Summary

Tenable has updated the NuGet package enumeration plugins to improve detection of installed NuGet packages on Linux/Unix scan targets.

Change

Before this update, the NuGet package enumeration plugins did not attempt to associate detected packages with an RPM or DEB package managed by the Linux distribution. This could cause packages to report vulnerabilities both based on a Linux distribution vendor's advisory and a CVE advisory from the NuGet package maintainer.

After this update, these issues have been addressed. NuGet packages on Linux assets will be assessed to determine if they are managed by a Linux distribution's package manager, and if so, will be marked as “Managed” and will not report a vulnerability, unless the Show potential false alarms setting is enabled for the scan.

Impact

Most customers will notice improved accuracy in NuGet package vulnerability reporting. Scan results may show changes in detected vulnerabilities based on how packages were previously assessed.

Affected plugins

190687 - NuGet Installed Packages (Linux / Unix)

Target Release Date

June 1, 2026