public sealed class VulnerabilityOccurrence.Types.PackageIssue : IMessage<VulnerabilityOccurrence.Types.PackageIssue>, IEquatable<VulnerabilityOccurrence.Types.PackageIssue>, IDeepCloneable<VulnerabilityOccurrence.Types.PackageIssue>, IBufferMessage, IMessage
Reference documentation and code samples for the Grafeas v1 API class VulnerabilityOccurrence.Types.PackageIssue.
A detail for a distro and package this vulnerability occurrence was found
in and its associated fix (if one is available).
The distro or language system assigned severity for this vulnerability
when that is available and note provider assigned severity when it is not
available.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-09 UTC."],[[["\u003cp\u003eThe \u003ccode\u003eVulnerabilityOccurrence.Types.PackageIssue\u003c/code\u003e class in the Grafeas v1 API provides detailed information about a specific vulnerability found within a package and distro.\u003c/p\u003e\n"],["\u003cp\u003eThis class includes properties like \u003ccode\u003eAffectedCpeUri\u003c/code\u003e, \u003ccode\u003eAffectedPackage\u003c/code\u003e, and \u003ccode\u003eAffectedVersion\u003c/code\u003e to specify where the vulnerability is located, and \u003ccode\u003eFixedCpeUri\u003c/code\u003e, \u003ccode\u003eFixedPackage\u003c/code\u003e, and \u003ccode\u003eFixedVersion\u003c/code\u003e for information on fixes.\u003c/p\u003e\n"],["\u003cp\u003eThe class implements interfaces such as \u003ccode\u003eIMessage\u003c/code\u003e, \u003ccode\u003eIEquatable\u003c/code\u003e, \u003ccode\u003eIDeepCloneable\u003c/code\u003e, and \u003ccode\u003eIBufferMessage\u003c/code\u003e, indicating its role in data handling and comparison within the .NET environment.\u003c/p\u003e\n"],["\u003cp\u003eThe latest version of the \u003ccode\u003eVulnerabilityOccurrence.Types.PackageIssue\u003c/code\u003e class documentation available is 3.7.0, with several older versions also available for review.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003ePackageIssue\u003c/code\u003e class can be used to determine the severity of the vulnerability through the \u003ccode\u003eEffectiveSeverity\u003c/code\u003e property and determine if there is a fix available through the \u003ccode\u003eFixAvailable\u003c/code\u003e property.\u003c/p\u003e\n"]]],[],null,["# Grafeas v1 API - Class VulnerabilityOccurrence.Types.PackageIssue (3.10.0)\n\nVersion latestkeyboard_arrow_down\n\n- [3.10.0 (latest)](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.VulnerabilityOccurrence.Types.PackageIssue)\n- [3.8.0](/dotnet/docs/reference/Grafeas.V1/3.8.0/Grafeas.V1.VulnerabilityOccurrence.Types.PackageIssue)\n- [3.7.0](/dotnet/docs/reference/Grafeas.V1/3.7.0/Grafeas.V1.VulnerabilityOccurrence.Types.PackageIssue)\n- [3.6.0](/dotnet/docs/reference/Grafeas.V1/3.6.0/Grafeas.V1.VulnerabilityOccurrence.Types.PackageIssue)\n- [3.5.0](/dotnet/docs/reference/Grafeas.V1/3.5.0/Grafeas.V1.VulnerabilityOccurrence.Types.PackageIssue)\n- [3.4.0](/dotnet/docs/reference/Grafeas.V1/3.4.0/Grafeas.V1.VulnerabilityOccurrence.Types.PackageIssue)\n- [3.3.0](/dotnet/docs/reference/Grafeas.V1/3.3.0/Grafeas.V1.VulnerabilityOccurrence.Types.PackageIssue)\n- [3.2.0](/dotnet/docs/reference/Grafeas.V1/3.2.0/Grafeas.V1.VulnerabilityOccurrence.Types.PackageIssue)\n- [3.1.0](/dotnet/docs/reference/Grafeas.V1/3.1.0/Grafeas.V1.VulnerabilityOccurrence.Types.PackageIssue)\n- [3.0.0](/dotnet/docs/reference/Grafeas.V1/3.0.0/Grafeas.V1.VulnerabilityOccurrence.Types.PackageIssue)\n- [2.4.0](/dotnet/docs/reference/Grafeas.V1/2.4.0/Grafeas.V1.VulnerabilityOccurrence.Types.PackageIssue)\n- [2.3.0](/dotnet/docs/reference/Grafeas.V1/2.3.0/Grafeas.V1.VulnerabilityOccurrence.Types.PackageIssue)\n- [2.2.0](/dotnet/docs/reference/Grafeas.V1/2.2.0/Grafeas.V1.VulnerabilityOccurrence.Types.PackageIssue) \n\n public sealed class VulnerabilityOccurrence.Types.PackageIssue : IMessage\u003cVulnerabilityOccurrence.Types.PackageIssue\u003e, IEquatable\u003cVulnerabilityOccurrence.Types.PackageIssue\u003e, IDeepCloneable\u003cVulnerabilityOccurrence.Types.PackageIssue\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Grafeas v1 API class VulnerabilityOccurrence.Types.PackageIssue.