Vulnerability Count Mismatch: Aqua UI vs CSV Export
TABLE OF CONTENTS
Introduction
This article explains the difference in vulnerability counts between the Aqua UI and exported CSV files. Specifically, it explains why users may observe additional vulnerabilities in CSV exports due to Referenced CVEs linked to vendor advisories (e.g., Red Hat Security Advisories – RHSAs).
Applicability
This article applies to Aqua SaaS and Self-Hosted Editions.
It is valid for all currently supported Aqua versions where CSV exports are available in the Vulnerability Reports section.
Description
Learn why vulnerability counts may differ between Aqua UI and CSV exports, and how to interpret these results correctly.
When exporting vulnerability data, users may notice a higher count in the CSV export compared to what is displayed in the UI.
Root cause / Behavior by design:
In the UI, Aqua groups vendor advisories (e.g., RHSAs) as a single entry, even if they reference multiple CVEs. This provides a simplified view since fixing the advisory remediates all linked CVEs.
In the CSV export, these advisories are flattened into all individual CVEs they reference. This ensures reporting tools and auditors can see each CVE explicitly.
Filters in CSV export:
No filter: The CSV will include both the advisory (e.g., RHSA) and all of its referenced CVEs.
Referenced CVEs filter applied: The CSV will show only the expanded CVEs, excluding the advisory itself.
This explains why CSV exports may show different counts depending on the filter applied, and why the CSV may differ from what is shown in the UI. Both formats are correct: UI for operational visibility, and the CSV for detailed reporting.
Important notes:
This is behavior is expected by design.
Fixing the vendor advisory (e.g., RHSA) remediates all referenced CVEs together.
Changing this would require significant schema updates, so no immediate product changes are planned. Feedback has been shared with Product Management for future consideration.
Additional Resources
Did you find it helpful? Yes No
Send feedback