6.8
+          }
+        },
        "References": [
          "http://linux.oracle.com/cve/CVE-2019-1559.html",
          "http://linux.oracle.com/errata/ELSA-2019-2471.html",
@@ -302,12 +402,15 @@
          "https://security.netapp.com/advisory/ntap-20190423-0002/",
          "https://support.f5.com/csp/article/K18549143",
          "https://usn.ubuntu.com/3899-1/",
+          "https://usn.ubuntu.com/usn/usn-3899-1",
          "https://www.debian.org/security/2019/dsa-4400",
          "https://www.openssl.org/news/secadv/20190226.txt",
          "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
          "https://www.tenable.com/security/tns-2019-02",
          "https://www.tenable.com/security/tns-2019-03"
-        ]
+        ],
+        "PublishedDate": "2019-02-27T23:29:00Z",
+        "LastModifiedDate": "2019-05-22T00:29:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-20852",
@@ -322,6 +425,21 @@
        "Title": "python: Cookie domain check returns incorrect results",
        "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-20"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V2Score": 5,
+            "V3Score": 5.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 5.3
+          }
+        },
        "References": [
          "http://linux.oracle.com/cve/CVE-2018-20852.html",
          "http://linux.oracle.com/errata/ELSA-2019-4884.html",
@@ -330,8 +448,12 @@
          "https://bugs.python.org/issue35121",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852",
          "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html",
-          "https://python-security.readthedocs.io/vuln/cookie-domain-check.html"
-        ]
+          "https://python-security.readthedocs.io/vuln/cookie-domain-check.html",
+          "https://usn.ubuntu.com/usn/usn-4127-1",
+          "https://usn.ubuntu.com/usn/usn-4127-2"
+        ],
+        "PublishedDate": "2019-07-13T21:15:00Z",
+        "LastModifiedDate": "2019-08-17T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-20852",
@@ -346,6 +468,21 @@
        "Title": "python: Cookie domain check returns incorrect results",
        "Description": "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-20"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V2Score": 5,
+            "V3Score": 5.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 5.3
+          }
+        },
        "References": [
          "http://linux.oracle.com/cve/CVE-2018-20852.html",
          "http://linux.oracle.com/errata/ELSA-2019-4884.html",
@@ -354,8 +491,12 @@
          "https://bugs.python.org/issue35121",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852",
          "https://lists.debian.org/debian-lts-announce/2019/08/msg00022.html",
-          "https://python-security.readthedocs.io/vuln/cookie-domain-check.html"
-        ]
+          "https://python-security.readthedocs.io/vuln/cookie-domain-check.html",
+          "https://usn.ubuntu.com/usn/usn-4127-1",
+          "https://usn.ubuntu.com/usn/usn-4127-2"
+        ],
+        "PublishedDate": "2019-07-13T21:15:00Z",
+        "LastModifiedDate": "2019-08-17T21:15:00Z"
      }
    ]
  }
--- a/integration/testdata/oraclelinux-7-slim.json.golden
+++ b/integration/testdata/oraclelinux-7-slim.json.golden
--- a/integration/testdata/oraclelinux-8-slim.json.golden
+++ b/integration/testdata/oraclelinux-8-slim.json.golden
--- a/integration/testdata/photon-10.json.golden
+++ b/integration/testdata/photon-10.json.golden
@@ -16,11 +16,27 @@
        "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped",
        "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.",
        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-273"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
+            "V2Score": 7.2
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 7.8
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html",
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276",
          "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff",
          "https://www.youtube.com/watch?v=-wGtxJ8opa8"
-        ]
+        ],
+        "PublishedDate": "2019-11-28T01:15:00Z",
+        "LastModifiedDate": "2020-01-22T14:27:00Z"
      },
      {
        "VulnerabilityID": "CVE-2012-6711",
@@ -35,12 +51,29 @@
        "Title": "bash: heap-based buffer overflow during echo of unsupported characters",
        "Description": "A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the \"echo -e\" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-119"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "V2Score": 4.6,
+            "V3Score": 7.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 7
+          }
+        },
        "References": [
          "http://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel\u0026id=863d31ae775d56b785dc5b0105b6d251515d81d5",
          "http://www.securityfocus.com/bid/108824",
          "https://bugzilla.redhat.com/show_bug.cgi?id=1721071",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6711"
-        ]
+        ],
+        "PublishedDate": "2019-06-18T18:15:00Z",
+        "LastModifiedDate": "2019-06-20T09:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5481",
@@ -55,14 +88,30 @@
        "Title": "curl: double free due to subsequent call of realloc()",
        "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.",
        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-415"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
+            "V3Score": 5.7
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html",
          "https://curl.haxx.se/docs/CVE-2019-5481.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/",
-          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"
-        ]
+          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/",
+          "https://usn.ubuntu.com/usn/usn-4129-1"
+        ],
+        "PublishedDate": "2019-09-16T19:15:00Z",
+        "LastModifiedDate": "2019-09-18T00:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5482",
@@ -77,16 +126,31 @@
        "Title": "curl: heap buffer overflow in function tftp_receive_packet()",
        "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.",
        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-120"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 6.3
+          }
+        },
        "References": [
-          "http://linux.oracle.com/cve/CVE-2019-5482.html",
-          "http://linux.oracle.com/errata/ELSA-2020-5562.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html",
          "https://curl.haxx.se/docs/CVE-2019-5482.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/",
-          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"
-        ]
+          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/",
+          "https://usn.ubuntu.com/usn/usn-4129-1",
+          "https://usn.ubuntu.com/usn/usn-4129-2"
+        ],
+        "PublishedDate": "2019-09-16T19:15:00Z",
+        "LastModifiedDate": "2019-09-18T00:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-18218",
@@ -101,6 +165,19 @@
        "Title": "file: heap-based buffer overflow in cdf_read_property_info in cdf.c",
        "Description": "cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).",
        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 7.8
+          }
+        },
        "References": [
          "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218",
@@ -110,8 +187,12 @@
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VBK6XOJR6OVWT2FUEBO7V7KCOSSLAP52/",
          "https://usn.ubuntu.com/4172-1/",
          "https://usn.ubuntu.com/4172-2/",
+          "https://usn.ubuntu.com/usn/usn-4172-1",
+          "https://usn.ubuntu.com/usn/usn-4172-2",
          "https://www.debian.org/security/2019/dsa-4550"
-        ]
+        ],
+        "PublishedDate": "2019-10-21T05:15:00Z",
+        "LastModifiedDate": "2019-10-26T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-20387",
@@ -126,12 +207,28 @@
        "Title": "libsolv: out-of-bounds read in repodata_schema2id in repodata.c",
        "Description": "repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-125"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20387",
          "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da",
+          "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da (0.7.6)",
          "https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6",
          "https://lists.debian.org/debian-lts-announce/2020/01/msg00034.html"
-        ]
+        ],
+        "PublishedDate": "2020-01-21T23:15:00Z",
+        "LastModifiedDate": "2020-01-30T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-17498",
@@ -146,6 +243,19 @@
        "Title": "libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c",
        "Description": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-190"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
+            "V2Score": 5.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+            "V3Score": 6.5
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html",
          "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/",
@@ -155,49 +265,9 @@
          "https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94",
          "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/"
-        ]
-      },
-      {
-        "VulnerabilityID": "CVE-2019-17594",
-        "PkgName": "ncurses",
-        "InstalledVersion": "6.0-9.ph1",
-        "FixedVersion": "6.0-10.ph1",
-        "Layer": {
-          "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b"
-        },
-        "SeveritySource": "photon",
-        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17594",
-        "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c",
-        "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.",
-        "Severity": "HIGH",
-        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html",
-          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html",
-          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594",
-          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html",
-          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html"
-        ]
-      },
-      {
-        "VulnerabilityID": "CVE-2019-17595",
-        "PkgName": "ncurses",
-        "InstalledVersion": "6.0-9.ph1",
-        "FixedVersion": "6.0-10.ph1",
-        "Layer": {
-          "DiffID": "sha256:9740df1ac227d21600b22524f869c9bec2d8c13446d1c8579a6195b6d855ae2b"
-        },
-        "SeveritySource": "photon",
-        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17595",
-        "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c",
-        "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.",
-        "Severity": "MEDIUM",
-        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html",
-          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html",
-          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595",
-          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html",
-          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html"
-        ]
+        ],
+        "PublishedDate": "2019-10-21T22:15:00Z",
+        "LastModifiedDate": "2019-11-07T03:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1547",
@@ -212,6 +282,19 @@
        "Title": "openssl: side-channel weak encryption vulnerability",
        "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 1.9
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+            "V3Score": 5.5
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://arxiv.org/abs/1909.01785",
@@ -222,7 +305,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T16:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1551",
@@ -235,10 +320,22 @@
        "SeveritySource": "photon",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551",
        "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
-        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-200"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html",
          "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
@@ -250,7 +347,9 @@
          "https://www.debian.org/security/2019/dsa-4594",
          "https://www.openssl.org/news/secadv/20191206.txt",
          "https://www.tenable.com/security/tns-2019-09"
-        ]
+        ],
+        "PublishedDate": "2019-12-06T18:15:00Z",
+        "LastModifiedDate": "2019-12-25T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1563",
@@ -265,6 +364,19 @@
        "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
        "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 4.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 3.7
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563",
@@ -274,7 +386,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19317",
@@ -289,11 +403,26 @@
        "Title": "sqlite: omits bits from the colUsed bitmask in the case of a generated column",
        "Description": "lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.",
        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-20"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "https://github.com/sqlite/sqlite/commit/522ebfa7cee96fb325a22ea3a2464a63485886a8",
          "https://github.com/sqlite/sqlite/commit/73bacb7f93eab9f4bd5a65cbc4ae242acf63c9e3",
          "https://security.netapp.com/advisory/ntap-20191223-0001/"
-        ]
+        ],
+        "PublishedDate": "2019-12-05T14:15:00Z",
+        "LastModifiedDate": "2020-01-07T21:36:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19603",
@@ -308,11 +437,24 @@
        "Title": "sqlite: mishandles certain SELECT statements with a nonexistent VIEW, leading to DoS",
        "Description": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.",
        "Severity": "CRITICAL",
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19603",
          "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13",
          "https://security.netapp.com/advisory/ntap-20191223-0001/",
          "https://www.sqlite.org/"
-        ]
+        ],
+        "PublishedDate": "2019-12-09T19:15:00Z",
+        "LastModifiedDate": "2020-02-03T14:22:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19646",
@@ -327,12 +469,27 @@
        "Title": "sqlite: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns",
        "Description": "pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.",
        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-754"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 6.3
+          }
+        },
        "References": [
          "https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3",
          "https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd",
          "https://security.netapp.com/advisory/ntap-20191223-0001/",
          "https://www.sqlite.org/"
-        ]
+        ],
+        "PublishedDate": "2019-12-09T19:15:00Z",
+        "LastModifiedDate": "2019-12-23T05:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-20218",
@@ -347,10 +504,25 @@
        "Title": "sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error",
        "Description": "selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.",
        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-755"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
-          "https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387",
-          "https://usn.ubuntu.com/4298-1/"
-        ]
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20218",
+          "https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387"
+        ],
+        "PublishedDate": "2020-01-02T14:16:00Z",
+        "LastModifiedDate": "2020-01-16T20:35:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19244",
@@ -365,10 +537,27 @@
        "Title": "sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage",
        "Description": "sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-20"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19244",
          "https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348",
-          "https://usn.ubuntu.com/4205-1/"
-        ]
+          "https://usn.ubuntu.com/4205-1/",
+          "https://usn.ubuntu.com/usn/usn-4205-1"
+        ],
+        "PublishedDate": "2019-11-25T20:15:00Z",
+        "LastModifiedDate": "2019-12-04T16:11:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19880",
@@ -383,11 +572,26 @@
        "Title": "sqlite: invalid pointer dereference in exprListAppendList in window.c",
        "Description": "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-476"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880",
          "https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54",
          "https://security.netapp.com/advisory/ntap-20200114-0001/"
-        ]
+        ],
+        "PublishedDate": "2019-12-18T06:15:00Z",
+        "LastModifiedDate": "2020-01-14T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19923",
@@ -402,11 +606,26 @@
        "Title": "sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference",
        "Description": "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-476"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923",
          "https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35",
          "https://security.netapp.com/advisory/ntap-20200114-0003/"
-        ]
+        ],
+        "PublishedDate": "2019-12-24T16:15:00Z",
+        "LastModifiedDate": "2020-01-14T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19925",
@@ -421,11 +640,26 @@
        "Title": "sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive",
        "Description": "zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-434"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19925",
          "https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618",
          "https://security.netapp.com/advisory/ntap-20200114-0003/"
-        ]
+        ],
+        "PublishedDate": "2019-12-24T17:15:00Z",
+        "LastModifiedDate": "2020-01-14T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19926",
@@ -440,11 +674,26 @@
        "Title": "sqlite: error mishandling because of incomplete fix of CVE-2019-19880",
        "Description": "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-476"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926",
          "https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089",
          "https://security.netapp.com/advisory/ntap-20200114-0003/"
-        ]
+        ],
+        "PublishedDate": "2019-12-23T01:15:00Z",
+        "LastModifiedDate": "2020-01-14T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19959",
@@ -459,11 +708,24 @@
        "Title": "sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames",
        "Description": "ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.",
        "Severity": "HIGH",
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 7.3
+          }
+        },
        "References": [
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19959",
          "https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec",
          "https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1",
          "https://security.netapp.com/advisory/ntap-20200204-0001/"
-        ]
+        ],
+        "PublishedDate": "2020-01-03T22:15:00Z",
+        "LastModifiedDate": "2020-02-04T12:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19645",
@@ -478,10 +740,26 @@
        "Title": "sqlite: infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements",
        "Description": "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-674"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 2.1
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 5.5
+          }
+        },
        "References": [
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19645",
          "https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06",
          "https://security.netapp.com/advisory/ntap-20191223-0001/"
-        ]
+        ],
+        "PublishedDate": "2019-12-09T16:15:00Z",
+        "LastModifiedDate": "2019-12-23T05:15:00Z"
      }
    ]
  }
--- a/integration/testdata/photon-20.json.golden
+++ b/integration/testdata/photon-20.json.golden
@@ -16,11 +16,27 @@
        "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped",
        "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.",
        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-273"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
+            "V2Score": 7.2
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 7.8
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html",
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276",
          "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff",
          "https://www.youtube.com/watch?v=-wGtxJ8opa8"
-        ]
+        ],
+        "PublishedDate": "2019-11-28T01:15:00Z",
+        "LastModifiedDate": "2020-01-22T14:27:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5481",
@@ -35,14 +51,30 @@
        "Title": "curl: double free due to subsequent call of realloc()",
        "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.",
        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-415"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
+            "V3Score": 5.7
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html",
          "https://curl.haxx.se/docs/CVE-2019-5481.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/",
-          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"
-        ]
+          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/",
+          "https://usn.ubuntu.com/usn/usn-4129-1"
+        ],
+        "PublishedDate": "2019-09-16T19:15:00Z",
+        "LastModifiedDate": "2019-09-18T00:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5482",
@@ -57,16 +89,31 @@
        "Title": "curl: heap buffer overflow in function tftp_receive_packet()",
        "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.",
        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-120"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 6.3
+          }
+        },
        "References": [
-          "http://linux.oracle.com/cve/CVE-2019-5482.html",
-          "http://linux.oracle.com/errata/ELSA-2020-5562.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html",
          "https://curl.haxx.se/docs/CVE-2019-5482.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/",
-          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"
-        ]
+          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/",
+          "https://usn.ubuntu.com/usn/usn-4129-1",
+          "https://usn.ubuntu.com/usn/usn-4129-2"
+        ],
+        "PublishedDate": "2019-09-16T19:15:00Z",
+        "LastModifiedDate": "2019-09-18T00:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-16890",
@@ -81,6 +128,21 @@
        "Title": "curl: NTLM type-2 heap out-of-bounds buffer read",
        "Description": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-125"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V2Score": 5,
+            "V3Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
+            "V3Score": 4.3
+          }
+        },
        "References": [
          "http://linux.oracle.com/cve/CVE-2018-16890.html",
          "http://linux.oracle.com/errata/ELSA-2019-3701.html",
@@ -92,10 +154,13 @@
          "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E",
          "https://security.netapp.com/advisory/ntap-20190315-0001/",
          "https://usn.ubuntu.com/3882-1/",
+          "https://usn.ubuntu.com/usn/usn-3882-1",
          "https://www.debian.org/security/2019/dsa-4386",
          "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
          "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
-        ]
+        ],
+        "PublishedDate": "2019-02-06T20:29:00Z",
+        "LastModifiedDate": "2019-07-23T23:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5481",
@@ -110,14 +175,30 @@
        "Title": "curl: double free due to subsequent call of realloc()",
        "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.",
        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-415"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
+            "V3Score": 5.7
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html",
          "https://curl.haxx.se/docs/CVE-2019-5481.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/",
-          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"
-        ]
+          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/",
+          "https://usn.ubuntu.com/usn/usn-4129-1"
+        ],
+        "PublishedDate": "2019-09-16T19:15:00Z",
+        "LastModifiedDate": "2019-09-18T00:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5482",
@@ -132,16 +213,31 @@
        "Title": "curl: heap buffer overflow in function tftp_receive_packet()",
        "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.",
        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-120"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 6.3
+          }
+        },
        "References": [
-          "http://linux.oracle.com/cve/CVE-2019-5482.html",
-          "http://linux.oracle.com/errata/ELSA-2020-5562.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html",
          "https://curl.haxx.se/docs/CVE-2019-5482.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/",
-          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"
-        ]
+          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/",
+          "https://usn.ubuntu.com/usn/usn-4129-1",
+          "https://usn.ubuntu.com/usn/usn-4129-2"
+        ],
+        "PublishedDate": "2019-09-16T19:15:00Z",
+        "LastModifiedDate": "2019-09-18T00:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-16890",
@@ -156,6 +252,21 @@
        "Title": "curl: NTLM type-2 heap out-of-bounds buffer read",
        "Description": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-125"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V2Score": 5,
+            "V3Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
+            "V3Score": 4.3
+          }
+        },
        "References": [
          "http://linux.oracle.com/cve/CVE-2018-16890.html",
          "http://linux.oracle.com/errata/ELSA-2019-3701.html",
@@ -167,10 +278,13 @@
          "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E",
          "https://security.netapp.com/advisory/ntap-20190315-0001/",
          "https://usn.ubuntu.com/3882-1/",
+          "https://usn.ubuntu.com/usn/usn-3882-1",
          "https://www.debian.org/security/2019/dsa-4386",
          "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
          "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
-        ]
+        ],
+        "PublishedDate": "2019-02-06T20:29:00Z",
+        "LastModifiedDate": "2019-07-23T23:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5094",
@@ -185,14 +299,31 @@
        "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write",
        "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 6.4
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094",
          "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html",
          "https://seclists.org/bugtraq/2019/Sep/58",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887",
          "https://usn.ubuntu.com/4142-2/",
+          "https://usn.ubuntu.com/usn/usn-4142-1",
+          "https://usn.ubuntu.com/usn/usn-4142-2",
          "https://www.debian.org/security/2019/dsa-4535"
-        ]
+        ],
+        "PublishedDate": "2019-09-24T22:15:00Z",
+        "LastModifiedDate": "2019-09-28T03:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5188",
@@ -207,14 +338,30 @@
        "Title": "e2fsprogs: Out-of-bounds write in  e2fsck/rehash.c",
        "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973",
-          "https://usn.ubuntu.com/4249-1/"
-        ]
+          "https://usn.ubuntu.com/4249-1/",
+          "https://usn.ubuntu.com/usn/usn-4249-1"
+        ],
+        "PublishedDate": "2020-01-08T16:15:00Z",
+        "LastModifiedDate": "2020-01-28T06:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-20843",
@@ -229,6 +376,21 @@
        "Title": "expat: large number of colons in input makes parser consume high amount of resources, leading to DoS",
        "Description": "In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-611"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V2Score": 7.8,
+            "V3Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+            "V3Score": 5.3
+          }
+        },
        "References": [
          "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226",
          "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031",
@@ -242,8 +404,12 @@
          "https://security.netapp.com/advisory/ntap-20190703-0001/",
          "https://usn.ubuntu.com/4040-1/",
          "https://usn.ubuntu.com/4040-2/",
+          "https://usn.ubuntu.com/usn/usn-4040-1",
+          "https://usn.ubuntu.com/usn/usn-4040-2",
          "https://www.debian.org/security/2019/dsa-4472"
-        ]
+        ],
+        "PublishedDate": "2019-06-24T17:15:00Z",
+        "LastModifiedDate": "2019-06-26T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-20387",
@@ -258,12 +424,28 @@
        "Title": "libsolv: out-of-bounds read in repodata_schema2id in repodata.c",
        "Description": "repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-125"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20387",
          "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da",
+          "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da (0.7.6)",
          "https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6",
          "https://lists.debian.org/debian-lts-announce/2020/01/msg00034.html"
-        ]
+        ],
+        "PublishedDate": "2020-01-21T23:15:00Z",
+        "LastModifiedDate": "2020-01-30T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-13115",
@@ -278,6 +460,21 @@
        "Title": "libssh2: integer overflow in kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c leads to out-of-bounds write",
        "Description": "In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-190"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
+            "V2Score": 5.8,
+            "V3Score": 8.1
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
+            "V3Score": 6.8
+          }
+        },
        "References": [
          "https://blog.semmle.com/libssh2-integer-overflow/",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115",
@@ -285,7 +482,9 @@
          "https://github.com/libssh2/libssh2/pull/350",
          "https://libssh2.org/changes.html",
          "https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html"
-        ]
+        ],
+        "PublishedDate": "2019-07-16T18:15:00Z",
+        "LastModifiedDate": "2019-07-25T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-17498",
@@ -300,6 +499,19 @@
        "Title": "libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c",
        "Description": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-190"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
+            "V2Score": 5.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+            "V3Score": 6.5
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html",
          "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/",
@@ -309,7 +521,9 @@
          "https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94",
          "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/"
-        ]
+        ],
+        "PublishedDate": "2019-10-21T22:15:00Z",
+        "LastModifiedDate": "2019-11-07T03:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-17594",
@@ -324,13 +538,28 @@
        "Title": "ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c",
        "Description": "There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-125"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 5.3
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594",
          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html",
          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html"
-        ]
+        ],
+        "PublishedDate": "2019-10-14T21:15:00Z",
+        "LastModifiedDate": "2019-12-26T15:35:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-17595",
@@ -345,13 +574,28 @@
        "Title": "ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c",
        "Description": "There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-125"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
+            "V2Score": 5.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
+            "V3Score": 5.4
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00059.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00061.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595",
          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html",
          "https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html"
-        ]
+        ],
+        "PublishedDate": "2019-10-14T21:15:00Z",
+        "LastModifiedDate": "2019-12-23T19:26:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1547",
@@ -366,6 +610,19 @@
        "Title": "openssl: side-channel weak encryption vulnerability",
        "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 1.9
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+            "V3Score": 5.5
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://arxiv.org/abs/1909.01785",
@@ -376,7 +633,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T16:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1563",
@@ -391,6 +650,19 @@
        "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
        "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 4.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 3.7
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563",
@@ -400,7 +672,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19317",
@@ -415,11 +689,26 @@
        "Title": "sqlite: omits bits from the colUsed bitmask in the case of a generated column",
        "Description": "lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.",
        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-20"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "https://github.com/sqlite/sqlite/commit/522ebfa7cee96fb325a22ea3a2464a63485886a8",
          "https://github.com/sqlite/sqlite/commit/73bacb7f93eab9f4bd5a65cbc4ae242acf63c9e3",
          "https://security.netapp.com/advisory/ntap-20191223-0001/"
-        ]
+        ],
+        "PublishedDate": "2019-12-05T14:15:00Z",
+        "LastModifiedDate": "2020-01-07T21:36:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19603",
@@ -434,11 +723,24 @@
        "Title": "sqlite: mishandles certain SELECT statements with a nonexistent VIEW, leading to DoS",
        "Description": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.",
        "Severity": "CRITICAL",
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19603",
          "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13",
          "https://security.netapp.com/advisory/ntap-20191223-0001/",
          "https://www.sqlite.org/"
-        ]
+        ],
+        "PublishedDate": "2019-12-09T19:15:00Z",
+        "LastModifiedDate": "2020-02-03T14:22:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19646",
@@ -453,12 +755,27 @@
        "Title": "sqlite: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns",
        "Description": "pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.",
        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-754"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 6.3
+          }
+        },
        "References": [
          "https://github.com/sqlite/sqlite/commit/926f796e8feec15f3836aa0a060ed906f8ae04d3",
          "https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd",
          "https://security.netapp.com/advisory/ntap-20191223-0001/",
          "https://www.sqlite.org/"
-        ]
+        ],
+        "PublishedDate": "2019-12-09T19:15:00Z",
+        "LastModifiedDate": "2019-12-23T05:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-20218",
@@ -473,10 +790,25 @@
        "Title": "sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error",
        "Description": "selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.",
        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-755"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
-          "https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387",
-          "https://usn.ubuntu.com/4298-1/"
-        ]
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20218",
+          "https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387"
+        ],
+        "PublishedDate": "2020-01-02T14:16:00Z",
+        "LastModifiedDate": "2020-01-16T20:35:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-16168",
@@ -491,18 +823,35 @@
        "Title": "sqlite: division by zero in whereLoopAddBtreeIndex in sqlite3.c",
        "Description": "In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\"",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-369"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
+            "V2Score": 4.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+            "V3Score": 6.5
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html",
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16168",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/",
          "https://security.netapp.com/advisory/ntap-20190926-0003/",
          "https://security.netapp.com/advisory/ntap-20200122-0003/",
          "https://usn.ubuntu.com/4205-1/",
+          "https://usn.ubuntu.com/usn/usn-4205-1",
          "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html",
          "https://www.oracle.com/security-alerts/cpujan2020.html",
