A critical vulnerabilities is displayed on the Audit Vulnerabilities tab, but is not included in the Overview tab.

[d-afanasiev]

Current Behavior

A critical vulnerabilities is displayed in the Audit Vulnerabilities tab, but is not included in the Overview tab.
In this case, this concerns three vulnerabilities:
CVE-2026-42581
CVE-2026-42584
CVE-2026-42579

https://nvd.nist.gov/vuln/detail/CVE-2026-42581
https://nvd.nist.gov/vuln/detail/CVE-2026-42584
https://nvd.nist.gov/vuln/detail/CVE-2026-42579

Package URL (PURL): pkg:maven/io.netty/netty-codec-http@4.1.130.Final

This issue is inconvenient because you cannot rely on the Overview tab or Projects, as it is unclear whether there are critical vulnerabilities in this project.

Steps to Reproduce

1. Create a custom project.
2. Upload the pkg:maven/io.netty/netty-codec-http@4.1.130.Final package to the project.
3. I use trivy analyzer for my projects.

Expected Behavior

On the Overview tab, vulnerability summaries are correctly performed to ensure correct response to critical vulnerabilities.

Dependency-Track Frontend Version

4.7.x

Browser

Google Chrome

Browser Version

No response

Operating System

Windows

Checklist

• I have read and understand the contributing guidelines
• I have checked the existing issues for whether this defect was already reported

[nscuro]

Does the problem persist? If so, can you try clicking the small blue refresh button next to "Last measurement"?

One factor here is that the metrics in the dashboard are calculated asynchronously, so they are eventually consistent. But metrics calculation should run after every vulnerability analysis, and additionally every hour, so the discrepancy should eventually recover.

[d-afanasiev]

Hello @nscuro .

The problem still persists.
I tried clicking "Last measurement," but nothing changed.