What is an 'Unknown' severity in Xray?
In JFrog Xray, in some cases artifacts will be detected with vulnerabilities with an 'Unknown' severity.
An 'Unknown' severity means that Xray was able to detect the artifact as vulnerable, however there are no CVEs that are attached to the vulnerability.
While most of the sources where we collect information from have a valid CVE with an official score of CVSS, not all of them are.
While these has no CVSS score, these usually do have some security implications that should be mentioned, and therefore it is marked as an 'Unknown' severity.