# Components with vulnerabilities

<table><thead><tr><th width="138">Check ID</th><th>COMP_0001</th></tr></thead><tbody><tr><td>Category</td><td>Security</td></tr><tr><td>Summary</td><td>A Mendix app consists of a large number of different software components: The Mendix runtime, widgets, modules, Java libraries. and JavaScript libraries. Each of these components can have known security vulnerabilities. Blue Storm maintains a central database of known security vulnerabilities. If a component is known to have a security vulnerability it is flagged in the AppControl repository.</td></tr><tr><td>Options</td><td>There are no options for this check.<br><br>Note: The severity level set by AppControl when creating a check result is based on the CVSS score (Common Vulnerability Scoring System) of the vulnerability. The following mapping is used:<br><br>7.0-10 HIGH<br>4.0-6.9 MEDIUM<br>0-3.9 = LOW</td></tr><tr><td>Pass</td><td>A component does not have any known security vulnerabilities.</td></tr><tr><td>Fail</td><td>A component has known security vulnerabilities.</td></tr></tbody></table>