          "https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62",
          "https://www.sqlite.org/src/timeline?c=98357d8c1263920b"
-        ]
+        ],
+        "PublishedDate": "2019-09-09T17:15:00Z",
+        "LastModifiedDate": "2020-01-15T20:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19244",
@@ -517,10 +866,27 @@
        "Title": "sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage",
        "Description": "sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-20"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19244",
          "https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348",
-          "https://usn.ubuntu.com/4205-1/"
-        ]
+          "https://usn.ubuntu.com/4205-1/",
+          "https://usn.ubuntu.com/usn/usn-4205-1"
+        ],
+        "PublishedDate": "2019-11-25T20:15:00Z",
+        "LastModifiedDate": "2019-12-04T16:11:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19880",
@@ -535,11 +901,26 @@
        "Title": "sqlite: invalid pointer dereference in exprListAppendList in window.c",
        "Description": "exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-476"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19880",
          "https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54",
          "https://security.netapp.com/advisory/ntap-20200114-0001/"
-        ]
+        ],
+        "PublishedDate": "2019-12-18T06:15:00Z",
+        "LastModifiedDate": "2020-01-14T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19923",
@@ -554,11 +935,26 @@
        "Title": "sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference",
        "Description": "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-476"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923",
          "https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35",
          "https://security.netapp.com/advisory/ntap-20200114-0003/"
-        ]
+        ],
+        "PublishedDate": "2019-12-24T16:15:00Z",
+        "LastModifiedDate": "2020-01-14T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19925",
@@ -573,11 +969,26 @@
        "Title": "sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive",
        "Description": "zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-434"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19925",
          "https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618",
          "https://security.netapp.com/advisory/ntap-20200114-0003/"
-        ]
+        ],
+        "PublishedDate": "2019-12-24T17:15:00Z",
+        "LastModifiedDate": "2020-01-14T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19926",
@@ -592,11 +1003,26 @@
        "Title": "sqlite: error mishandling because of incomplete fix of CVE-2019-19880",
        "Description": "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-476"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926",
          "https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089",
          "https://security.netapp.com/advisory/ntap-20200114-0003/"
-        ]
+        ],
+        "PublishedDate": "2019-12-23T01:15:00Z",
+        "LastModifiedDate": "2020-01-14T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19959",
@@ -611,11 +1037,24 @@
        "Title": "sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames",
        "Description": "ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.",
        "Severity": "HIGH",
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 7.3
+          }
+        },
        "References": [
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19959",
          "https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec",
          "https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1",
          "https://security.netapp.com/advisory/ntap-20200204-0001/"
-        ]
+        ],
+        "PublishedDate": "2020-01-03T22:15:00Z",
+        "LastModifiedDate": "2020-02-04T12:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19645",
@@ -630,10 +1069,26 @@
        "Title": "sqlite: infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements",
        "Description": "alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-674"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 2.1
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 5.5
+          }
+        },
        "References": [
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19645",
          "https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06",
          "https://security.netapp.com/advisory/ntap-20191223-0001/"
-        ]
+        ],
+        "PublishedDate": "2019-12-09T16:15:00Z",
+        "LastModifiedDate": "2019-12-23T05:15:00Z"
      }
    ]
  }
--- a/integration/testdata/photon-30.json.golden
+++ b/integration/testdata/photon-30.json.golden
@@ -16,11 +16,27 @@
        "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped",
        "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.",
        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-273"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
+            "V2Score": 7.2
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 7.8
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html",
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276",
          "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff",
          "https://www.youtube.com/watch?v=-wGtxJ8opa8"
-        ]
+        ],
+        "PublishedDate": "2019-11-28T01:15:00Z",
+        "LastModifiedDate": "2020-01-22T14:27:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5481",
@@ -35,14 +51,30 @@
        "Title": "curl: double free due to subsequent call of realloc()",
        "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.",
        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-415"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
+            "V3Score": 5.7
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html",
          "https://curl.haxx.se/docs/CVE-2019-5481.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/",
-          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"
-        ]
+          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/",
+          "https://usn.ubuntu.com/usn/usn-4129-1"
+        ],
+        "PublishedDate": "2019-09-16T19:15:00Z",
+        "LastModifiedDate": "2019-09-18T00:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5482",
@@ -57,16 +89,31 @@
        "Title": "curl: heap buffer overflow in function tftp_receive_packet()",
        "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.",
        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-120"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 6.3
+          }
+        },
        "References": [
-          "http://linux.oracle.com/cve/CVE-2019-5482.html",
-          "http://linux.oracle.com/errata/ELSA-2020-5562.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html",
          "https://curl.haxx.se/docs/CVE-2019-5482.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/",
-          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"
-        ]
+          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/",
+          "https://usn.ubuntu.com/usn/usn-4129-1",
+          "https://usn.ubuntu.com/usn/usn-4129-2"
+        ],
+        "PublishedDate": "2019-09-16T19:15:00Z",
+        "LastModifiedDate": "2019-09-18T00:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5481",
@@ -81,14 +128,30 @@
        "Title": "curl: double free due to subsequent call of realloc()",
        "Description": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.",
        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-415"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
+            "V3Score": 5.7
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html",
          "https://curl.haxx.se/docs/CVE-2019-5481.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/",
-          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"
-        ]
+          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/",
+          "https://usn.ubuntu.com/usn/usn-4129-1"
+        ],
+        "PublishedDate": "2019-09-16T19:15:00Z",
+        "LastModifiedDate": "2019-09-18T00:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5482",
@@ -103,16 +166,31 @@
        "Title": "curl: heap buffer overflow in function tftp_receive_packet()",
        "Description": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.",
        "Severity": "CRITICAL",
+        "CweIDs": [
+          "CWE-120"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 6.3
+          }
+        },
        "References": [
-          "http://linux.oracle.com/cve/CVE-2019-5482.html",
-          "http://linux.oracle.com/errata/ELSA-2020-5562.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html",
          "https://curl.haxx.se/docs/CVE-2019-5482.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5482",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/",
-          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/"
-        ]
+          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/",
+          "https://usn.ubuntu.com/usn/usn-4129-1",
+          "https://usn.ubuntu.com/usn/usn-4129-2"
+        ],
+        "PublishedDate": "2019-09-16T19:15:00Z",
+        "LastModifiedDate": "2019-09-18T00:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5094",
@@ -127,14 +205,31 @@
        "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write",
        "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 6.4
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094",
          "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html",
          "https://seclists.org/bugtraq/2019/Sep/58",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887",
          "https://usn.ubuntu.com/4142-2/",
+          "https://usn.ubuntu.com/usn/usn-4142-1",
+          "https://usn.ubuntu.com/usn/usn-4142-2",
          "https://www.debian.org/security/2019/dsa-4535"
-        ]
+        ],
+        "PublishedDate": "2019-09-24T22:15:00Z",
+        "LastModifiedDate": "2019-09-28T03:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5188",
@@ -149,14 +244,30 @@
        "Title": "e2fsprogs: Out-of-bounds write in  e2fsck/rehash.c",
        "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973",
-          "https://usn.ubuntu.com/4249-1/"
-        ]
+          "https://usn.ubuntu.com/4249-1/",
+          "https://usn.ubuntu.com/usn/usn-4249-1"
+        ],
+        "PublishedDate": "2020-01-08T16:15:00Z",
+        "LastModifiedDate": "2020-01-28T06:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-20387",
@@ -171,12 +282,28 @@
        "Title": "libsolv: out-of-bounds read in repodata_schema2id in repodata.c",
        "Description": "repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-125"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20387",
          "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da",
+          "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da (0.7.6)",
          "https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6",
          "https://lists.debian.org/debian-lts-announce/2020/01/msg00034.html"
-        ]
+        ],
+        "PublishedDate": "2020-01-21T23:15:00Z",
+        "LastModifiedDate": "2020-01-30T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-17498",
@@ -191,6 +318,19 @@
        "Title": "libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c",
        "Description": "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-190"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
+            "V2Score": 5.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+            "V3Score": 6.5
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html",
          "https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/",
@@ -200,7 +340,9 @@
          "https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94",
          "https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/"
-        ]
+        ],
+        "PublishedDate": "2019-10-21T22:15:00Z",
+        "LastModifiedDate": "2019-11-07T03:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1547",
@@ -215,6 +357,19 @@
        "Title": "openssl: side-channel weak encryption vulnerability",
        "Description": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 1.9
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+            "V3Score": 5.5
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://arxiv.org/abs/1909.01785",
@@ -225,7 +380,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T16:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1551",
@@ -238,10 +395,22 @@
        "SeveritySource": "photon",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1551",
        "Title": "openssl: Integer overflow in RSAZ modular exponentiation on x86_64",
-        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).",
+        "Description": "There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-200"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+            "V3Score": 4.8
+          }
+        },
        "References": [
-          "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html",
          "http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551",
          "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f",
@@ -253,7 +422,9 @@
          "https://www.debian.org/security/2019/dsa-4594",
          "https://www.openssl.org/news/secadv/20191206.txt",
          "https://www.tenable.com/security/tns-2019-09"
-        ]
+        ],
+        "PublishedDate": "2019-12-06T18:15:00Z",
+        "LastModifiedDate": "2019-12-25T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1563",
@@ -268,6 +439,19 @@
        "Title": "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey",
        "Description": "In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-311"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
+            "V2Score": 4.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+            "V3Score": 3.7
+          }
+        },
        "References": [
          "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563",
@@ -277,7 +461,9 @@
          "https://seclists.org/bugtraq/2019/Sep/25",
          "https://security.netapp.com/advisory/ntap-20190919-0002/",
          "https://www.openssl.org/news/secadv/20190910.txt"
-        ]
+        ],
+        "PublishedDate": "2019-09-10T17:15:00Z",
+        "LastModifiedDate": "2019-09-12T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-16168",
@@ -292,18 +478,35 @@
        "Title": "sqlite: division by zero in whereLoopAddBtreeIndex in sqlite3.c",
        "Description": "In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a \"severe division by zero in the query planner.\"",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-369"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
+            "V2Score": 4.3
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+            "V3Score": 6.5
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00032.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00033.html",
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16168",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/",
          "https://security.netapp.com/advisory/ntap-20190926-0003/",
          "https://security.netapp.com/advisory/ntap-20200122-0003/",
          "https://usn.ubuntu.com/4205-1/",
+          "https://usn.ubuntu.com/usn/usn-4205-1",
          "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg116312.html",
          "https://www.oracle.com/security-alerts/cpujan2020.html",
          "https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62",
          "https://www.sqlite.org/src/timeline?c=98357d8c1263920b"
-        ]
+        ],
+        "PublishedDate": "2019-09-09T17:15:00Z",
+        "LastModifiedDate": "2020-01-15T20:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19244",
@@ -318,10 +521,27 @@
        "Title": "sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage",
        "Description": "sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-20"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19244",
          "https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348",
-          "https://usn.ubuntu.com/4205-1/"
-        ]
+          "https://usn.ubuntu.com/4205-1/",
+          "https://usn.ubuntu.com/usn/usn-4205-1"
+        ],
+        "PublishedDate": "2019-11-25T20:15:00Z",
+        "LastModifiedDate": "2019-12-04T16:11:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19923",
@@ -336,11 +556,26 @@
        "Title": "sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference",
        "Description": "flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-476"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19923",
          "https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35",
          "https://security.netapp.com/advisory/ntap-20200114-0003/"
-        ]
+        ],
+        "PublishedDate": "2019-12-24T16:15:00Z",
+        "LastModifiedDate": "2020-01-14T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19926",
@@ -355,11 +590,26 @@
        "Title": "sqlite: error mishandling because of incomplete fix of CVE-2019-19880",
        "Description": "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.",
        "Severity": "HIGH",
+        "CweIDs": [
+          "CWE-476"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19926",
          "https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089",
          "https://security.netapp.com/advisory/ntap-20200114-0003/"
-        ]
+        ],
+        "PublishedDate": "2019-12-23T01:15:00Z",
+        "LastModifiedDate": "2020-01-14T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19959",
@@ -374,11 +624,24 @@
        "Title": "sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames",
        "Description": "ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.",
        "Severity": "HIGH",
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
+            "V2Score": 5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 7.3
+          }
+        },
        "References": [
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19959",
          "https://github.com/sqlite/sqlite/commit/1e490c4ca6b43a9cf8637d695907888349f69bec",
          "https://github.com/sqlite/sqlite/commit/d8f2d46cbc9925e034a68aaaf60aad788d9373c1",
          "https://security.netapp.com/advisory/ntap-20200204-0001/"
-        ]
+        ],
+        "PublishedDate": "2020-01-03T22:15:00Z",
+        "LastModifiedDate": "2020-02-04T12:15:00Z"
      }
    ]
  }
--- a/integration/testdata/trivy.db.gz
+++ b/integration/testdata/trivy.db.gz
--- a/integration/testdata/ubi-7.json.golden
+++ b/integration/testdata/ubi-7.json.golden
--- a/integration/testdata/ubuntu-1604.json.golden
+++ b/integration/testdata/ubuntu-1604.json.golden
--- a/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden
+++ b/integration/testdata/ubuntu-1804-ignore-unfixed.json.golden
@@ -16,14 +16,31 @@
        "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write",
        "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 6.4
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094",
          "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html",
          "https://seclists.org/bugtraq/2019/Sep/58",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887",
          "https://usn.ubuntu.com/4142-2/",
+          "https://usn.ubuntu.com/usn/usn-4142-1",
+          "https://usn.ubuntu.com/usn/usn-4142-2",
          "https://www.debian.org/security/2019/dsa-4535"
-        ]
+        ],
+        "PublishedDate": "2019-09-24T22:15:00Z",
+        "LastModifiedDate": "2019-09-28T03:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5188",
@@ -38,14 +55,30 @@
        "Title": "e2fsprogs: Out-of-bounds write in  e2fsck/rehash.c",
        "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973",
-          "https://usn.ubuntu.com/4249-1/"
-        ]
+          "https://usn.ubuntu.com/4249-1/",
+          "https://usn.ubuntu.com/usn/usn-4249-1"
+        ],
+        "PublishedDate": "2020-01-08T16:15:00Z",
+        "LastModifiedDate": "2020-01-28T06:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5094",
@@ -60,14 +93,31 @@
        "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write",
        "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 6.4
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094",
          "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html",
          "https://seclists.org/bugtraq/2019/Sep/58",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887",
          "https://usn.ubuntu.com/4142-2/",
+          "https://usn.ubuntu.com/usn/usn-4142-1",
+          "https://usn.ubuntu.com/usn/usn-4142-2",
          "https://www.debian.org/security/2019/dsa-4535"
-        ]
+        ],
+        "PublishedDate": "2019-09-24T22:15:00Z",
+        "LastModifiedDate": "2019-09-28T03:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5188",
@@ -82,14 +132,30 @@
        "Title": "e2fsprogs: Out-of-bounds write in  e2fsck/rehash.c",
        "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973",
-          "https://usn.ubuntu.com/4249-1/"
-        ]
+          "https://usn.ubuntu.com/4249-1/",
+          "https://usn.ubuntu.com/usn/usn-4249-1"
+        ],
+        "PublishedDate": "2020-01-08T16:15:00Z",
+        "LastModifiedDate": "2020-01-28T06:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5094",
@@ -104,14 +170,31 @@
        "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write",
        "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 6.4
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094",
          "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html",
          "https://seclists.org/bugtraq/2019/Sep/58",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887",
          "https://usn.ubuntu.com/4142-2/",
+          "https://usn.ubuntu.com/usn/usn-4142-1",
+          "https://usn.ubuntu.com/usn/usn-4142-2",
          "https://www.debian.org/security/2019/dsa-4535"
-        ]
+        ],
+        "PublishedDate": "2019-09-24T22:15:00Z",
+        "LastModifiedDate": "2019-09-28T03:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5188",
@@ -126,14 +209,30 @@
        "Title": "e2fsprogs: Out-of-bounds write in  e2fsck/rehash.c",
        "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973",
-          "https://usn.ubuntu.com/4249-1/"
-        ]
+          "https://usn.ubuntu.com/4249-1/",
+          "https://usn.ubuntu.com/usn/usn-4249-1"
+        ],
+        "PublishedDate": "2020-01-08T16:15:00Z",
+        "LastModifiedDate": "2020-01-28T06:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-13627",
@@ -148,6 +247,19 @@
        "Title": "libgcrypt: ECDSA timing attack in the libgcrypt20 cryptographic library",
        "Description": "It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-362"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
+            "V2Score": 6.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
+            "V3Score": 6.3
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html",
          "http://www.openwall.com/lists/oss-security/2019/10/02/2",
@@ -156,8 +268,13 @@
          "https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5",
          "https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html",
          "https://minerva.crocs.fi.muni.cz/",
-          "https://security-tracker.debian.org/tracker/CVE-2019-13627"
-        ]
+          "https://security-tracker.debian.org/tracker/CVE-2019-13627",
+          "https://usn.ubuntu.com/usn/usn-4236-1",
+          "https://usn.ubuntu.com/usn/usn-4236-2",
+          "https://usn.ubuntu.com/usn/usn-4236-3"
+        ],
+        "PublishedDate": "2019-09-25T15:15:00Z",
+        "LastModifiedDate": "2019-10-03T00:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-12290",
@@ -171,12 +288,25 @@
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-12290",
        "Description": "GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-20"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
+            "V2Score": 5
+          }
+        },
        "References": [
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290",
          "https://gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5",
          "https://gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389de",
          "https://gitlab.com/libidn/libidn2/merge_requests/71",
-          "https://usn.ubuntu.com/4168-1/"
-        ]
+          "https://usn.ubuntu.com/4168-1/",
+          "https://usn.ubuntu.com/usn/usn-4168-1"
+        ],
+        "PublishedDate": "2019-10-22T16:15:00Z",
+        "LastModifiedDate": "2019-10-29T19:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-18224",
@@ -191,6 +321,19 @@
        "Title": "libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c",
        "Description": "idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 7.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 5.6
+          }
+        },
        "References": [
          "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224",
@@ -198,8 +341,11 @@
          "https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/",
-          "https://usn.ubuntu.com/4168-1/"
-        ]
+          "https://usn.ubuntu.com/4168-1/",
+          "https://usn.ubuntu.com/usn/usn-4168-1"
+        ],
+        "PublishedDate": "2019-10-21T17:15:00Z",
+        "LastModifiedDate": "2019-10-29T19:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5094",
@@ -214,14 +360,31 @@
        "Title": "e2fsprogs: crafted ext4 partition leads to out-of-bounds write",
        "Description": "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 6.4
+          }
+        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094",
          "https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html",
          "https://seclists.org/bugtraq/2019/Sep/58",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887",
          "https://usn.ubuntu.com/4142-2/",
+          "https://usn.ubuntu.com/usn/usn-4142-1",
+          "https://usn.ubuntu.com/usn/usn-4142-2",
          "https://www.debian.org/security/2019/dsa-4535"
-        ]
+        ],
+        "PublishedDate": "2019-09-24T22:15:00Z",
+        "LastModifiedDate": "2019-09-28T03:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-5188",
@@ -236,14 +399,30 @@
        "Title": "e2fsprogs: Out-of-bounds write in  e2fsck/rehash.c",
        "Description": "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-787"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V2Score": 4.6
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
+            "V3Score": 7.5
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973",
-          "https://usn.ubuntu.com/4249-1/"
-        ]
+          "https://usn.ubuntu.com/4249-1/",
+          "https://usn.ubuntu.com/usn/usn-4249-1"
+        ],
+        "PublishedDate": "2020-01-08T16:15:00Z",
+        "LastModifiedDate": "2020-01-28T06:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-15718",
@@ -258,6 +437,21 @@
        "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS",
        "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-284"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
+            "V2Score": 2.1,
+            "V3Score": 5.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 5.3
+          }
+        },
        "References": [
          "http://linux.oracle.com/cve/CVE-2019-15718.html",
          "http://linux.oracle.com/errata/ELSA-2019-3592.html",
@@ -266,8 +460,11 @@
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/",
-          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/"
-        ]
+          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/",
+          "https://usn.ubuntu.com/usn/usn-4120-1"
+        ],
+        "PublishedDate": "2019-09-04T12:15:00Z",
+        "LastModifiedDate": "2019-09-19T04:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-1712",
@@ -282,9 +479,17 @@
        "Title": "systemd: use-after-free when asynchronous polkit queries are performed",
        "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.",
        "Severity": "MEDIUM",
+        "CVSS": {
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 7.8
+          }
+        },
        "References": [
          "http://linux.oracle.com/cve/CVE-2020-1712.html",
-          "http://linux.oracle.com/errata/ELSA-2020-0575.html"
+          "http://linux.oracle.com/errata/ELSA-2020-0575.html",
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712",
+          "https://usn.ubuntu.com/usn/usn-4269-1"
        ]
      },
      {
@@ -300,12 +505,29 @@
        "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received",
        "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-772"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 2.1
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+            "V3Score": 2.4
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html",
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386",
          "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad",
          "https://security.netapp.com/advisory/ntap-20200210-0002/",
-          "https://usn.ubuntu.com/4269-1/"
-        ]
+          "https://usn.ubuntu.com/4269-1/",
+          "https://usn.ubuntu.com/usn/usn-4269-1"
+        ],
+        "PublishedDate": "2020-01-21T06:15:00Z",
+        "LastModifiedDate": "2020-02-10T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-3843",
@@ -320,12 +542,32 @@
        "Title": "systemd: services with DynamicUser can create SUID/SGID binaries",
        "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-264"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "V2Score": 4.6,
+            "V3Score": 7.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 4.5
+          }
+        },
        "References": [
          "http://www.securityfocus.com/bid/108116",
          "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843",
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843",
+          "https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/",
-          "https://security.netapp.com/advisory/ntap-20190619-0002/"
-        ]
+          "https://security.netapp.com/advisory/ntap-20190619-0002/",
+          "https://usn.ubuntu.com/usn/usn-4269-1"
+        ],
+        "PublishedDate": "2019-04-26T21:29:00Z",
+        "LastModifiedDate": "2019-06-19T10:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-3844",
@@ -340,11 +582,30 @@
        "Title": "systemd: services with DynamicUser can get new privileges and create SGID binaries",
        "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-264"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "V2Score": 4.6,
+            "V3Score": 7.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 4.5
+          }
+        },
        "References": [
          "http://www.securityfocus.com/bid/108096",
          "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844",
-          "https://security.netapp.com/advisory/ntap-20190619-0002/"
-        ]
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844",
+          "https://security.netapp.com/advisory/ntap-20190619-0002/",
+          "https://usn.ubuntu.com/usn/usn-4269-1"
+        ],
+        "PublishedDate": "2019-04-26T21:29:00Z",
+        "LastModifiedDate": "2019-06-19T10:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-15718",
@@ -359,6 +620,21 @@
        "Title": "systemd: systemd-resolved allows unprivileged users to configure DNS",
        "Description": "In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-284"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
+            "V2Score": 2.1,
+            "V3Score": 5.5
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 5.3
+          }
+        },
        "References": [
          "http://linux.oracle.com/cve/CVE-2019-15718.html",
          "http://linux.oracle.com/errata/ELSA-2019-3592.html",
@@ -367,8 +643,11 @@
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15718",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRE5IS24XTF5WNZGH2L7GSQJKARBOEGL/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIKGKXZ5OEGOEYURHLJHEMFYNLEGAW5B/",
-          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/"
-        ]
+          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2WNHRJW4XI6H5YMDG4BUFGPAXWUMUVG/",
+          "https://usn.ubuntu.com/usn/usn-4120-1"
+        ],
+        "PublishedDate": "2019-09-04T12:15:00Z",
+        "LastModifiedDate": "2019-09-19T04:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-1712",
@@ -383,9 +662,17 @@
        "Title": "systemd: use-after-free when asynchronous polkit queries are performed",
        "Description": "A heap use-after-free vulnerability was found in systemd, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.",
        "Severity": "MEDIUM",
+        "CVSS": {
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "V3Score": 7.8
+          }
+        },
        "References": [
          "http://linux.oracle.com/cve/CVE-2020-1712.html",
-          "http://linux.oracle.com/errata/ELSA-2020-0575.html"
+          "http://linux.oracle.com/errata/ELSA-2020-0575.html",
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1712",
+          "https://usn.ubuntu.com/usn/usn-4269-1"
        ]
      },
      {
@@ -401,12 +688,29 @@
        "Title": "systemd: a memory leak was discovered in button_open in login/logind-button.c when udev events are received",
        "Description": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-772"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
+            "V2Score": 2.1
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+            "V3Score": 2.4
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html",
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386",
          "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad",
          "https://security.netapp.com/advisory/ntap-20200210-0002/",
-          "https://usn.ubuntu.com/4269-1/"
-        ]
+          "https://usn.ubuntu.com/4269-1/",
+          "https://usn.ubuntu.com/usn/usn-4269-1"
+        ],
+        "PublishedDate": "2020-01-21T06:15:00Z",
+        "LastModifiedDate": "2020-02-10T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-3843",
@@ -421,12 +725,32 @@
        "Title": "systemd: services with DynamicUser can create SUID/SGID binaries",
        "Description": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-264"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "V2Score": 4.6,
+            "V3Score": 7.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 4.5
+          }
+        },
        "References": [
          "http://www.securityfocus.com/bid/108116",
          "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843",
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843",
+          "https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/",
-          "https://security.netapp.com/advisory/ntap-20190619-0002/"
-        ]
+          "https://security.netapp.com/advisory/ntap-20190619-0002/",
+          "https://usn.ubuntu.com/usn/usn-4269-1"
+        ],
+        "PublishedDate": "2019-04-26T21:29:00Z",
+        "LastModifiedDate": "2019-06-19T10:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-3844",
@@ -441,11 +765,30 @@
        "Title": "systemd: services with DynamicUser can get new privileges and create SGID binaries",
        "Description": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.",
        "Severity": "LOW",
+        "CweIDs": [
+          "CWE-264"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+            "V2Score": 4.6,
+            "V3Score": 7.8
+          },
+          "redhat": {
+            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
+            "V3Score": 4.5
+          }
+        },
        "References": [
          "http://www.securityfocus.com/bid/108096",
          "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844",
-          "https://security.netapp.com/advisory/ntap-20190619-0002/"
-        ]
+          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844",
+          "https://security.netapp.com/advisory/ntap-20190619-0002/",
+          "https://usn.ubuntu.com/usn/usn-4269-1"
+        ],
+        "PublishedDate": "2019-04-26T21:29:00Z",
+        "LastModifiedDate": "2019-06-19T10:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-11922",
@@ -459,13 +802,28 @@
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-11922",
        "Description": "A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used.",
        "Severity": "MEDIUM",
+        "CweIDs": [
+          "CWE-362"
+        ],
+        "CVSS": {
+          "nvd": {
+            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
+            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+            "V2Score": 6.8,
+            "V3Score": 8.1
+          }
+        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00008.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00062.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11922",
+          "https://github.com/facebook/zstd/commit/3e5cdf1b6a85843e991d7d10f6a2567c15580da0",
          "https://github.com/facebook/zstd/pull/1404/commits/3e5cdf1b6a85843e991d7d10f6a2567c15580da0",
+          "https://usn.ubuntu.com/usn/usn-4108-1",
          "https://www.facebook.com/security/advisories/cve-2019-11922"
-        ]
+        ],
+        "PublishedDate": "2019-07-25T21:15:00Z",
+        "LastModifiedDate": "2019-08-12T21:15:00Z"
      }
    ]
  }
--- a/integration/testdata/ubuntu-1804.json.golden
+++ b/integration/testdata/ubuntu-1804.json.golden
--- a/internal/app.go
+++ b/internal/app.go
@@ -144,6 +144,13 @@ var (
 		EnvVars: []string{"TRIVY_CACHE_DIR"},
 	}

