A public report that a piece of software has a security problem.
A report's id. The same problem often has several ids from different databases; basilisk shows them as one entry.
How bad the problem would be if it applies to you, scored 0 to 10 by the reporting database. It says nothing about how likely that is.
We checked this package and found nothing. Different from "not checked", below.
We can't see this package yet, so finding nothing here means nothing. Treat it as unknown, not as safe.
The package itself is malicious. Severity scores don't apply: do not install it at any version.
We checked your exact version against the versions the report says are affected. Act on these.
The report names this package, but its version information couldn't be checked automatically. A human should look.
The report named no versions at all, so we have to assume any version could be affected. The weakest kind of match.
This identity was linked automatically and hasn't been reviewed by a person yet. A green check means a person verified the link is right.
osv.dev, the open-source world's shared vulnerability database. Most reports about Python and GitHub projects arrive here.
nvd.nist.gov, the U.S. government's vulnerability database. The source of CVE ids and an independent second opinion.