---
title: "Why are there differences between the vulnerabilities shown in the SBOM module and on the Vulnerability page?"
description: "The primary reason that there may be differences between the vulnerabilities shown in the SBOM module and on the Vulnerability page is that the parsed file contains transitive dependencies."
category: "Frequently Asked Questions"
section: "Supply Chain Management Software Dependencies"
keywords: ["sbom module", "vulnerabilities", "differences", "shown", "vulnerability", "transitive", "dependencies", "list"]
source_url: "https://support.ketryx.com/hc/en-us/articles/33469559674253-Why-are-there-differences-between-the-vulnerabilities-shown-in-the-SBOM-module-and-on-the-Vulnerability-page"
last_reviewed: 2026-06-11
---

# Why are there differences between the vulnerabilities shown in the SBOM module and on the Vulnerability page?

> **In short:** The primary reason that there may be differences between the vulnerabilities shown in the SBOM module and on the Vulnerability page is that the parsed file contains transitive dependencies.

The primary reason that there may be differences between the vulnerabilities shown in the SBOM module and on the Vulnerability page is that the parsed file contains transitive dependencies. By default, the build page will display a flat list of all dependencies, and the SBOM page will only show a list top-level dependencies. Vulnerabilities on the Vulnerabilities page are displayed for all dependencies, top-level and transitive. [For more on vulnerability management, please see our documentation](https://docs.ketryx.com/manuals/man-03-supply-chain-management-software-dependencies/vulnerability-management#id-4.-manage-vulnerabilities).

If you want transitive dependencies to appear on the SBOM page you can enable the ['create-transitive dependency items'](https://docs.ketryx.com/reference/advanced-settings#create-transitive-dependency-items) advanced setting. **Note**: enabling this setting may lead to a _significant_ number of dependencies in the SBOM module.

## Related articles

- [Why are there fewer dependencies in the Ketryx SBOM module than parsed and shown on the build page?](why-are-there-fewer-dependencies-in-the-ketryx-sbom-module-than-parsed-and.md)
- [How do I enable transitive dependencies for my SBOM?](how-do-i-enable-transitive-dependencies-for-my-sbom.md)
- [SBOM Transitive Dependencies](sbom-transitive-dependencies.md)
- [I submitted a spdx file via the Build API. Why aren't any or all dependencies loading in Ketryx?](i-submitted-a-spdx-file-via-the-build-api-why-aren-t-any-or-all-dependencies.md)
- [How does Ketryx manage vulnerabilities as opposed to product and patient related risks?](how-does-ketryx-manage-vulnerabilities-as-opposed-to-product-and-patient.md)
