Hi,
for Versions, that have a string suffix, like "2.3.23.Final" the vulnerability matching doesn't work. Most probably the root cause is the failing sort. Regarding the improper sort, see attached screenshot.
Example regarding vulnerability matching:
PGV: https://security.inedo.com/vulnerability/details/PGV-2314320
io.undertow:undertow-core ≥ 2.3.0 & < 2.3.5.Final, < 2.2.24.Final
but even versions > 2.3.5.Final are still marked with severe (like the 2.3.23.Final).
Best regards