See https://public.vulnerablecode.io/vulnerabilities/VCID-y4zc-4mph-aaaf ... https://public.vulnerablecode.io/vulnerabilities/VCID-y4zc-4mph-aaaf/packages has no packages BUT https://public.vulnerablecode.io/packages/pkg:golang/github.com/pandatix/go-cvss@0.4.0 is said to be FIXING https://public.vulnerablecode.io/vulnerabilities/VCID-y4zc-4mph-aaaf
See https://public.vulnerablecode.io/vulnerabilities/VCID-y4zc-4mph-aaaf
... https://public.vulnerablecode.io/vulnerabilities/VCID-y4zc-4mph-aaaf/packages has no packages
BUT https://public.vulnerablecode.io/packages/pkg:golang/github.com/pandatix/go-cvss@0.4.0 is said to be FIXING https://public.vulnerablecode.io/vulnerabilities/VCID-y4zc-4mph-aaaf