Webservers not showing any vulnerabilities

I have upgraded to the community version and the feed status is up to date but unlike another version, no vulnerabilities are being report on the web server running DVWA and another website that has a number of vulnerabilities such as XSS and CSRF contained. The previous docker container version did scan these effectively.

I have run through the troubleshooting and rebuilt containers but for no change in scan results. Any help appreciated

The community version is not an upgrade, so you would have to explain what you are referring to here.

even I am facing this same issue for few machines after scan, where no information/details found in scan result. though that machines are communicating with Kali machine where openVAS installed.
can any one suggest what to do.


we have some hints for further research in our docs at https://greenbone.github.io/docs/latest/troubleshooting.html#vulnerabilities-are-not-found


I rushed to post this but it appears in one instance the deliberately vulnerable juice shop web app has butchered it’s own config upon subsequent redeploy within a docker container. The scanner however is picking up VMware hosted vulnerable systems and apps. For web app specific scanning as I use ZAP and nikto which are sufficient and targeted.

Hello Guys,

Accidentally I found Solution for this.

Issue:- web servers not showing any vulnerabilities.

Explanation: where Kali machine and server are in same network but after several scan result is zero as shown in above screenshots by @Newelly


  1. Open up the Windows Firewall from within the Control Panel or search for it.
  2. Click Advanced Settings on the left.
  3. From the left pane of the resulting window, click Inbound Rules.
  4. In the right pane, find the rules titled File and Printer Sharing (Echo Request - ICMPv4-In).
  5. Right-click each rule and choose Enable Rule.

After enabling all the rules and initiated scan for same server and result is not ZERO and found many vulnerabilities. I tried same for couple of servers.
This worked for me.