Posible vulnerability lists not updated

[next-modnavarro]

Hello, I'm trying versioneye enterprise on premise following https://github.com/versioneye/ops_contrib instructions. I've run a scan on my code and dependencies and the results are not showing a vulnerability described in CVE-2017-5929:
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.

Maybe I'm missing some update steps and it was my mistake??? I've run versioneye-update before launching the scan