We have GVM 7.0.3 and it produces some weird results:
nginx 1.9.5 - 1.15.5 Multiple Vulnerabilities
Installed version: 1.14.1
Fixed version: 1.15.6
CVE: CVE-2018-16843, CVE-2018-16844
But when we look into CVEs it says:
nginx before versions 1.15.6 and 1.14.1 has a vulnerability
There is no 1.14.1 version in the list of affected versions in the CVE description and nginx confirms it.
What should we do here? Report the issue to the developers in some way? Or look for some workaround with overrides?