+	cacheBackendFlag = cli.StringFlag{
+		Name:    "cache-backend",
+		Value:   "fs",
+		Usage:   "cache backend (e.g. redis://localhost:6379)",
+		EnvVars: []string{"TRIVY_CACHE_BACKEND"},
+	}
+
 	ignoreFileFlag = cli.StringFlag{
 		Name:    "ignorefile",
 		Value:   vulnerability.DefaultIgnoreFile,
@@ -229,6 +236,7 @@ var (
 		&listAllPackages,
 		&skipFiles,
 		&skipDirectories,
+		&cacheBackendFlag,
 	}

 	// deprecated options
@@ -385,6 +393,7 @@ func NewFilesystemCommand() *cli.Command {
 			&vulnTypeFlag,
 			&ignoreFileFlag,
 			&cacheDirFlag,
+			&cacheBackendFlag,
 			&timeoutFlag,
 			&noProgressFlag,
 			&ignorePolicy,
@@ -419,6 +428,7 @@ func NewRepositoryCommand() *cli.Command {
 			&vulnTypeFlag,
 			&ignoreFileFlag,
 			&cacheDirFlag,
+			&cacheBackendFlag,
 			&timeoutFlag,
 			&noProgressFlag,
 			&ignorePolicy,
@@ -487,6 +497,7 @@ func NewServerCommand() *cli.Command {
 			&quietFlag,
 			&debugFlag,
 			&cacheDirFlag,
+			&cacheBackendFlag,

