{% if logo_path %}
{% else %}
{% endif %}

CVE Impact

{% if mode == 'dossier' %}CVE Dossier Report{% else %}Portfolio CVE Summary{% endif %}
Report: {{ recipe_name }} | Generated: {{ generated_at }} | Date Range: {{ start_date }} to {{ end_date }} {% if mode == 'dossier' %} | CVEs: {{ dossiers | length }}{% endif %}
{% if summary and summary.total_cves > 0 %}
{% if mode == 'dossier' %} {# Dossier mode: focused cards for the selected CVE(s) #}

Severity

{{ summary.worst_severity|default('UNKNOWN') }}
CVSS {{ "%.1f"|format(summary.worst_cvss|default(0)) }}

Projects

{{ summary.total_projects }}

Reachable

{{ summary.total_reachable }}
CVE-project pairs

Unreachable

{{ summary.total_unreachable }}
CVE-project pairs

Attack Vector

{{ summary.worst_attack_vector|default('N/A') }}
{% else %} {# Summary mode: portfolio-wide counts #}

Unique CVEs

{{ summary.total_cves }}

Projects

{{ summary.total_projects }}

Critical

{{ summary.severity_counts.get('CRITICAL', 0) }}

High

{{ summary.severity_counts.get('HIGH', 0) }}

Medium

{{ summary.severity_counts.get('MEDIUM', 0) }}

Low

{{ summary.severity_counts.get('LOW', 0) }}

Info / Unknown

{{ summary.severity_counts.get('INFO', 0) + summary.severity_counts.get('UNKNOWN', 0) }}
{% endif %}
{% if mode == 'summary' %} {% if summary.severity_counts %}

CVE Severity Distribution

Number of unique CVEs by severity level across the portfolio

{% endif %} {% if summary.top_cves %}

Top CVEs by Project Spread

CVEs affecting the most projects

{% endif %}

CVE Summary

{% if table_data and table_data.rows %} {% for row in table_data.rows %} {% endfor %}
CVE ID Severity CVSS Projects KEV EPSS Exploits Components
{{ row.get('CVE ID', '') }} {{ row.get('Severity', '') }} {{ "%.1f"|format(row.get('CVSS', 0)) }} {{ row.get('Affected Projects', 0) }} {% if row.get('KEV') %}KEV{% endif %} {{ "%.1f"|format(row.get('EPSS Percentile', 0) * 100) }}% {{ row.get('Exploits', 0) }} {{ row.get('Components', '')[:60] }}{% if row.get('Components', '')|length > 60 %}...{% endif %}
{% else %}

No CVE data available.

{% endif %}
{% else %} {% for d in dossiers %}

{{ d.cve_id }}

{{ d.severity|default('UNKNOWN') }} CVSS {{ "%.1f"|format(d.cvss|default(0)) }} {% if d.kev %}CISA KEV{% endif %} {% if d.has_exploit %}Known Exploit{% endif %}
{% if d.description %}

{{ d.description }}

{% elif d.title %}

{{ d.title }}

{% endif %} {% if d.nvd_unavailable %}

NVD data was unavailable for this CVE. Description and fix version data may be incomplete. Check NVD directly.

{% endif %}
{% if d.cwe %}
CWE: {% if d.cwe_url %}{{ d.cwe }}{% else %}{{ d.cwe }}{% endif %}
{% endif %}
EPSS: {{ "%.1f"|format(d.epss_percentile|default(0) * 100) }}th percentile
First Detected: {{ d.first_detected[:10] if d.first_detected else 'N/A' }}
Last Detected: {{ d.last_detected[:10] if d.last_detected else 'N/A' }}
{% if d.attack_vector and d.attack_vector != 'N/A' %}
Attack Vector: {{ d.attack_vector }}
{% endif %} {% if d.vuln_functions %}
Vulnerable Functions: {{ d.vuln_functions }}
{% endif %}

Known Exploits

{% if d.exploit_details and d.exploit_details|length > 0 %} {% for exp in d.exploit_details %} {% endfor %}
SourceURLDescriptionMaturityType
{{ exp.source }} {% if exp.url %}{{ exp.url[:60] }}{% if exp.url|length > 60 %}...{% endif %}{% else %}-{% endif %} {{ exp.description[:150] }}{% if exp.description|length > 150 %}...{% endif %} {{ exp.maturity|default('-', true) }} {{ exp.type|default('-', true) }}
{% else %}

None known.

{% endif %}
{% if d.ai_prompt %}
AI Prompt (click to expand, copy & paste into any LLM) 
{{ d.ai_prompt }}
{% endif %} {% if d.ai_guidance %}

AI Remediation Guidance

{% if d.ai_guidance.project_notes and d.ai_guidance.project_notes != '-' %} {% endif %}
Fix Version{{ d.ai_guidance.fix_version|default('-', true) }}
Guidance{{ d.ai_guidance.guidance|default('-', true) }}
Workaround{{ d.ai_guidance.workaround|default('-', true) }}
Code Search{{ d.ai_guidance.code_search_hints|default('-', true) }}
Project Notes {{ d.ai_guidance.project_notes|default('-', true) }}
Confidence{{ d.ai_guidance.confidence|default('-', true) }}
{% endif %}

Affected Projects

Affects {{ d.affected_count }} project{{ 's' if d.affected_count != 1 else '' }}. {% if d.reachable_count > 0 %} Reachable in {{ d.reachable_count }}. {% endif %} {% if d.unreachable_count > 0 %} Unreachable in {{ d.unreachable_count }}. {% endif %} {% if d.unknown_count > 0 %} Inconclusive in {{ d.unknown_count }}. {% endif %}
{% if d.project_details and d.project_details|length > 0 %} {% for p in d.project_details %} {% endfor %}
Project Version Reachability Component Status Detected
{% if domain and p.project_id and p.project_version_id and p.finding_internal_id %}{{ p.project_name }}{% elif domain and p.project_id %}{{ p.project_name }}{% else %}{{ p.project_name }}{% endif %} {% if domain and p.project_id and p.project_version_id %}{{ p.project_version }}{% else %}{{ p.project_version }}{% endif %} {{ p.reachability_label }} {% if domain and p.project_id and p.project_version_id and p.component_id %}{{ p.component }}{% else %}{{ p.component }}{% endif %} {{ p.triage_status|default('-') if p.triage_status else '-' }} {{ p.detected[:10] if p.detected else '-' }}
{% endif %}
{% endfor %} {% endif %} {% else %}

No CVE data available for the selected filters.

{% endif %}

Generated by | {{ generated_at }}

Copyright © 2026 Finite State, Inc.