How can I see the vulnerabilties of a different version of the component than I'm looking at?

If I have a build report that shows vulnerable components, I can drill down into the component to see what the vulnerabilities are for that version. I can also look at the component detail view and see what other versions are available and if they have security policy violations. What I don’t know how to do is to find out what the vulnerabilities of that other version are.

For example, in the nuget.org repo, jQuery.3.3.1 is known to be vulnerable. I can see that version 3.4.1 also has vulnerabilities by clicking on the slider, but I cannot see what those vulnerabilities are. Just that it has security policy violations. I can drill into the details on 3.3.1 and see that the vulnerability tripping the policy is valid through 3.4.0. But I’m in the dark as to what is found in 3.4.1 unless I download it, get it stopped by Nexus Firewall, go into Nexus Repo Manager as an administrator to connect to the IQ Server status, and look for the component there.

Thanks for the feedback Gene. At this time there isn’t a UI flow for this drill down, though we are exploring a UI to connect more information. You could use the public API to get component info for a specific version: Component Details REST API - v2 .

Thanks. I thought that might be the case.