 			// original flags
 			&token,
--- a/internal/artifact/config/config.go
+++ b/internal/artifact/config/config.go
@@ -14,6 +14,7 @@ type Config struct {
 	config.DBConfig
 	config.ImageConfig
 	config.ReportConfig
+	config.CacheConfig

 	// deprecated
 	onlyUpdate string
@@ -36,6 +37,7 @@ func New(c *cli.Context) (Config, error) {
 		DBConfig:       config.NewDBConfig(c),
 		ImageConfig:    config.NewImageConfig(c),
 		ReportConfig:   config.NewReportConfig(c),
+		CacheConfig:    config.NewCacheConfig(c),

 		onlyUpdate:  c.String("only-update"),
 		refresh:     c.Bool("refresh"),
@@ -45,13 +47,11 @@ func New(c *cli.Context) (Config, error) {

 // Init initializes the artifact config
 func (c *Config) Init(image bool) error {
-	if err := c.ReportConfig.Init(c.Logger); err != nil {
-		return err
-	}
 	if c.onlyUpdate != "" || c.refresh || c.autoRefresh {
 		c.Logger.Warn("--only-update, --refresh and --auto-refresh are unnecessary and ignored now. These commands will be removed in the next version.")
 	}
-	if err := c.DBConfig.Init(); err != nil {
+
+	if err := c.initPreScanConfigs(); err != nil {
 		return err
 	}

@@ -73,6 +73,19 @@ func (c *Config) Init(image bool) error {
 	return nil
 }

+func (c *Config) initPreScanConfigs() error {
+	if err := c.ReportConfig.Init(c.Logger); err != nil {
+		return err
+	}
+	if err := c.DBConfig.Init(); err != nil {
+		return err
+	}
+	if err := c.CacheConfig.Init(); err != nil {
+		return err
+	}
+	return nil
+}
+
 func (c *Config) skipScan() bool {
 	if c.ClearCache || c.DownloadDBOnly || c.Reset {
 		return true
--- a/internal/artifact/run.go
+++ b/internal/artifact/run.go
@@ -32,20 +32,18 @@ func run(c config.Config, initializeScanner InitializeScanner) error {

 	// configure cache dir
 	utils.SetCacheDir(c.CacheDir)
-	cacheClient, err := cache.NewFSCache(c.CacheDir)
+	cache, err := operation.NewCache(c.CacheBackend)
 	if err != nil {
 		return xerrors.Errorf("unable to initialize the cache: %w", err)
 	}
-	defer cacheClient.Close()
-
-	cacheOperation := operation.NewCache(cacheClient)
+	defer cache.Close()
 	log.Logger.Debugf("cache dir:  %s", utils.CacheDir())

 	if c.Reset {
-		return cacheOperation.Reset()
+		return cache.Reset()
 	}
 	if c.ClearCache {
-		return cacheOperation.ClearImages()
+		return cache.ClearImages()
 	}

 	// download the database file
@@ -70,7 +68,7 @@ func run(c config.Config, initializeScanner InitializeScanner) error {

 	ctx, cancel := context.WithTimeout(context.Background(), c.Timeout)
 	defer cancel()
-	scanner, cleanup, err := initializeScanner(ctx, target, cacheClient, cacheClient, c.Timeout)
+	scanner, cleanup, err := initializeScanner(ctx, target, cache, cache, c.Timeout)
 	if err != nil {
 		return xerrors.Errorf("unable to initialize a scanner: %w", err)
 	}
--- a/internal/config/cache.go
+++ b/internal/config/cache.go
@@ -0,0 +1,31 @@
+package config
+
+import (
+	"strings"
+
+	"github.com/urfave/cli/v2"
+	"golang.org/x/xerrors"
+)
+
+// CacheConfig holds the config for cache
+type CacheConfig struct {
+	CacheBackend string
+}
+
+// NewCacheConfig returns an instance of CacheConfig
+func NewCacheConfig(c *cli.Context) CacheConfig {
+	return CacheConfig{
+		CacheBackend: c.String("cache-backend"),
+	}
+}
+
+// Init initialize the CacheConfig
+func (c *CacheConfig) Init() error {
+	// "redis://" or "fs" are allowed for now
+	// An empty value is also allowed for testability
+	if !strings.HasPrefix(c.CacheBackend, "redis://") &&
+		c.CacheBackend != "fs" && c.CacheBackend != "" {
+		return xerrors.Errorf("unsupported cache backend: %s", c.CacheBackend)
+	}
+	return nil
+}
--- a/internal/config/cache_test.go
+++ b/internal/config/cache_test.go
@@ -0,0 +1,92 @@
+package config_test
+
+import (
+	"flag"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/urfave/cli/v2"
+
+	"github.com/aquasecurity/trivy/internal/config"
+)
+
+func TestNewCacheConfig(t *testing.T) {
+	tests := []struct {
+		name string
+		args []string
+		want config.CacheConfig
+	}{
+		{
+			name: "happy path",
+			args: []string{"--cache-backend", "redis://localhost:6379"},
+			want: config.CacheConfig{
+				CacheBackend: "redis://localhost:6379",
+			},
+		},
+		{
+			name: "default",
+			args: []string{},
+			want: config.CacheConfig{
+				CacheBackend: "fs",
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			app := &cli.App{}
+			set := flag.NewFlagSet("test", 0)
+			set.String("cache-backend", "fs", "")
+
+			c := cli.NewContext(app, set, nil)
+			_ = set.Parse(tt.args)
+
+			got := config.NewCacheConfig(c)
+			assert.Equal(t, tt.want, got, tt.name)
+		})
+	}
+}
+
+func TestCacheConfig_Init(t *testing.T) {
+	type fields struct {
+		backend string
+	}
+	tests := []struct {
+		name    string
+		fields  fields
+		wantErr string
+	}{
+		{
+			name: "fs",
+			fields: fields{
+				backend: "fs",
+			},
+		},
+		{
+			name: "redis",
+			fields: fields{
+				backend: "redis://localhost:6379",
+			},
+		},
+		{
+			name: "sad path",
+			fields: fields{
+				backend: "unknown://",
+			},
+			wantErr: "unsupported cache backend: unknown://",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			c := &config.CacheConfig{
+				CacheBackend: tt.fields.backend,
+			}
+
+			err := c.Init()
+			if tt.wantErr != "" {
+				assert.EqualError(t, err, tt.wantErr, err)
+			} else {
+				assert.NoError(t, err)
+			}
+		})
+	}
+}
--- a/internal/operation/operation.go
+++ b/internal/operation/operation.go
@@ -3,10 +3,11 @@ package operation
 import (
 	"context"
 	"os"
+	"strings"

-	"github.com/spf13/afero"
-
+	"github.com/go-redis/redis/v8"
 	"github.com/google/wire"
+	"github.com/spf13/afero"
 	"golang.org/x/xerrors"

 	"github.com/aquasecurity/fanal/cache"
@@ -24,12 +25,23 @@ var SuperSet = wire.NewSet(

 // Cache implements the local cache
 type Cache struct {
-	client cache.LocalArtifactCache
+	cache.Cache
 }

 // NewCache is the factory method for Cache
-func NewCache(client cache.LocalArtifactCache) Cache {
-	return Cache{client: client}
+func NewCache(backend string) (Cache, error) {
+	if strings.HasPrefix(backend, "redis://") {
+		log.Logger.Info("Redis cache: %s", backend)
+		redisCache := cache.NewRedisCache(&redis.Options{
+			Addr: strings.TrimPrefix(backend, "redis://"),
+		})
+		return Cache{Cache: redisCache}, nil
+	}
+	fsCache, err := cache.NewFSCache(utils.CacheDir())
+	if err != nil {
+		return Cache{}, xerrors.Errorf("unable to initialize fs cache: %w", err)
+	}
+	return Cache{Cache: fsCache}, nil
 }

 // Reset resets the cache
@@ -55,7 +67,7 @@ func (c Cache) ClearDB() (err error) {
 // ClearImages clears the cache images
 func (c Cache) ClearImages() error {
 	log.Logger.Info("Removing image caches...")
-	if err := c.client.Clear(); err != nil {
+	if err := c.Clear(); err != nil {
 		return xerrors.Errorf("failed to remove the cache: %w", err)
 	}
 	return nil
--- a/internal/server/config/config.go
+++ b/internal/server/config/config.go
@@ -6,23 +6,25 @@ import (
 	"github.com/aquasecurity/trivy/internal/config"
 )

-// Config holds the  Trivy config
+// Config holds the Trivy config
 type Config struct {
 	config.GlobalConfig
 	config.DBConfig
+	config.CacheConfig

 	Listen      string
 	Token       string
 	TokenHeader string
 }

-// New is the factory method to return cofig
+// New is the factory method to return config
 func New(c *cli.Context) Config {
 	// the error is ignored because logger is unnecessary
 	gc, _ := config.NewGlobalConfig(c) // nolint: errcheck
 	return Config{
 		GlobalConfig: gc,
 		DBConfig:     config.NewDBConfig(c),
+		CacheConfig:  config.NewCacheConfig(c),

 		Listen:      c.String("listen"),
 		Token:       c.String("token"),
@@ -30,11 +32,14 @@ func New(c *cli.Context) Config {
 	}
 }

-// Init initializes the DB config
+// Init initializes the config
 func (c *Config) Init() (err error) {
 	if err := c.DBConfig.Init(); err != nil {
 		return err
 	}
+	if err := c.CacheConfig.Init(); err != nil {
+		return err
+	}

 	return nil
 }
--- a/internal/server/run.go
+++ b/internal/server/run.go
@@ -4,7 +4,6 @@ import (
 	"github.com/urfave/cli/v2"
 	"golang.org/x/xerrors"

-	"github.com/aquasecurity/fanal/cache"
 	"github.com/aquasecurity/trivy-db/pkg/db"
 	"github.com/aquasecurity/trivy/internal/operation"
 	"github.com/aquasecurity/trivy/internal/server/config"
@@ -30,17 +29,15 @@ func run(c config.Config) (err error) {

 	// configure cache dir
 	utils.SetCacheDir(c.CacheDir)
+	cache, err := operation.NewCache(c.CacheBackend)
+	if err != nil {
+		return xerrors.Errorf("server cache error: %w", err)
+	}
+	defer cache.Close()
 	log.Logger.Debugf("cache dir:  %s", utils.CacheDir())

-	fsCache, err := cache.NewFSCache(utils.CacheDir())
-	if err != nil {
-		return xerrors.Errorf("unable to initialize cache: %w", err)
-	}
-
-	// server doesn't have image cache
-	cacheOperation := operation.NewCache(fsCache)
 	if c.Reset {
-		return cacheOperation.ClearDB()
+		return cache.ClearDB()
 	}

 	// download the database file
@@ -56,5 +53,5 @@ func run(c config.Config) (err error) {
 		return xerrors.Errorf("error in vulnerability DB initialize: %w", err)
 	}

-	return server.ListenAndServe(c, fsCache)
+	return server.ListenAndServe(c, cache)
 }
--- a/pkg/detector/library/driver.go
+++ b/pkg/detector/library/driver.go
@@ -43,6 +43,8 @@ func (d DriverFactory) NewDriver(filename string) (Driver, error) {
 		driver = newNpmDriver()
 	case "Pipfile.lock", "poetry.lock":
 		driver = newPipDriver()
+	case "packages.lock.json":
+		driver = newNugetDriver()
 	default:
 		return Driver{}, xerrors.New(fmt.Sprintf("unsupport filename %s", filename))
 	}
@@ -114,3 +116,8 @@ func newPipDriver() Driver {
 	return NewDriver(ghsa.NewAdvisory(ecosystem.Pip, c), python.NewAdvisory(),
 		NewAdvisory(vulnerability.Pip, c))
 }
+
+func newNugetDriver() Driver {
+	c := comparer.GenericComparer{}
+	return NewDriver(ghsa.NewAdvisory(ecosystem.Nuget, c), NewAdvisory(vulnerability.NuGet, c))
+}
--- a/pkg/detector/library/ghsa/advisory_test.go
+++ b/pkg/detector/library/ghsa/advisory_test.go
@@ -33,7 +33,7 @@ func TestAdvisory_DetectVulnerabilities(t *testing.T) {
 		wantErr  string
 	}{
 		{
-			name: "detected",
+			name: "composer detected",
 			fields: fields{
 				ecosystem: ghsaSrc.Composer,
 				comparer:  comparer.GenericComparer{},
@@ -52,6 +52,26 @@ func TestAdvisory_DetectVulnerabilities(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "nuget detected",
+			fields: fields{
+				ecosystem: ghsaSrc.Nuget,
+				comparer:  comparer.GenericComparer{},
+			},
+			args: args{
+				pkgName: "AWSSDK.Core",
+				pkgVer:  "3.5.1.30",
+			},
+			fixtures: []string{"testdata/fixtures/ghsa.yaml"},
+			want: []types.DetectedVulnerability{
+				{
+					PkgName:          "AWSSDK.Core",
+					InstalledVersion: "3.5.1.30",
+					VulnerabilityID:  "CVE-2020-99999",
+					FixedVersion:     "3.5.1.31",
+				},
+			},
+		},
 		{
 			name: "not detected",
 			fields: fields{
--- a/pkg/detector/library/ghsa/testdata/fixtures/ghsa.yaml
+++ b/pkg/detector/library/ghsa/testdata/fixtures/ghsa.yaml
@@ -9,4 +9,14 @@
              - 4.4.13
            VulnerableVersions:
              - ">= 5.0.0, < 5.1.5"
-              - ">= 4.4.0, < 4.4.13"
+              - ">= 4.4.0, < 4.4.13"
+- bucket: GitHub Security Advisory Nuget
+  pairs:
+    - bucket: "AWSSDK.Core"
+      pairs:
+        - key: CVE-2020-99999
+          value:
+            PatchedVersions:
+              - 3.5.1.31
+            VulnerableVersions:
+              - ">= 3.0.0, < 3.5.1.31"
--- a/pkg/detector/ospkg/redhat/redhat.go
+++ b/pkg/detector/ospkg/redhat/redhat.go
@@ -62,8 +62,7 @@ func (s *Scanner) Detect(osVer string, pkgs []ftypes.Package) ([]types.DetectedV

 	var vulns []types.DetectedVulnerability
 	for _, pkg := range pkgs {
-		if !s.isFromSupportedVendor(pkg) {
-			log.Logger.Debugf("Skipping %s: unsupported vendor", pkg.SrcName)
+		if !s.isSupported(pkg) {
 			continue
 		}

@@ -137,6 +136,20 @@ func (s *Scanner) isSupportedVersion(now time.Time, osFamily, osVer string) bool
 	return now.Before(eolDate)
 }

