Vulnerability fix types

A fixed vulnerability does not appear in scan results, as it is no longer considered a vulnerability.
Other vulnerability information can include the following:

Fixed in version

This shows the version of the package that no longer has the vulnerability.
Compare the fixed in vulnerability card above to one where no fix is available.


A fixable vulnerability means there is a route within the project that would bring in the secure version rather than the vulnerable version.
This means that a vulnerability can be both fixable and have a fixed in option.
The easiest way to tell if a vulnerability is fixable in the Snyk app is to look for the "fix this vulnerability" button on the vulnerability card.
"Fix this vulnerability" button
F"ix this vulnerability" button

Fixed is showing when issue is not fixable

The difference here is whether it's looking at direct or transitive dependencies. For direct dependencies, this would mean that fixable is true if a fixed (or secure) version of the package exists anywhere in the system. However, this is not the case for transitive dependencies as they require a direct dependency that can be updated to the fixed (or secure) version of the transitive dependency.
The above is an example of a transitive dependency. The detailed paths section (blue outline in image above) shows that no fix path is available; however, it does show that the vulnerability is fixed in the more recent version unlike the no fix available status seen above. This means that Snyk doesn't have the ability to reach to the level that the vulnerability actually exists in this specific project.

Fixing transitive dependencies

To fix a transitive dependency such as this, click on the Vulnerability DB link:
Snyk Vulnerability DB link
Snyk Vulnerability DB link
From the Snyk Vulnerability Database, you can then see fix advice for more information:
Vulnerability Database remediation advice
Vulnerability Database remediation advice
© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.