What's New
CVE evidence now includes installed version
CVE findings include the detected installed version in their evidence object, making it clear exactly which version triggered each CVE.
```json
{
"id": "PC-CVE-CVE-2024-2262",
"evidence": {
"cve_id": "CVE-2024-2262",
"software": "woocommerce-products-filter",
"version_range": "*–1.4.4",
"installed_version": "1.3.8.2"
}
}
```
XML bomb protection in sitemap/RSS parsing
The users module now caps XML response size at 1 MB before parsing with ElementTree. Adversarially large XML responses are silently skipped.
Stats
- 602 tests, 0 regressions
- 85.83% coverage
- 120 permanent finding IDs