+func (s *Scanner) isSupported(pkg ftypes.Package) bool {
+	if !s.isFromSupportedVendor(pkg) {
+		log.Logger.Debugf("Skipping %s: unsupported vendor", pkg.Name)
+		return false
+	}
+
+	// Skip modular packages until OVALv2 is supported
+	if pkg.Modularitylabel != "" {
+		log.Logger.Debugf("Skipping modular package %s (%s) as temporary workaround", pkg.Name, pkg.Modularitylabel)
+		return false
+	}
+	return true
+}
+
 func (s *Scanner) isFromSupportedVendor(pkg ftypes.Package) bool {
 	for _, s := range excludedVendorsSuffix {
 		if strings.HasSuffix(pkg.Release, s) {
--- a/pkg/detector/ospkg/redhat/redhat_test.go
+++ b/pkg/detector/ospkg/redhat/redhat_test.go
@@ -177,37 +177,6 @@ func TestScanner_Detect(t *testing.T) {
 				},
 			},
 		},
-		{
-			name: "sad path: Get returns an error",
-			args: args{
-				osVer: "5",
-				pkgs: []ftypes.Package{
-					{
-						Name:       "nss",
-						Version:    "3.36.0",
-						Release:    "7.1.el7_6",
-						Epoch:      0,
-						Arch:       "x86_64",
-						SrcName:    "nss",
-						SrcVersion: "3.36.0",
-						SrcRelease: "7.4.160",
-						SrcEpoch:   0,
-					},
-				},
-			},
-			get: []dbTypes.GetExpectation{
-				{
-					Args: dbTypes.GetArgs{
-						Release: "5",
-						PkgName: "nss",
-					},
-					Returns: dbTypes.GetReturns{
-						Err: xerrors.New("error"),
-					},
-				},
-			},
-			wantErr: true,
-		},
 		{
 			name: "happy path: packages from remi repository are skipped",
 			args: args{
@@ -247,6 +216,77 @@ func TestScanner_Detect(t *testing.T) {
 			},
 			want: []types.DetectedVulnerability(nil),
 		},
+		{
+			name: "happy path: modular packages are skipped",
+			args: args{
+				osVer: "8.3",
+				pkgs: []ftypes.Package{
+					{
+						Name:            "php",
+						Version:         "7.2.24",
+						Release:         "1.module_el8.2.0+313+b04d0a66",
+						Arch:            "x86_64",
+						Epoch:           0,
+						SrcName:         "php",
+						SrcVersion:      "7.2.24",
+						SrcRelease:      "1.module_el8.2.0+313+b04d0a66",
+						SrcEpoch:        0,
+						Modularitylabel: "php:7.2:8020020200507003613:2c7ca891",
+						Layer: ftypes.Layer{
+							DiffID: "sha256:3e968ecc016e1b9aa19023798229bf2d25c813d1bf092533f38b056aff820524",
+						},
+					},
+				},
+			},
+			get: []dbTypes.GetExpectation{
+				{
+					Args: dbTypes.GetArgs{
+						Release: "8",
+						PkgName: "php",
+					},
+					Returns: dbTypes.GetReturns{
+						Advisories: []dbTypes.Advisory{
+							{
+								VulnerabilityID: "CVE-2019-11043",
+								FixedVersion:    "7.3.5-5.module+el8.1.0+4560+e0eee7d6",
+							},
+						},
+					},
+				},
+			},
+			want: []types.DetectedVulnerability(nil),
+		},
+		{
+			name: "sad path: Get returns an error",
+			args: args{
+				osVer: "5",
+				pkgs: []ftypes.Package{
+					{
+						Name:       "nss",
+						Version:    "3.36.0",
+						Release:    "7.1.el7_6",
+						Epoch:      0,
+						Arch:       "x86_64",
+						SrcName:    "nss",
+						SrcVersion: "3.36.0",
+						SrcRelease: "7.4.160",
+						SrcEpoch:   0,
+					},
+				},
+			},
+			get: []dbTypes.GetExpectation{
+				{
+					Args: dbTypes.GetArgs{
+						Release: "5",
+						PkgName: "nss",
+					},
+					Returns: dbTypes.GetReturns{
+						Err: xerrors.New("error"),
+					},
+				},
+			},
+			wantErr: true,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
--- a/pkg/report/writer.go
+++ b/pkg/report/writer.go
@@ -85,7 +85,7 @@ func (tw TableWriter) write(result Result) {
 	table := tablewriter.NewWriter(tw.Output)
 	header := []string{"Library", "Vulnerability ID", "Severity", "Installed Version", "Fixed Version"}
 	if !tw.Light {
-		header = append(header, "Title", "URL")
+		header = append(header, "Title")
 	}
 	table.SetHeader(header)

@@ -101,6 +101,12 @@ func (tw TableWriter) write(result Result) {
 		if len(splittedTitle) >= 12 {
 			title = strings.Join(splittedTitle[:12], " ") + "..."
 		}
+
+		if len(v.PrimaryURL) > 0 {
+			r := strings.NewReplacer("https://", "", "http://", "")
+			title = fmt.Sprintf("%s -->%s", title, r.Replace(v.PrimaryURL))
+		}
+
 		var row []string
 		if tw.Output == os.Stdout {
 			row = []string{v.PkgName, v.VulnerabilityID, dbTypes.ColorizeSeverity(v.Severity),
@@ -110,7 +116,7 @@ func (tw TableWriter) write(result Result) {
 		}

 		if !tw.Light {
-			row = append(row, title, strings.TrimPrefix(v.PrimaryURL, "https://"))
+			row = append(row, strings.TrimSpace(title))
 		}
 		table.Append(row)
 	}
--- a/pkg/report/writer_test.go
+++ b/pkg/report/writer_test.go
@@ -37,11 +37,12 @@ func TestReportWriter_Table(t *testing.T) {
 					},
 				},
 			},
-			expectedOutput: `+---------+------------------+----------+-------------------+---------------+--------+-----------------------------------+
-| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE  |                URL                |
-+---------+------------------+----------+-------------------+---------------+--------+-----------------------------------+
-| foo     | CVE-2020-0001    | HIGH     | 1.2.3             | 3.4.5         | foobar | avd.aquasec.com/nvd/cve-2020-0001 |
-+---------+------------------+----------+-------------------+---------------+--------+-----------------------------------+
+			expectedOutput: `+---------+------------------+----------+-------------------+---------------+--------------------------------------+
+| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                TITLE                 |
+---------+------------------+----------+-------------------+---------------+--------------------------------------+
+| foo     | CVE-2020-0001    | HIGH     | 1.2.3             | 3.4.5         | foobar                               |
+|         |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2020-0001 |
+---------+------------------+----------+-------------------+---------------+--------------------------------------+
 `,
 		},
 		{
@@ -68,7 +69,7 @@ func TestReportWriter_Table(t *testing.T) {
 `,
 		},
 		{
-			name: "no title for vuln",
+			name: "no title for vuln and missing primary link",
 			detectedVulns: []types.DetectedVulnerability{
 				{
 					VulnerabilityID:  "123",
@@ -81,11 +82,11 @@ func TestReportWriter_Table(t *testing.T) {
 					},
 				},
 			},
-			expectedOutput: `+---------+------------------+----------+-------------------+---------------+--------+-----+
-| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE  | URL |
-+---------+------------------+----------+-------------------+---------------+--------+-----+
-| foo     |              123 | HIGH     | 1.2.3             | 3.4.5         | foobar |     |
-+---------+------------------+----------+-------------------+---------------+--------+-----+
+			expectedOutput: `+---------+------------------+----------+-------------------+---------------+--------+
+| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE  |
+---------+------------------+----------+-------------------+---------------+--------+
+| foo     |              123 | HIGH     | 1.2.3             | 3.4.5         | foobar |
+---------+------------------+----------+-------------------+---------------+--------+
 `,
 		},
 		{
@@ -103,11 +104,12 @@ func TestReportWriter_Table(t *testing.T) {
 					},
 				},
 			},
-			expectedOutput: `+---------+------------------+----------+-------------------+---------------+----------------------------+-----------------------------------+
-| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |           TITLE            |                URL                |
-+---------+------------------+----------+-------------------+---------------+----------------------------+-----------------------------------+
-| foo     | CVE-2020-1234    | HIGH     | 1.2.3             | 3.4.5         | a b c d e f g h i j k l... | avd.aquasec.com/nvd/cve-2020-0001 |
-+---------+------------------+----------+-------------------+---------------+----------------------------+-----------------------------------+
+			expectedOutput: `+---------+------------------+----------+-------------------+---------------+--------------------------------------+
+| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                TITLE                 |
+---------+------------------+----------+-------------------+---------------+--------------------------------------+
+| foo     | CVE-2020-1234    | HIGH     | 1.2.3             | 3.4.5         | a b c d e f g h i j k l...           |
+|         |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2020-0001 |
+---------+------------------+----------+-------------------+---------------+--------------------------------------+
 `,
 		},
 		{
--- a/pkg/rpc/client/client_test.go
+++ b/pkg/rpc/client/client_test.go
@@ -5,18 +5,17 @@ import (
 	"errors"
 	"testing"

-	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
-
-	"github.com/aquasecurity/trivy/rpc/common"
-
+	"github.com/golang/protobuf/ptypes/timestamp"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"

-	"github.com/stretchr/testify/mock"
-
 	ftypes "github.com/aquasecurity/fanal/types"
+	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
+	"github.com/aquasecurity/trivy-db/pkg/utils"
 	"github.com/aquasecurity/trivy/pkg/report"
 	"github.com/aquasecurity/trivy/pkg/types"
+	"github.com/aquasecurity/trivy/rpc/common"
 	"github.com/aquasecurity/trivy/rpc/scanner"
 )

@@ -171,6 +170,12 @@ func TestScanner_Scan(t *testing.T) {
 										Layer: &common.Layer{
 											DiffId: "sha256:5216338b40a7b96416b8b9858974bbe4acc3096ee60acbc4dfb1ee02aecceb10",
 										},
+										LastModifiedDate: &timestamp.Timestamp{
+											Seconds: 1577840460,
+										},
+										PublishedDate: &timestamp.Timestamp{
+											Seconds: 978310860,
+										},
 									},
 								},
 							},
@@ -206,7 +211,9 @@ func TestScanner_Scan(t *testing.T) {
 										V3Score:  2.8,
 									},
 								},
-								CweIDs: []string{"CWE-78"},
+								CweIDs:           []string{"CWE-78"},
+								LastModifiedDate: utils.MustTimeParse("2020-01-01T01:01:00Z"),
+								PublishedDate:    utils.MustTimeParse("2001-01-01T01:01:00Z"),
 							},
 							SeveritySource: "nvd",
 							Layer: ftypes.Layer{
--- a/pkg/rpc/convert.go
+++ b/pkg/rpc/convert.go
@@ -1,7 +1,10 @@
 package rpc

 import (
+	"time"
+
 	"github.com/golang/protobuf/ptypes"
+	"github.com/golang/protobuf/ptypes/timestamp"

 	ftypes "github.com/aquasecurity/fanal/types"
 	deptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
@@ -96,6 +99,15 @@ func ConvertToRPCVulns(vulns []types.DetectedVulnerability) []*common.Vulnerabil
 			}
 		}

+		var lastModifiedDate, publishedDate *timestamp.Timestamp
+		if vuln.LastModifiedDate != nil {
+			lastModifiedDate, _ = ptypes.TimestampProto(*vuln.LastModifiedDate) // nolint: errcheck
+		}
+
+		if vuln.PublishedDate != nil {
+			publishedDate, _ = ptypes.TimestampProto(*vuln.PublishedDate) // nolint: errcheck
+		}
+
 		rpcVulns = append(rpcVulns, &common.Vulnerability{
 			VulnerabilityId:  vuln.VulnerabilityID,
 			PkgName:          vuln.PkgName,
@@ -109,10 +121,12 @@ func ConvertToRPCVulns(vulns []types.DetectedVulnerability) []*common.Vulnerabil
 				Digest: vuln.Layer.Digest,
 				DiffId: vuln.Layer.DiffID,
 			},
-			Cvss:           cvssMap,
-			SeveritySource: vuln.SeveritySource,
-			CweIds:         vuln.CweIDs,
-			PrimaryUrl:     vuln.PrimaryURL,
+			Cvss:             cvssMap,
+			SeveritySource:   vuln.SeveritySource,
+			CweIds:           vuln.CweIDs,
+			PrimaryUrl:       vuln.PrimaryURL,
+			LastModifiedDate: lastModifiedDate,
+			PublishedDate:    publishedDate,
 		})
 	}
 	return rpcVulns
@@ -135,18 +149,30 @@ func ConvertFromRPCResults(rpcResults []*scanner.Result) []report.Result {
 				}
 			}

+			var lastModifiedDate, publishedDate *time.Time
+			if vuln.LastModifiedDate != nil {
+				t, _ := ptypes.Timestamp(vuln.LastModifiedDate) // nolint: errcheck
+				lastModifiedDate = &t
+			}
+			if vuln.PublishedDate != nil {
+				t, _ := ptypes.Timestamp(vuln.PublishedDate) // nolint: errcheck
+				publishedDate = &t
+			}
+
 			vulns = append(vulns, types.DetectedVulnerability{
 				VulnerabilityID:  vuln.VulnerabilityId,
 				PkgName:          vuln.PkgName,
 				InstalledVersion: vuln.InstalledVersion,
 				FixedVersion:     vuln.FixedVersion,
 				Vulnerability: dbTypes.Vulnerability{
-					Title:       vuln.Title,
-					Description: vuln.Description,
-					Severity:    severity.String(),
-					CVSS:        cvssMap,
-					References:  vuln.References,
-					CweIDs:      vuln.CweIds,
+					Title:            vuln.Title,
+					Description:      vuln.Description,
+					Severity:         severity.String(),
+					CVSS:             cvssMap,
+					References:       vuln.References,
+					CweIDs:           vuln.CweIds,
+					LastModifiedDate: lastModifiedDate,
+					PublishedDate:    publishedDate,
 				},
 				Layer: ftypes.Layer{
 					Digest: vuln.Layer.Digest,
--- a/pkg/rpc/convert_test.go
+++ b/pkg/rpc/convert_test.go
@@ -3,17 +3,20 @@ package rpc
 import (
 	"os"
 	"testing"
+	"time"

-	"github.com/aquasecurity/trivy/rpc/common"
+	"github.com/stretchr/testify/assert"
+	"google.golang.org/protobuf/types/known/timestamppb"

 	ftypes "github.com/aquasecurity/fanal/types"
-
-	"github.com/aquasecurity/trivy/pkg/log"
-
 	ptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
+	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
+	"github.com/aquasecurity/trivy/pkg/log"
+	"github.com/aquasecurity/trivy/pkg/report"
 	"github.com/aquasecurity/trivy/pkg/types"
-	"github.com/stretchr/testify/assert"
+	"github.com/aquasecurity/trivy/rpc/common"
+	"github.com/aquasecurity/trivy/rpc/scanner"
 )

 func TestMain(m *testing.M) {
@@ -182,6 +185,9 @@ func TestConvertToRpcLibraries(t *testing.T) {
 }

 func TestConvertToRpcVulns(t *testing.T) {
+	fixedPublishedDate := time.Unix(1257894000, 0)
+	fixedLastModifiedDate := time.Unix(1257894010, 0)
+
 	type args struct {
 		vulns []types.DetectedVulnerability
 	}
@@ -211,7 +217,9 @@ func TestConvertToRpcVulns(t *testing.T) {
 									V3Score:  7.8,
 								},
 							},
-							References: []string{"http://example.com"},
+							References:       []string{"http://example.com"},
+							PublishedDate:    &fixedPublishedDate,
+							LastModifiedDate: &fixedLastModifiedDate,
 						},
 						Layer: ftypes.Layer{
 							Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812",
@@ -243,7 +251,9 @@ func TestConvertToRpcVulns(t *testing.T) {
 						Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812",
 						DiffId: "sha256:b2a1a2d80bf0c747a4f6b0ca6af5eef23f043fcdb1ed4f3a3e750aef2dc68079",
 					},
-					PrimaryUrl: "https://avd.aquasec.com/nvd/CVE-2019-0001",
+					PrimaryUrl:       "https://avd.aquasec.com/nvd/CVE-2019-0001",
+					PublishedDate:    timestamppb.New(fixedPublishedDate),
+					LastModifiedDate: timestamppb.New(fixedLastModifiedDate),
 				},
 			},
 		},
@@ -291,7 +301,178 @@ func TestConvertToRpcVulns(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got := ConvertToRPCVulns(tt.args.vulns)
-			assert.Equal(t, got, tt.want, tt.name)
+			assert.Equal(t, tt.want, got, tt.name)
+		})
+	}
+}
+
+func TestConvertFromRPCResults(t *testing.T) {
+	fixedPublishedDate := time.Date(2009, 11, 10, 23, 0, 0, 0, time.UTC)
+	fixedLastModifiedDate := time.Date(2009, 11, 10, 23, 0, 10, 0, time.UTC)
+
+	type args struct {
+		rpcResults []*scanner.Result
+	}
+	tests := []struct {
+		name string
+		args args
+		want []report.Result
+	}{
+		{
+			name: "happy path",
+			args: args{rpcResults: []*scanner.Result{
+				{
+					Target: "alpine:3.10",
+					Type:   vulnerability.Alpine,
+					Vulnerabilities: []*common.Vulnerability{
+						{
+							VulnerabilityId:  "CVE-2019-0001",
+							PkgName:          "musl",
+							InstalledVersion: "1.2.3",
+							FixedVersion:     "1.2.4",
+							Title:            "DoS",
+							Description:      "Denial of Service",
+							Severity:         common.Severity_MEDIUM,
+							SeveritySource:   vulnerability.Nvd,
+							CweIds:           []string{"CWE-123", "CWE-456"},
+							Cvss: map[string]*common.CVSS{
+								"redhat": {
+									V2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
+									V3Vector: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+									V2Score:  7.2,
+									V3Score:  7.8,
+								},
+							},
+							References: []string{"http://example.com"},
+							Layer: &common.Layer{
+								Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812",
+								DiffId: "sha256:b2a1a2d80bf0c747a4f6b0ca6af5eef23f043fcdb1ed4f3a3e750aef2dc68079",
+							},
+							PrimaryUrl:       "https://avd.aquasec.com/nvd/CVE-2019-0001",
+							PublishedDate:    timestamppb.New(fixedPublishedDate),
+							LastModifiedDate: timestamppb.New(fixedLastModifiedDate),
+						},
+					},
+				}},
+			},
+			want: []report.Result{
+				{
+					Target: "alpine:3.10",
+					Type:   vulnerability.Alpine,
+					Vulnerabilities: []types.DetectedVulnerability{
+						{
+							VulnerabilityID:  "CVE-2019-0001",
+							PkgName:          "musl",
+							InstalledVersion: "1.2.3",
+							FixedVersion:     "1.2.4",
+							Layer: ftypes.Layer{
+								Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812",
+								DiffID: "sha256:b2a1a2d80bf0c747a4f6b0ca6af5eef23f043fcdb1ed4f3a3e750aef2dc68079",
+							},
+							SeveritySource: vulnerability.Nvd,
+							PrimaryURL:     "https://avd.aquasec.com/nvd/CVE-2019-0001",
+							Vulnerability: dbTypes.Vulnerability{
+								Title:          "DoS",
+								Description:    "Denial of Service",
+								Severity:       common.Severity_MEDIUM.String(),
+								CweIDs:         []string{"CWE-123", "CWE-456"},
+								VendorSeverity: nil,
+								CVSS: dbTypes.VendorCVSS{
+									"redhat": {
+										V2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
+										V3Vector: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+										V2Score:  7.2,
+										V3Score:  7.8,
+									},
+								},
+								References:       []string{"http://example.com"},
+								PublishedDate:    &fixedPublishedDate,
+								LastModifiedDate: &fixedLastModifiedDate,
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "happy path - with nil dates",
+			args: args{rpcResults: []*scanner.Result{
+				{
+					Target: "alpine:3.10",
+					Type:   vulnerability.Alpine,
+					Vulnerabilities: []*common.Vulnerability{
+						{
+							VulnerabilityId:  "CVE-2019-0001",
+							PkgName:          "musl",
+							InstalledVersion: "1.2.3",
+							FixedVersion:     "1.2.4",
+							Title:            "DoS",
+							Description:      "Denial of Service",
+							Severity:         common.Severity_MEDIUM,
+							SeveritySource:   vulnerability.Nvd,
+							CweIds:           []string{"CWE-123", "CWE-456"},
+							Cvss: map[string]*common.CVSS{
+								"redhat": {
+									V2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
+									V3Vector: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+									V2Score:  7.2,
+									V3Score:  7.8,
+								},
+							},
+							References: []string{"http://example.com"},
+							Layer: &common.Layer{
+								Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812",
+								DiffId: "sha256:b2a1a2d80bf0c747a4f6b0ca6af5eef23f043fcdb1ed4f3a3e750aef2dc68079",
+							},
+							PrimaryUrl:       "https://avd.aquasec.com/nvd/CVE-2019-0001",
+							PublishedDate:    nil,
+							LastModifiedDate: nil,
+						},
+					},
+				}},
+			},
+			want: []report.Result{
+				{
+					Target: "alpine:3.10",
+					Type:   vulnerability.Alpine,
+					Vulnerabilities: []types.DetectedVulnerability{
+						{
+							VulnerabilityID:  "CVE-2019-0001",
+							PkgName:          "musl",
+							InstalledVersion: "1.2.3",
+							FixedVersion:     "1.2.4",
+							Layer: ftypes.Layer{
+								Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812",
+								DiffID: "sha256:b2a1a2d80bf0c747a4f6b0ca6af5eef23f043fcdb1ed4f3a3e750aef2dc68079",
+							},
+							SeveritySource: vulnerability.Nvd,
+							PrimaryURL:     "https://avd.aquasec.com/nvd/CVE-2019-0001",
+							Vulnerability: dbTypes.Vulnerability{
+								Title:          "DoS",
+								Description:    "Denial of Service",
+								Severity:       common.Severity_MEDIUM.String(),
+								CweIDs:         []string{"CWE-123", "CWE-456"},
+								VendorSeverity: nil,
+								CVSS: dbTypes.VendorCVSS{
+									"redhat": {
+										V2Vector: "AV:L/AC:L/Au:N/C:C/I:C/A:C",
+										V3Vector: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+										V2Score:  7.2,
+										V3Score:  7.8,
+									},
+								},
+								References: []string{"http://example.com"},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := ConvertFromRPCResults(tt.args.rpcResults)
+			assert.Equal(t, tt.want, got, tt.name)
 		})
 	}
 }
--- a/pkg/rpc/server/library/server_test.go
+++ b/pkg/rpc/server/library/server_test.go
@@ -5,14 +5,15 @@ import (
 	"os"
 	"testing"

