Vulnerability Report

Software projects nowadays are based on many third party and open source libraries. It is important to be aware of any potential security vulnerabilities in these components, to ensure our own software project is secure.

Note: This feature is currently in preview.

From any feed's Vulnerabilities tab, a report of potential vulnerabilities in packages on that feed can be consulted.

Vulnerability report for packages

The vulnerability report provides us with an overview of potential vulnerabilities in our dependencies. We can also see the percentage of packages with potential vulnerabilities versus the percentage of packages with no known vulnerabilities.

From the list in the report, we can drill down and inspect a specific vulnerability for more information like a description of the vulnerability, steps to mitigate, and other background information.

Vulnerability information for specific package

Where does vulnerablity information come from?

MyGet sources the database provided by OSSIndex and Vor Security. They update their database regularly, and provide us with vulnerability information.

Found an issue with the documentation on this page? We accept contributions!
Read our contribution guidance or edit this page's source on GitHub.