why libcurl no cve?

[chenjianquan7]

libcurl 7.65.1 no cve ,why

[nscuro]

As explained in the issue you raised earlier (#3138 (comment)), the CPE you provided does not match any entries in the NVD: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibcurl%3Alibcurl%3A7.65.1%3A*%3A*%3A*%3A*%3A*%3A*%3A*

There is no CPE with libcurl in the vendor attribute of the CPE. If you don't know the correct vendor, you can use *, which will many any vendor in the vulnerability database.

Assuming you're running Dependency-Track 4.9.0, cpe:2.3:a:*:libcurl:7.65.1:*:*:*:*:*:*:* will give you results. I explained this in your original issue. Please do not create new issues or discussions for the same thing.