-	ftypes "github.com/aquasecurity/fanal/types"
-
+	"github.com/golang/protobuf/ptypes/timestamp"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/xerrors"

+	ftypes "github.com/aquasecurity/fanal/types"
 	ptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
+	"github.com/aquasecurity/trivy-db/pkg/utils"
 	"github.com/aquasecurity/trivy/pkg/detector/library"
 	"github.com/aquasecurity/trivy/pkg/log"
 	"github.com/aquasecurity/trivy/pkg/types"
@@ -67,11 +68,13 @@ func TestServer_Detect(t *testing.T) {
 							InstalledVersion: "1",
 							FixedVersion:     "2",
 							Vulnerability: dbTypes.Vulnerability{
-								Title:       "title",
-								Description: "description",
-								Severity:    "MEDIUM",
-								References:  []string{"http://example.com"},
-								CweIDs:      []string{"CWE-78"},
+								Title:            "title",
+								Description:      "description",
+								Severity:         "MEDIUM",
+								References:       []string{"http://example.com"},
+								LastModifiedDate: utils.MustTimeParse("2020-01-01T01:01:00Z"),
+								PublishedDate:    utils.MustTimeParse("2001-01-01T01:01:00Z"),
+								CweIDs:           []string{"CWE-78"},
 							},
 							Layer: ftypes.Layer{
 								Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812",
@@ -90,11 +93,13 @@ func TestServer_Detect(t *testing.T) {
 							InstalledVersion: "1",
 							FixedVersion:     "2",
 							Vulnerability: dbTypes.Vulnerability{
-								Title:       "title",
-								Description: "description",
-								Severity:    "MEDIUM",
-								References:  []string{"http://example.com"},
-								CweIDs:      []string{"CWE-78"},
+								Title:            "title",
+								Description:      "description",
+								Severity:         "MEDIUM",
+								References:       []string{"http://example.com"},
+								LastModifiedDate: utils.MustTimeParse("2020-01-01T01:01:00Z"),
+								PublishedDate:    utils.MustTimeParse("2001-01-01T01:01:00Z"),
+								CweIDs:           []string{"CWE-78"},
 							},
 							Layer: ftypes.Layer{
 								Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812",
@@ -116,7 +121,13 @@ func TestServer_Detect(t *testing.T) {
 						Severity:         common.Severity_MEDIUM,
 						Cvss:             make(map[string]*common.CVSS),
 						References:       []string{"http://example.com"},
-						CweIds:           []string{"CWE-78"},
+						LastModifiedDate: &timestamp.Timestamp{
+							Seconds: 1577840460,
+						},
+						PublishedDate: &timestamp.Timestamp{
+							Seconds: 978310860,
+						},
+						CweIds: []string{"CWE-78"},
 						Layer: &common.Layer{
 							Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812",
 							DiffId: "sha256:b2a1a2d80bf0c747a4f6b0ca6af5eef23f043fcdb1ed4f3a3e750aef2dc68079",
--- a/pkg/rpc/server/listen.go
+++ b/pkg/rpc/server/listen.go
@@ -31,7 +31,7 @@ var DBWorkerSuperSet = wire.NewSet(
 )

 // ListenAndServe starts Trivy server
-func ListenAndServe(c config.Config, fsCache cache.FSCache) error {
+func ListenAndServe(c config.Config, serverCache cache.Cache) error {
 	requestWg := &sync.WaitGroup{}
 	dbUpdateWg := &sync.WaitGroup{}

@@ -46,13 +46,13 @@ func ListenAndServe(c config.Config, fsCache cache.FSCache) error {
 		}
 	}()

-	mux := newServeMux(fsCache, dbUpdateWg, requestWg, c.Token, c.TokenHeader)
+	mux := newServeMux(serverCache, dbUpdateWg, requestWg, c.Token, c.TokenHeader)
 	log.Logger.Infof("Listening %s...", c.Listen)

 	return http.ListenAndServe(c.Listen, mux)
 }

-func newServeMux(fsCache cache.FSCache, dbUpdateWg, requestWg *sync.WaitGroup, token, tokenHeader string) *http.ServeMux {
+func newServeMux(serverCache cache.Cache, dbUpdateWg, requestWg *sync.WaitGroup, token, tokenHeader string) *http.ServeMux {
 	withWaitGroup := func(base http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			// Stop processing requests during DB update
@@ -69,10 +69,10 @@ func newServeMux(fsCache cache.FSCache, dbUpdateWg, requestWg *sync.WaitGroup, t

 	mux := http.NewServeMux()

-	scanHandler := rpcScanner.NewScannerServer(initializeScanServer(fsCache), nil)
+	scanHandler := rpcScanner.NewScannerServer(initializeScanServer(serverCache), nil)
 	mux.Handle(rpcScanner.ScannerPathPrefix, withToken(withWaitGroup(scanHandler), token, tokenHeader))

-	layerHandler := rpcCache.NewCacheServer(NewCacheServer(fsCache), nil)
+	layerHandler := rpcCache.NewCacheServer(NewCacheServer(serverCache), nil)
 	mux.Handle(rpcCache.CachePathPrefix, withToken(withWaitGroup(layerHandler), token, tokenHeader))

 	// osHandler is for backward compatibility
--- a/pkg/rpc/server/ospkg/server_test.go
+++ b/pkg/rpc/server/ospkg/server_test.go
@@ -5,12 +5,14 @@ import (
 	"os"
 	"testing"

+	"github.com/golang/protobuf/ptypes/timestamp"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/xerrors"

 	ftypes "github.com/aquasecurity/fanal/types"
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
+	"github.com/aquasecurity/trivy-db/pkg/utils"
 	"github.com/aquasecurity/trivy/pkg/detector/ospkg"
 	"github.com/aquasecurity/trivy/pkg/log"
 	"github.com/aquasecurity/trivy/pkg/types"
@@ -63,7 +65,9 @@ func TestServer_Detect(t *testing.T) {
 							VulnerabilityID: "CVE-2019-0001",
 							PkgName:         "musl",
 							Vulnerability: dbTypes.Vulnerability{
-								Severity: "HIGH",
+								Severity:         "HIGH",
+								LastModifiedDate: utils.MustTimeParse("2020-01-01T01:01:00Z"),
+								PublishedDate:    utils.MustTimeParse("2001-01-01T01:01:00Z"),
 							},
 							Layer: ftypes.Layer{
 								Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812",
@@ -80,7 +84,9 @@ func TestServer_Detect(t *testing.T) {
 							VulnerabilityID: "CVE-2019-0001",
 							PkgName:         "musl",
 							Vulnerability: dbTypes.Vulnerability{
-								Severity: "HIGH",
+								Severity:         "HIGH",
+								LastModifiedDate: utils.MustTimeParse("2020-01-01T01:01:00Z"),
+								PublishedDate:    utils.MustTimeParse("2001-01-01T01:01:00Z"),
 							},
 							Layer: ftypes.Layer{
 								Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812",
@@ -101,6 +107,12 @@ func TestServer_Detect(t *testing.T) {
 							Digest: "sha256:154ad0735c360b212b167f424d33a62305770a1fcfb6363882f5c436cfbd9812",
 							DiffId: "sha256:b2a1a2d80bf0c747a4f6b0ca6af5eef23f043fcdb1ed4f3a3e750aef2dc68079",
 						},
+						LastModifiedDate: &timestamp.Timestamp{
+							Seconds: 1577840460,
+						},
+						PublishedDate: &timestamp.Timestamp{
+							Seconds: 978310860,
+						},
 					},
 				},
 			},
--- a/pkg/rpc/server/server_test.go
+++ b/pkg/rpc/server/server_test.go
@@ -17,6 +17,7 @@ import (
 	ftypes "github.com/aquasecurity/fanal/types"
 	deptypes "github.com/aquasecurity/go-dep-parser/pkg/types"
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
+	"github.com/aquasecurity/trivy-db/pkg/utils"
 	"github.com/aquasecurity/trivy/pkg/report"
 	"github.com/aquasecurity/trivy/pkg/scanner"
 	"github.com/aquasecurity/trivy/pkg/types"
@@ -69,8 +70,11 @@ func TestScanServer_Scan(t *testing.T) {
 									PkgName:          "musl",
 									InstalledVersion: "1.2.3",
 									FixedVersion:     "1.2.4",
-									Vulnerability:    dbTypes.Vulnerability{},
 									SeveritySource:   "nvd",
+									Vulnerability: dbTypes.Vulnerability{
+										LastModifiedDate: utils.MustTimeParse("2020-01-01T01:01:00Z"),
+										PublishedDate:    utils.MustTimeParse("2001-01-01T01:01:00Z"),
+									},
 								},
 							},
 							Type: "alpine",
@@ -90,8 +94,11 @@ func TestScanServer_Scan(t *testing.T) {
 							PkgName:          "musl",
 							InstalledVersion: "1.2.3",
 							FixedVersion:     "1.2.4",
-							Vulnerability:    dbTypes.Vulnerability{},
-							SeveritySource:   "nvd",
+							Vulnerability: dbTypes.Vulnerability{
+								LastModifiedDate: utils.MustTimeParse("2020-01-01T01:01:00Z"),
+								PublishedDate:    utils.MustTimeParse("2001-01-01T01:01:00Z"),
+							},
+							SeveritySource: "nvd",
 						},
 					},
 					ReportType: "alpine",
@@ -115,6 +122,12 @@ func TestScanServer_Scan(t *testing.T) {
 								SeveritySource:   "nvd",
 								Layer:            &common.Layer{},
 								Cvss:             make(map[string]*common.CVSS),
+								LastModifiedDate: &timestamp.Timestamp{
+									Seconds: 1577840460,
+								},
+								PublishedDate: &timestamp.Timestamp{
+									Seconds: 978310860,
+								},
 							},
 						},
 						Type: "alpine",
--- a/pkg/scanner/local/scan.go
+++ b/pkg/scanner/local/scan.go
@@ -17,6 +17,7 @@ import (
 	_ "github.com/aquasecurity/fanal/analyzer/library/cargo"
 	_ "github.com/aquasecurity/fanal/analyzer/library/composer"
 	_ "github.com/aquasecurity/fanal/analyzer/library/npm"
+	_ "github.com/aquasecurity/fanal/analyzer/library/nuget"
 	_ "github.com/aquasecurity/fanal/analyzer/library/pipenv"
 	_ "github.com/aquasecurity/fanal/analyzer/library/poetry"
 	_ "github.com/aquasecurity/fanal/analyzer/library/yarn"
--- a/pkg/vulnerability/vulnerability.go
+++ b/pkg/vulnerability/vulnerability.go
@@ -73,29 +73,36 @@ func (c Client) FillInfo(vulns []types.DetectedVulnerability, reportType string)
 			continue
 		}

-		var source string
-		switch reportType {
-		case vulnerability.Ubuntu, vulnerability.Alpine, vulnerability.RedHat, vulnerability.RedHatOVAL, vulnerability.Debian, vulnerability.DebianOVAL, vulnerability.Fedora, vulnerability.Amazon, vulnerability.OracleOVAL, vulnerability.SuseCVRF, vulnerability.OpenSuseCVRF, vulnerability.Photon:
-			source = reportType
-		case vulnerability.CentOS: // CentOS doesn't have its own so we use RedHat
-			source = vulnerability.RedHat
-		case "npm", "yarn":
-			source = vulnerability.NodejsSecurityWg
-		case "pipenv", "poetry":
-			source = vulnerability.PythonSafetyDB
-		case "bundler":
-			source = vulnerability.RubySec
-		case "cargo":
-			source = vulnerability.RustSec
-		case "composer":
-			source = vulnerability.PhpSecurityAdvisories
-		}
-
+		source := c.detectSource(reportType)
 		vulns[i].Severity, vulns[i].SeveritySource = c.getVendorSeverity(&vulns[i], source)
 		vulns[i].PrimaryURL = c.getPrimaryURL(vulns[i].VulnerabilityID, vulns[i].References, source)
 		vulns[i].Vulnerability.VendorSeverity = nil // Remove VendorSeverity from Results
 	}
 }
+func (c Client) detectSource(reportType string) string {
+	var source string
+	switch reportType {
+	case vulnerability.Ubuntu, vulnerability.Alpine, vulnerability.RedHat, vulnerability.RedHatOVAL,
+		vulnerability.Debian, vulnerability.DebianOVAL, vulnerability.Fedora, vulnerability.Amazon,
+		vulnerability.OracleOVAL, vulnerability.SuseCVRF, vulnerability.OpenSuseCVRF, vulnerability.Photon:
+		source = reportType
+	case vulnerability.CentOS: // CentOS doesn't have its own so we use RedHat
+		source = vulnerability.RedHat
+	case "npm", "yarn":
+		source = vulnerability.NodejsSecurityWg
+	case "nuget":
+		source = vulnerability.GHSANuget
+	case "pipenv", "poetry":
+		source = vulnerability.PythonSafetyDB
+	case "bundler":
+		source = vulnerability.RubySec
+	case "cargo":
+		source = vulnerability.RustSec
+	case "composer":
+		source = vulnerability.PhpSecurityAdvisories
+	}
+	return source
+}

 func (c Client) getVendorSeverity(vuln *types.DetectedVulnerability, source string) (string, string) {
 	if vs, ok := vuln.VendorSeverity[source]; ok {
--- a/pkg/vulnerability/vulnerability_test.go
+++ b/pkg/vulnerability/vulnerability_test.go
@@ -11,6 +11,7 @@ import (

