Vulnerabilities

The Vulnerabilities area is your coordinated vulnerability disclosure (CVD) workspace. It's where security weaknesses reported about your products or services are collected, triaged, and tracked all the way through to fix and disclosure. Reports submitted through your CVD portal — cvd.application.alxias.se — land here, and you can also log issues your own team discovers.

The page has two panes: a report list on the left and a detail pane on the right. When you have reports, you select one on the left to review and manage it on the right.

Tip: If your company hasn't received any reports yet, the list will be empty and the right pane will simply prompt you to "Select a report". That's normal — the list fills in as reports arrive.

Open the vulnerability register

1. In the left sidebar, under the Global group, click Vulnerabilities.
2. The register opens with the report list on the left and a "Select a report" prompt on the right.
3. If your company has received reports, they appear in the left-hand list. Click any one to load its details on the right.
4. If there are no reports yet, you'll see the empty-state message: "No reports yet — Vulnerability reports submitted via the CVD portal will appear here", along with a "0 reports" counter.
5. Click Refresh at any time to pull in newly submitted reports.

Filter reports by status

1. Click the Status button at the top of the list pane to open the filter menu.
2. Choose a stage to show only reports at that point in their lifecycle:
   • All statuses (the default — shows everything)
   • Received
   • Triaged
   • Fix in progress
   • Fix shipped
   • Disclosed
3. Keep All statuses selected to see every report regardless of stage.
4. To narrow the list by keyword, type in the Search reports… box.

Tip: Combine the status filter with the search box to quickly find, for example, a "Fix in progress" report on a specific component.

Log an internally discovered vulnerability

Use this when your own team finds a weakness rather than receiving it through the CVD portal. An internally discovered vulnerability enters the queue as an internal report and is not subject to the external disclosure deadline.

1. Click the Report button at the top of the list pane to open the "Report a vulnerability" dialog.
2. Enter a clear Title that names the issue.
3. Write a Description explaining the weakness.
4. Set the Severity (it defaults to Medium).
5. Fill in the Affected component and Affected versions if you know them.
6. Click Report vulnerability to add the entry to the queue, or Cancel to close without saving.
7. The new entry then appears in the list, where you can triage and track it.