Advisory distribution

The pie chart below illustrates the advisory distribution for the package types we support by providing their total number and percentages.

Number of CVEs

The pie chart below illustrates how many advisories in the database are originating from NVD.


Coverage indicates how many advisories from NVD have been identified as relevant in the context of dependency scanning. The barchart below shows how many CVEs (in %) were translated into advisories because of their relation to a supported package. The X-axis depicts the year of the NVD data feed wheras the Y-asis depicts percentage of extracted CVEs.

TTM (Time to Merge)

Time to merge (TTM) measures the expired time between the publication of a CVE on NVD and the point in time where the advisory is merged into gemnasium-db. The figures below illustrates the monthly TTM trends. The orange line represents the mean values whereas the blue line represents the median values. The grey area illustrates the boundaries, i.e., the observed minimum and maximum TTM values for a certain period. In all figures below, the red, dashes line marks the 7 day threshold.