 	"github.com/aquasecurity/trivy-db/pkg/db"
 	dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
+	"github.com/aquasecurity/trivy-db/pkg/utils"
 	"github.com/aquasecurity/trivy-db/pkg/vulnsrc/vulnerability"
 	"github.com/aquasecurity/trivy/pkg/log"
 	"github.com/aquasecurity/trivy/pkg/types"
@@ -46,10 +47,12 @@ func TestClient_FillInfo(t *testing.T) {
 					},
 					Returns: db.OperationGetVulnerabilityReturns{
 						Vulnerability: dbTypes.Vulnerability{
-							Title:       "dos",
-							Description: "dos vulnerability",
-							Severity:    dbTypes.SeverityMedium.String(),
-							References:  []string{"http://example.com"},
+							Title:            "dos",
+							Description:      "dos vulnerability",
+							Severity:         dbTypes.SeverityMedium.String(),
+							References:       []string{"http://example.com"},
+							LastModifiedDate: utils.MustTimeParse("2020-01-01T01:01:00Z"),
+							PublishedDate:    utils.MustTimeParse("2001-01-01T01:01:00Z"),
 						},
 					},
 				},
@@ -64,10 +67,12 @@ func TestClient_FillInfo(t *testing.T) {
 				{
 					VulnerabilityID: "CVE-2019-0001",
 					Vulnerability: dbTypes.Vulnerability{
-						Title:       "dos",
-						Description: "dos vulnerability",
-						Severity:    dbTypes.SeverityMedium.String(),
-						References:  []string{"http://example.com"},
+						Title:            "dos",
+						Description:      "dos vulnerability",
+						Severity:         dbTypes.SeverityMedium.String(),
+						References:       []string{"http://example.com"},
+						LastModifiedDate: utils.MustTimeParse("2020-01-01T01:01:00Z"),
+						PublishedDate:    utils.MustTimeParse("2001-01-01T01:01:00Z"),
 					},
 					PrimaryURL: "https://avd.aquasec.com/nvd/cve-2019-0001",
 				},
@@ -88,7 +93,9 @@ func TestClient_FillInfo(t *testing.T) {
 							VendorSeverity: dbTypes.VendorSeverity{
 								vulnerability.Nvd: dbTypes.SeverityLow,
 							},
-							References: []string{"http://example.com"},
+							References:       []string{"http://example.com"},
+							LastModifiedDate: utils.MustTimeParse("2020-01-01T01:01:00Z"),
+							PublishedDate:    utils.MustTimeParse("2001-01-01T01:01:00Z"),
 						},
 					},
 				},
@@ -103,10 +110,12 @@ func TestClient_FillInfo(t *testing.T) {
 				{
 					VulnerabilityID: "CVE-2019-0001",
 					Vulnerability: dbTypes.Vulnerability{
-						Title:       "dos",
-						Description: "dos vulnerability",
-						Severity:    dbTypes.SeverityLow.String(),
-						References:  []string{"http://example.com"},
+						Title:            "dos",
+						Description:      "dos vulnerability",
+						Severity:         dbTypes.SeverityLow.String(),
+						References:       []string{"http://example.com"},
+						LastModifiedDate: utils.MustTimeParse("2020-01-01T01:01:00Z"),
+						PublishedDate:    utils.MustTimeParse("2001-01-01T01:01:00Z"),
 					},
 					SeveritySource: vulnerability.Nvd,
 					PrimaryURL:     "https://avd.aquasec.com/nvd/cve-2019-0001",
--- a/rpc/common/service.pb.go
+++ b/rpc/common/service.pb.go
@@ -6,6 +6,7 @@ package common
 import (
 	fmt "fmt"
 	proto "github.com/golang/protobuf/proto"
+	timestamp "github.com/golang/protobuf/ptypes/timestamp"
 	math "math"
 )

@@ -358,22 +359,24 @@ func (m *Library) GetVersion() string {
 }

 type Vulnerability struct {
-	VulnerabilityId      string           `protobuf:"bytes,1,opt,name=vulnerability_id,json=vulnerabilityId,proto3" json:"vulnerability_id,omitempty"`
-	PkgName              string           `protobuf:"bytes,2,opt,name=pkg_name,json=pkgName,proto3" json:"pkg_name,omitempty"`
-	InstalledVersion     string           `protobuf:"bytes,3,opt,name=installed_version,json=installedVersion,proto3" json:"installed_version,omitempty"`
-	FixedVersion         string           `protobuf:"bytes,4,opt,name=fixed_version,json=fixedVersion,proto3" json:"fixed_version,omitempty"`
-	Title                string           `protobuf:"bytes,5,opt,name=title,proto3" json:"title,omitempty"`
-	Description          string           `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty"`
-	Severity             Severity         `protobuf:"varint,7,opt,name=severity,proto3,enum=trivy.common.Severity" json:"severity,omitempty"`
-	References           []string         `protobuf:"bytes,8,rep,name=references,proto3" json:"references,omitempty"`
-	Layer                *Layer           `protobuf:"bytes,10,opt,name=layer,proto3" json:"layer,omitempty"`
-	SeveritySource       string           `protobuf:"bytes,11,opt,name=severity_source,json=severitySource,proto3" json:"severity_source,omitempty"`
-	Cvss                 map[string]*CVSS `protobuf:"bytes,12,rep,name=cvss,proto3" json:"cvss,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
-	CweIds               []string         `protobuf:"bytes,13,rep,name=cwe_ids,json=cweIds,proto3" json:"cwe_ids,omitempty"`
-	PrimaryUrl           string           `protobuf:"bytes,14,opt,name=primary_url,json=primaryUrl,proto3" json:"primary_url,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}         `json:"-"`
-	XXX_unrecognized     []byte           `json:"-"`
-	XXX_sizecache        int32            `json:"-"`
+	VulnerabilityId      string               `protobuf:"bytes,1,opt,name=vulnerability_id,json=vulnerabilityId,proto3" json:"vulnerability_id,omitempty"`
+	PkgName              string               `protobuf:"bytes,2,opt,name=pkg_name,json=pkgName,proto3" json:"pkg_name,omitempty"`
+	InstalledVersion     string               `protobuf:"bytes,3,opt,name=installed_version,json=installedVersion,proto3" json:"installed_version,omitempty"`
+	FixedVersion         string               `protobuf:"bytes,4,opt,name=fixed_version,json=fixedVersion,proto3" json:"fixed_version,omitempty"`
+	Title                string               `protobuf:"bytes,5,opt,name=title,proto3" json:"title,omitempty"`
+	Description          string               `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty"`
+	Severity             Severity             `protobuf:"varint,7,opt,name=severity,proto3,enum=trivy.common.Severity" json:"severity,omitempty"`
+	References           []string             `protobuf:"bytes,8,rep,name=references,proto3" json:"references,omitempty"`
+	Layer                *Layer               `protobuf:"bytes,10,opt,name=layer,proto3" json:"layer,omitempty"`
+	SeveritySource       string               `protobuf:"bytes,11,opt,name=severity_source,json=severitySource,proto3" json:"severity_source,omitempty"`
+	Cvss                 map[string]*CVSS     `protobuf:"bytes,12,rep,name=cvss,proto3" json:"cvss,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
+	CweIds               []string             `protobuf:"bytes,13,rep,name=cwe_ids,json=cweIds,proto3" json:"cwe_ids,omitempty"`
+	PrimaryUrl           string               `protobuf:"bytes,14,opt,name=primary_url,json=primaryUrl,proto3" json:"primary_url,omitempty"`
+	PublishedDate        *timestamp.Timestamp `protobuf:"bytes,15,opt,name=published_date,json=publishedDate,proto3" json:"published_date,omitempty"`
+	LastModifiedDate     *timestamp.Timestamp `protobuf:"bytes,16,opt,name=last_modified_date,json=lastModifiedDate,proto3" json:"last_modified_date,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}             `json:"-"`
+	XXX_unrecognized     []byte               `json:"-"`
+	XXX_sizecache        int32                `json:"-"`
 }

 func (m *Vulnerability) Reset()         { *m = Vulnerability{} }
@@ -492,6 +495,20 @@ func (m *Vulnerability) GetPrimaryUrl() string {
 	return ""
 }

+func (m *Vulnerability) GetPublishedDate() *timestamp.Timestamp {
+	if m != nil {
+		return m.PublishedDate
+	}
+	return nil
+}
+
+func (m *Vulnerability) GetLastModifiedDate() *timestamp.Timestamp {
+	if m != nil {
+		return m.LastModifiedDate
+	}
+	return nil
+}
+
 type Layer struct {
 	Digest               string   `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"`
 	DiffId               string   `protobuf:"bytes,2,opt,name=diff_id,json=diffId,proto3" json:"diff_id,omitempty"`
@@ -618,53 +635,58 @@ func init() {
 func init() { proto.RegisterFile("rpc/common/service.proto", fileDescriptor_6e749acacaaabfff) }

