The Common Vulnerabilities and Exposures (CVE) is a publicly accessible database maintained by the MITRE Corporation. It serves as a catalog of known security vulnerabilities and exposures found in software systems. Each vulnerability in the CVE database is assigned a unique identifier and provides essential information, such as the affected software versions and the flaw’s severity.
Third-party vulnerabilities have led to numerous high-profile security breaches. As such, using Software Composition Analysis (SCA) tools to scan your project for flawed dependencies is a good practice. An example of such a tool would be OWASP Dependency-Check. To mitigate the risk, dependencies should be regularly checked and updated if needed.