\n\nA detail for a distro and package this vulnerability occurrence was found\nin and its associated fix (if one is available). \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e VulnerabilityOccurrence.Types.PackageIssue \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[VulnerabilityOccurrence](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.VulnerabilityOccurrence)[Types](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.VulnerabilityOccurrence.Types)[PackageIssue](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.VulnerabilityOccurrence.Types.PackageIssue), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[VulnerabilityOccurrence](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.VulnerabilityOccurrence)[Types](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.VulnerabilityOccurrence.Types)[PackageIssue](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.VulnerabilityOccurrence.Types.PackageIssue), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[VulnerabilityOccurrence](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.VulnerabilityOccurrence)[Types](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.VulnerabilityOccurrence.Types)[PackageIssue](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1.VulnerabilityOccurrence.Types.PackageIssue), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Grafeas.V1](/dotnet/docs/reference/Grafeas.V1/latest/Grafeas.V1)\n\nAssembly\n--------\n\nGrafeas.V1.dll\n\nConstructors\n------------\n\n### PackageIssue()\n\n public PackageIssue()\n\n### PackageIssue(PackageIssue)\n\n public PackageIssue(VulnerabilityOccurrence.Types.PackageIssue other)\n\nProperties\n----------\n\n### AffectedCpeUri\n\n public string AffectedCpeUri { get; set; }\n\nRequired. The [CPE URI](https://cpe.mitre.org/specification/) this\nvulnerability was found in.\n\n### AffectedPackage\n\n public string AffectedPackage { get; set; }\n\nRequired. The package this vulnerability was found in.\n\n### AffectedVersion\n\n public Version AffectedVersion { get; set; }\n\nRequired. The version of the package that is installed on the resource\naffected by this vulnerability.\n\n### EffectiveSeverity\n\n public Severity EffectiveSeverity { get; set; }\n\nThe distro or language system assigned severity for this vulnerability\nwhen that is available and note provider assigned severity when it is not\navailable.\n\n### FileLocation\n\n public RepeatedField\u003cFileLocation\u003e FileLocation { get; }\n\nThe location at which this package was found.\n\n### FixAvailable\n\n public bool FixAvailable { get; set; }\n\nOutput only. Whether a fix is available for this package.\n\n### FixedCpeUri\n\n public string FixedCpeUri { get; set; }\n\nThe [CPE URI](https://cpe.mitre.org/specification/) this vulnerability\nwas fixed in. It is possible for this to be different from the\naffected_cpe_uri.\n\n### FixedPackage\n\n public string FixedPackage { get; set; }\n\nThe package this vulnerability was fixed in. It is possible for this to\nbe different from the affected_package.\n\n### FixedVersion\n\n public Version FixedVersion { get; set; }\n\nRequired. The version of the package this vulnerability was fixed in.\nSetting this to VersionKind.MAXIMUM means no fix is yet available.\n\n### PackageType\n\n public string PackageType { get; set; }\n\nThe type of package (e.g. OS, MAVEN, GO)."]]