 var fileDescriptor_6e749acacaaabfff = []byte{
-	// 767 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x54, 0xdf, 0x8f, 0xdb, 0x44,
-	0x10, 0xc6, 0x89, 0x13, 0x3b, 0xe3, 0xdc, 0xd5, 0x2c, 0xa5, 0xb8, 0x54, 0x82, 0xc8, 0x08, 0x91,
-	0x82, 0x94, 0x82, 0xf3, 0x40, 0xe1, 0xad, 0xa4, 0x27, 0x6a, 0xf5, 0x9a, 0xab, 0x1c, 0x2e, 0x95,
-	0x90, 0x90, 0xe5, 0x5b, 0xaf, 0x93, 0x55, 0x1c, 0xdb, 0xda, 0x75, 0x5c, 0xfc, 0x27, 0xf2, 0x07,
-	0xf1, 0x8e, 0xf6, 0x87, 0x73, 0x49, 0xc5, 0x4b, 0xdf, 0x76, 0xe6, 0xfb, 0x3c, 0xdf, 0x37, 0xbb,
-	0xe3, 0x01, 0x8f, 0x55, 0xf8, 0x19, 0x2e, 0xf7, 0xfb, 0xb2, 0x78, 0xc6, 0x09, 0x6b, 0x28, 0x26,
-	0xb3, 0x8a, 0x95, 0x75, 0x89, 0xc6, 0x35, 0xa3, 0x4d, 0x3b, 0x53, 0x98, 0xff, 0x23, 0xf4, 0x6e,
-	0x56, 0xe8, 0x11, 0x0c, 0xb3, 0x64, 0x4f, 0xf3, 0xd6, 0x33, 0x26, 0xc6, 0x74, 0x14, 0xe9, 0x08,
-	0x21, 0x30, 0x8b, 0x64, 0x4f, 0xbc, 0x9e, 0xcc, 0xca, 0xb3, 0xff, 0x17, 0x38, 0x6f, 0x13, 0xbc,
-	0x4b, 0x36, 0x24, 0x2c, 0xb2, 0x12, 0x3d, 0x81, 0x51, 0x46, 0x73, 0x12, 0x57, 0x49, 0xbd, 0xd5,
-	0x5f, 0xdb, 0x22, 0xf1, 0x36, 0xa9, 0xb7, 0xe8, 0x27, 0xb0, 0x2b, 0xc5, 0xe5, 0x5e, 0x6f, 0xd2,
-	0x9f, 0x3a, 0xc1, 0xe7, 0xb3, 0x53, 0xf9, 0x99, 0xae, 0x14, 0x1d, 0x69, 0x3e, 0x07, 0xe7, 0x45,
-	0x55, 0xe5, 0x14, 0x27, 0x35, 0x2d, 0x0b, 0xe1, 0xa0, 0x6e, 0x2b, 0xa2, 0x2b, 0xcb, 0xf3, 0xb9,
-	0x64, 0xef, 0x03, 0xc9, 0x39, 0x8c, 0x72, 0x7a, 0xc7, 0x12, 0x46, 0x09, 0xf7, 0xfa, 0xff, 0xa7,
-	0x79, 0x2d, 0xe1, 0x36, 0xba, 0xe7, 0xf9, 0xff, 0x1a, 0x60, 0x69, 0x2b, 0xc7, 0x9e, 0x8d, 0xfb,
-	0x9e, 0x91, 0x07, 0x56, 0x43, 0x18, 0xa7, 0x65, 0xa1, 0xf5, 0xba, 0x50, 0x20, 0x8c, 0xe4, 0x24,
-	0xe1, 0xc4, 0xeb, 0x2b, 0x44, 0x87, 0xe8, 0x21, 0x0c, 0x48, 0x55, 0xe2, 0xad, 0x67, 0x4e, 0x8c,
-	0xe9, 0x20, 0x52, 0x81, 0xa8, 0x9e, 0x30, 0xbc, 0xf5, 0x06, 0xaa, 0xba, 0x38, 0xa3, 0xc7, 0x60,
-	0x73, 0x86, 0x63, 0xa9, 0x3a, 0x54, 0x45, 0x38, 0xc3, 0x4b, 0x21, 0xfc, 0x35, 0x38, 0x02, 0xea,
-	0xc4, 0x2d, 0x89, 0x02, 0x67, 0x78, 0xad, 0xf5, 0x35, 0xa1, 0xf3, 0x60, 0x1f, 0x09, 0x91, 0xb6,
-	0xf1, 0x04, 0x46, 0x82, 0xa0, 0xac, 0x8c, 0xa4, 0x15, 0xa1, 0x76, 0x25, 0x62, 0xff, 0x67, 0xb0,
-	0xf4, 0x6d, 0x7c, 0x5c, 0xdb, 0xfe, 0x3f, 0x26, 0x5c, 0xac, 0x0f, 0x79, 0x41, 0x58, 0x72, 0x47,
-	0x73, 0x5a, 0xb7, 0xe8, 0x29, 0xb8, 0xcd, 0x69, 0x22, 0xa6, 0xa9, 0xae, 0xf5, 0xe0, 0x2c, 0x1f,
-	0xa6, 0xa2, 0xdf, 0x6a, 0xb7, 0x89, 0x4f, 0x26, 0xcb, 0xaa, 0x76, 0x1b, 0xd9, 0xef, 0x0f, 0xf0,
-	0x29, 0x2d, 0x78, 0x9d, 0xe4, 0x39, 0x49, 0x8f, 0x5d, 0xab, 0x8b, 0x75, 0x8f, 0x40, 0xd7, 0xfb,
-	0x37, 0x70, 0x91, 0xd1, 0xbf, 0x4f, 0x88, 0xa6, 0x24, 0x8e, 0x65, 0xb2, 0x23, 0x3d, 0x84, 0x41,
-	0x4d, 0xeb, 0x9c, 0xe8, 0x1b, 0x57, 0x01, 0x9a, 0x80, 0x93, 0x12, 0x8e, 0x19, 0xad, 0xc4, 0x94,
-	0xe9, 0x5b, 0x3f, 0x4d, 0xa1, 0x00, 0x6c, 0x4e, 0x1a, 0xc2, 0x68, 0xdd, 0xca, 0x6b, 0xbf, 0x0c,
-	0x1e, 0x9d, 0x8f, 0xd1, 0x4a, 0xa3, 0xd1, 0x91, 0x87, 0xbe, 0x02, 0x60, 0x24, 0x23, 0x8c, 0x14,
-	0x98, 0x70, 0xcf, 0x9e, 0xf4, 0xc5, 0x5b, 0xdc, 0x67, 0xd0, 0x53, 0x18, 0xe4, 0x49, 0x4b, 0x98,
-	0x07, 0x13, 0x63, 0xea, 0x04, 0x9f, 0x7d, 0x30, 0x97, 0x02, 0x8a, 0x14, 0x03, 0x7d, 0x07, 0x0f,
-	0xba, 0xb2, 0x31, 0x2f, 0x0f, 0x0c, 0x13, 0xcf, 0x91, 0x26, 0x2f, 0xbb, 0xf4, 0x4a, 0x66, 0xd1,
-	0x2f, 0x60, 0xe2, 0x86, 0x73, 0x6f, 0x2c, 0x47, 0xfd, 0xdb, 0xf3, 0x92, 0x67, 0x4f, 0x34, 0x5b,
-	0x34, 0x9c, 0x5f, 0x15, 0x35, 0x6b, 0x23, 0xf9, 0x09, 0xfa, 0x02, 0x2c, 0xfc, 0x9e, 0xc4, 0x34,
-	0xe5, 0xde, 0x85, 0xf4, 0x3a, 0xc4, 0xef, 0x49, 0x98, 0x72, 0x31, 0x54, 0x15, 0xa3, 0xfb, 0x84,
-	0xb5, 0xf1, 0x81, 0xe5, 0xde, 0xa5, 0x1a, 0x2a, 0x9d, 0xba, 0x65, 0xf9, 0x97, 0xaf, 0x61, 0x74,
-	0x2c, 0x86, 0x5c, 0xe8, 0xef, 0x48, 0xb7, 0x39, 0xc4, 0x11, 0x4d, 0x61, 0xd0, 0x24, 0xf9, 0x41,
-	0xbd, 0xae, 0x13, 0xa0, 0x73, 0x53, 0x8b, 0xf5, 0x6a, 0x15, 0x29, 0xc2, 0xaf, 0xbd, 0xe7, 0x86,
-	0xff, 0x1c, 0x06, 0xb2, 0x75, 0xb1, 0x85, 0x52, 0xba, 0x21, 0xbc, 0xee, 0xb6, 0x90, 0x8a, 0x84,
-	0xcf, 0x94, 0x66, 0x99, 0x98, 0xa8, 0x5e, 0x07, 0x64, 0x59, 0x98, 0xfa, 0x0d, 0x98, 0xa2, 0x98,
-	0x98, 0xf1, 0x26, 0x88, 0x1b, 0x82, 0xeb, 0x92, 0x75, 0x3b, 0xa8, 0x09, 0xd6, 0x32, 0x96, 0xe0,
-	0xbc, 0x03, 0xf5, 0xb6, 0x68, 0xe6, 0x1a, 0x7c, 0x0c, 0x76, 0x13, 0xc4, 0x1c, 0x97, 0x4c, 0xfd,
-	0xbf, 0x46, 0x64, 0x35, 0xc1, 0x4a, 0x84, 0x12, 0x9a, 0x6b, 0xc8, 0xd4, 0xd0, 0x5c, 0x42, 0xdf,
-	0xbf, 0x04, 0xbb, 0x7b, 0x7d, 0xe4, 0x80, 0x75, 0xbb, 0x7c, 0xbd, 0xbc, 0x79, 0xb7, 0x74, 0x3f,
-	0x41, 0x16, 0xf4, 0xaf, 0x6f, 0xde, 0xb9, 0x06, 0x02, 0x18, 0xbe, 0xb9, 0x7a, 0x19, 0xde, 0xbe,
-	0x71, 0x7b, 0xc8, 0x06, 0xf3, 0x55, 0xf8, 0xfb, 0x2b, 0xb7, 0x8f, 0xc6, 0x60, 0x2f, 0xa2, 0xf0,
-	0x8f, 0x70, 0xf1, 0xe2, 0xda, 0x35, 0x7f, 0xb3, 0xff, 0x1c, 0xaa, 0x1b, 0xb9, 0x1b, 0xca, 0xcd,
-	0x3c, 0xff, 0x2f, 0x00, 0x00, 0xff, 0xff, 0x77, 0x90, 0x19, 0xab, 0xb5, 0x05, 0x00, 0x00,
+	// 848 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x54, 0x5b, 0x6f, 0xdb, 0x46,
+	0x13, 0xfd, 0x74, 0x25, 0x35, 0xf4, 0x85, 0xdf, 0x36, 0x4d, 0x19, 0x07, 0x68, 0x04, 0x15, 0x45,
+	0x95, 0x16, 0x90, 0x5b, 0xea, 0xa1, 0x69, 0xdf, 0x5c, 0xdb, 0xa8, 0x85, 0xf8, 0x12, 0x50, 0xb1,
+	0x03, 0x14, 0x28, 0x88, 0xd5, 0x72, 0x29, 0x2d, 0x4c, 0x91, 0xc4, 0xee, 0x8a, 0x29, 0xff, 0x68,
+	0xff, 0x49, 0xdf, 0x8b, 0xbd, 0x50, 0x96, 0x82, 0x02, 0x45, 0xdf, 0x76, 0xe6, 0x9c, 0x39, 0x73,
+	0xe1, 0x70, 0x20, 0xe0, 0x25, 0x39, 0x25, 0xc5, 0x7a, 0x5d, 0xe4, 0xa7, 0x82, 0xf2, 0x8a, 0x11,
+	0x3a, 0x29, 0x79, 0x21, 0x0b, 0x74, 0x20, 0x39, 0xab, 0xea, 0x89, 0xc1, 0x4e, 0x5e, 0x2d, 0x8b,
+	0x62, 0x99, 0xd1, 0x53, 0x8d, 0x2d, 0x36, 0xe9, 0xa9, 0x64, 0x6b, 0x2a, 0x24, 0x5e, 0x97, 0x86,
+	0x3e, 0xfa, 0x1e, 0xda, 0x77, 0x73, 0xf4, 0x1c, 0xfa, 0x29, 0x5e, 0xb3, 0xac, 0x0e, 0x5a, 0xc3,
+	0xd6, 0x78, 0x10, 0x59, 0x0b, 0x21, 0xe8, 0xe6, 0x78, 0x4d, 0x83, 0xb6, 0xf6, 0xea, 0xf7, 0xe8,
+	0x77, 0xf0, 0xde, 0x61, 0xf2, 0x88, 0x97, 0x74, 0x96, 0xa7, 0x05, 0x7a, 0x09, 0x83, 0x94, 0x65,
+	0x34, 0x2e, 0xb1, 0x5c, 0xd9, 0x68, 0x57, 0x39, 0xde, 0x61, 0xb9, 0x42, 0x3f, 0x80, 0x5b, 0x1a,
+	0xae, 0x08, 0xda, 0xc3, 0xce, 0xd8, 0x0b, 0x3f, 0x9f, 0xec, 0xd6, 0x37, 0xb1, 0x4a, 0xd1, 0x96,
+	0x36, 0x12, 0xe0, 0x9d, 0x95, 0x65, 0xc6, 0x08, 0x96, 0xac, 0xc8, 0x55, 0x05, 0xb2, 0x2e, 0xa9,
+	0x55, 0xd6, 0xef, 0xfd, 0x94, 0xed, 0x4f, 0x52, 0x4e, 0x61, 0x90, 0xb1, 0x05, 0xc7, 0x9c, 0x51,
+	0x11, 0x74, 0xfe, 0x29, 0xe7, 0xb5, 0x86, 0xeb, 0xe8, 0x89, 0x37, 0xfa, 0xab, 0x05, 0x8e, 0x2d,
+	0x65, 0xdb, 0x73, 0xeb, 0xa9, 0x67, 0x14, 0x80, 0x53, 0x51, 0x2e, 0x58, 0x91, 0xdb, 0x7c, 0x8d,
+	0xa9, 0x10, 0x4e, 0x33, 0x8a, 0x05, 0x0d, 0x3a, 0x06, 0xb1, 0x26, 0x7a, 0x06, 0x3d, 0x5a, 0x16,
+	0x64, 0x15, 0x74, 0x87, 0xad, 0x71, 0x2f, 0x32, 0x86, 0x52, 0xc7, 0x9c, 0xac, 0x82, 0x9e, 0x51,
+	0x57, 0x6f, 0xf4, 0x02, 0x5c, 0xc1, 0x49, 0xac, 0xb3, 0xf6, 0x8d, 0x88, 0xe0, 0xe4, 0x56, 0x25,
+	0x7e, 0x05, 0x9e, 0x82, 0x9a, 0xe4, 0x8e, 0x46, 0x41, 0x70, 0xf2, 0x60, 0xf3, 0x5b, 0x42, 0x53,
+	0x83, 0xbb, 0x25, 0x44, 0xb6, 0x8c, 0x97, 0x30, 0x50, 0x04, 0x53, 0xca, 0x40, 0x97, 0xa2, 0xb2,
+	0x5d, 0x2a, 0x7b, 0xf4, 0x23, 0x38, 0x76, 0x1a, 0xff, 0xad, 0xed, 0xd1, 0x9f, 0x3d, 0x38, 0x7c,
+	0xd8, 0x64, 0x39, 0xe5, 0x78, 0xc1, 0x32, 0x26, 0x6b, 0xf4, 0x1a, 0xfc, 0x6a, 0xd7, 0x11, 0xb3,
+	0xc4, 0x6a, 0x1d, 0xef, 0xf9, 0x67, 0x89, 0xea, 0xb7, 0x7c, 0x5c, 0xc6, 0x3b, 0x9b, 0xe5, 0x94,
+	0x8f, 0x4b, 0xdd, 0xef, 0x77, 0xf0, 0x7f, 0x96, 0x0b, 0x89, 0xb3, 0x8c, 0x26, 0xdb, 0xae, 0xcd,
+	0x60, 0xfd, 0x2d, 0xd0, 0xf4, 0xfe, 0x15, 0x1c, 0xa6, 0xec, 0x8f, 0x1d, 0x62, 0x57, 0x13, 0x0f,
+	0xb4, 0xb3, 0x21, 0x3d, 0x83, 0x9e, 0x64, 0x32, 0xa3, 0x76, 0xe2, 0xc6, 0x40, 0x43, 0xf0, 0x12,
+	0x2a, 0x08, 0x67, 0xa5, 0xda, 0x32, 0x3b, 0xf5, 0x5d, 0x17, 0x0a, 0xc1, 0x15, 0xb4, 0xa2, 0x9c,
+	0xc9, 0x5a, 0x8f, 0xfd, 0x28, 0x7c, 0xbe, 0xbf, 0x46, 0x73, 0x8b, 0x46, 0x5b, 0x1e, 0xfa, 0x12,
+	0x80, 0xd3, 0x94, 0x72, 0x9a, 0x13, 0x2a, 0x02, 0x77, 0xd8, 0x51, 0xdf, 0xe2, 0xc9, 0x83, 0x5e,
+	0x43, 0x2f, 0xc3, 0x35, 0xe5, 0x01, 0x0c, 0x5b, 0x63, 0x2f, 0xfc, 0xec, 0x93, 0xbd, 0x54, 0x50,
+	0x64, 0x18, 0xe8, 0x1b, 0x38, 0x6e, 0x64, 0x63, 0x51, 0x6c, 0x38, 0xa1, 0x81, 0xa7, 0x8b, 0x3c,
+	0x6a, 0xdc, 0x73, 0xed, 0x45, 0x3f, 0x41, 0x97, 0x54, 0x42, 0x04, 0x07, 0x7a, 0xd5, 0xbf, 0xde,
+	0x97, 0xdc, 0xfb, 0x44, 0x93, 0xf3, 0x4a, 0x88, 0xcb, 0x5c, 0xf2, 0x3a, 0xd2, 0x21, 0xe8, 0x0b,
+	0x70, 0xc8, 0x47, 0x1a, 0xb3, 0x44, 0x04, 0x87, 0xba, 0xd6, 0x3e, 0xf9, 0x48, 0x67, 0x89, 0x50,
+	0x4b, 0x55, 0x72, 0xb6, 0xc6, 0xbc, 0x8e, 0x37, 0x3c, 0x0b, 0x8e, 0xcc, 0x52, 0x59, 0xd7, 0x3d,
+	0xcf, 0xd0, 0x19, 0x1c, 0x95, 0x9b, 0x45, 0xc6, 0xc4, 0x8a, 0x26, 0x71, 0x82, 0x25, 0x0d, 0x8e,
+	0x75, 0x47, 0x27, 0x13, 0x73, 0x6f, 0x26, 0xcd, 0xbd, 0x99, 0xbc, 0x6f, 0xee, 0x4d, 0x74, 0xb8,
+	0x8d, 0xb8, 0xc0, 0x92, 0xa2, 0x2b, 0x40, 0x19, 0x16, 0x32, 0x5e, 0x17, 0x09, 0x4b, 0x59, 0x23,
+	0xe3, 0xff, 0xab, 0x8c, 0xaf, 0xa2, 0x6e, 0x6c, 0x90, 0x52, 0x3a, 0x79, 0x0b, 0x83, 0x6d, 0x67,
+	0xc8, 0x87, 0xce, 0x23, 0x6d, 0xce, 0x98, 0x7a, 0xa2, 0x31, 0xf4, 0x2a, 0x9c, 0x6d, 0xcc, 0xaa,
+	0x79, 0x21, 0xda, 0x9f, 0xd0, 0xf9, 0xc3, 0x7c, 0x1e, 0x19, 0xc2, 0xcf, 0xed, 0x37, 0xad, 0xd1,
+	0x1b, 0xe8, 0xe9, 0xef, 0xa0, 0x4e, 0x62, 0xc2, 0x96, 0x54, 0xc8, 0xe6, 0x24, 0x1a, 0x4b, 0x0d,
+	0x2d, 0x61, 0x69, 0xaa, 0xd6, 0xbb, 0xdd, 0x00, 0x69, 0x3a, 0x4b, 0x46, 0x15, 0x74, 0x95, 0x98,
+	0xfa, 0xe1, 0xaa, 0x30, 0xae, 0x28, 0x91, 0x05, 0x6f, 0x0e, 0x62, 0x15, 0x3e, 0x68, 0x5b, 0x83,
+	0xd3, 0x06, 0xb4, 0xa7, 0xab, 0x9a, 0x5a, 0xf0, 0x05, 0xb8, 0x55, 0x18, 0x0b, 0x52, 0x70, 0x73,
+	0x4c, 0x5a, 0x91, 0x53, 0x85, 0x73, 0x65, 0x6a, 0x68, 0x6a, 0xa1, 0xae, 0x85, 0xa6, 0x1a, 0xfa,
+	0xf6, 0x02, 0xdc, 0x66, 0x15, 0x91, 0x07, 0xce, 0xfd, 0xed, 0xdb, 0xdb, 0xbb, 0x0f, 0xb7, 0xfe,
+	0xff, 0x90, 0x03, 0x9d, 0xeb, 0xbb, 0x0f, 0x7e, 0x0b, 0x01, 0xf4, 0x6f, 0x2e, 0x2f, 0x66, 0xf7,
+	0x37, 0x7e, 0x1b, 0xb9, 0xd0, 0xbd, 0x9a, 0xfd, 0x7a, 0xe5, 0x77, 0xd0, 0x01, 0xb8, 0xe7, 0xd1,
+	0xec, 0xfd, 0xec, 0xfc, 0xec, 0xda, 0xef, 0xfe, 0xe2, 0xfe, 0xd6, 0x37, 0x13, 0x59, 0xf4, 0xf5,
+	0xd0, 0xa7, 0x7f, 0x07, 0x00, 0x00, 0xff, 0xff, 0xb6, 0xeb, 0x6b, 0xc8, 0x63, 0x06, 0x00, 0x00,
 }
--- a/rpc/common/service.proto
+++ b/rpc/common/service.proto
@@ -1,5 +1,7 @@
 syntax = "proto3";

+import "google/protobuf/timestamp.proto";
+
 package trivy.common;
 option  go_package = "common";

@@ -41,19 +43,21 @@ message Library {
 }

 message Vulnerability {
-  string            vulnerability_id  = 1;
-  string            pkg_name          = 2;
-  string            installed_version = 3;
-  string            fixed_version     = 4;
-  string            title             = 5;
-  string            description       = 6;
-  Severity          severity          = 7;
-  repeated string   references        = 8;
-  Layer             layer             = 10;
-  string            severity_source   = 11;
-  map<string, CVSS> cvss              = 12;
-  repeated string   cwe_ids           = 13;
-  string            primary_url       = 14;
+  string                    vulnerability_id   = 1;
+  string                    pkg_name           = 2;
+  string                    installed_version  = 3;
+  string                    fixed_version      = 4;
+  string                    title              = 5;
+  string                    description        = 6;
+  Severity                  severity           = 7;
+  repeated string           references         = 8;
+  Layer                     layer              = 10;
+  string                    severity_source    = 11;
+  map<string, CVSS>         cvss               = 12;
+  repeated string           cwe_ids            = 13;
+  string                    primary_url        = 14;
+  google.protobuf.Timestamp published_date     = 15;
+  google.protobuf.Timestamp last_modified_date = 16;
 }

 message Layer {
Author	SHA1	Message	Date
Johannes	08ca1b00b7	Feat: NuGet Scanner (#686 ) * Initial nuget advisory detector code. Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * Added nuget package to scan.go Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * Removed nuget advisory file and instead added csharp/nuget as a driver in driver.go. Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * Removed nuget package from driver. Added ghasnuget as a source in vulnerability.go Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * Updated nuget driver to use correct name and to initialize with the new generic scanner. Signed-off-by: Johannes Tegnér <johannes@jitesoft.com> * refactor: cut out to a separate method * chore(mod): update trivy-db * fix(driver): add a general driver * test(ghsa): add nuget * chore: update README Co-authored-by: knqyf263 <knqyf263@gmail.com>	2020-12-21 10:17:15 +02:00
Teppei Fukuda	7b86f81e29	feat(cache): support Redis (#770 ) * feat(config): add --cache-backend * feat(operation): embed cache.Cache into operation.Cache * feat(cache): support redis:// * test(integration): add redis test * chore(README): add --cache-backend * chore(mod): update * chore: add disclaimer	2020-12-21 08:26:19 +02:00
Masahiro331	8cd4afeaf1	fix(redhat): skip module packages (#776 ) * remove cbinding * skip modular packages * add debug log * Fix clomatic complexity 11 * Add comment * Fix test release * chore(mod): update * refactor(redhat): rename a method * test(redhat): refactor Co-authored-by: knqyf263 <knqyf263@gmail.com>	2020-12-18 07:52:13 +02:00
Teppei Fukuda	b606b621e5	chore: migrate from master to main (#778 )	2020-12-17 17:27:36 +02:00
Teppei Fukuda	5c2b14b910	chore(circleci): remove gofmt (#777 )	2020-12-17 15:35:11 +02:00
Teppei Fukuda	a19a023f1f	chore(README): remove experimental (#775 )	2020-12-16 06:06:17 +02:00
Simarpreet Singh	e6cef75162	NVD: Add timestamps. (#761 ) * (feat): Add NVD published and modified dates Signed-off-by: Simarpreet Singh <simar@linux.com> * (test): Fix golden files. Signed-off-by: Simarpreet Singh <simar@linux.com> * (test): Fix registry_test.go golden files. Signed-off-by: Simarpreet Singh <simar@linux.com> * (test): Fix distroless-base-ignore-unfixed.json.golden with ignore-unfixed option. Signed-off-by: Simarpreet Singh <simar@linux.com> * (test): Fix fluentd-multiple-lockfiles.json.golden. Signed-off-by: Simarpreet Singh <simar@linux.com> * (test): Fix alpine-310.html.golden file. Signed-off-by: Simarpreet Singh <simar@linux.com> * fix(convert): fix disparency between standalone and client/server * test(integration): update trivy.db * test(integration): update golden files * (test): Add a check for non nil date types. Signed-off-by: Simarpreet Singh <simar@linux.com> * (test): Add a unit test for ConvertFromRPCResults. Signed-off-by: Simarpreet Singh <simar@linux.com> * (test): Add a nil date case for ConvertFromRPCResults. Signed-off-by: Simarpreet Singh <simar@linux.com> * refactor: sort imports Co-authored-by: knqyf263 <knqyf263@gmail.com>	2020-12-14 13:21:09 -08:00
Simarpreet Singh	1371f72cfb	(fix): Make the table output less wide. (#763 ) * (fix): Make the table output less wide. Currently the table outupt can be as long as 200 characters wide in some images like nginx:1.16 This PR merges the Title and the URL columns to shorten it. With this change the longest column has reduced from 200 -> 162 (-19%). Signed-off-by: Simarpreet Singh <simar@linux.com> * (fix): Remove Debian TEMP-* links. These links are quite wide. Removing them makes it 200 -> 143 (-28.5%) shorter for table output. Signed-off-by: Simarpreet Singh <simar@linux.com> * Revert "(fix): Remove Debian TEMP-* links." This reverts commit `228540f7c3`.	2020-12-08 11:08:30 -08:00
Christian Zunker	8ecaa2f057	Add gitHubToken to prevent rate limit problems (#769 ) And remove unnecessary config parameters. Fixes #768 Signed-off-by: Christian Zunker <christian.zunker@codecentric.cloud>	2020-12-08 09:39:22 +02:00
Christian Zunker	8132174754	Add helm chart to install trivy in server mode. (#751 ) Fixes #688 Signed-off-by: Christian Zunker <christian.zunker@codecentric.cloud>	2020-12-06 13:21:19 +02:00
Jack Kelly	bcc285095d	chore(docs): add nix install (#762 )	2020-12-04 14:45:31 -08:00
irrandon	cb369727cd	HTML template (#567 ) * add html template * test(integration): use JSONEq only for JSON folden files Co-authored-by: knqyf263 <knqyf263@gmail.com>	2020-12-02 10:50:45 +02:00