Nessus continues to warn me about vulnerable packages that have been removed

I’m trying to lock down an Ubuntu 20.04 image by removing vulnerable packages we don’t use. I’ve run a Nessus Advanced Network Scan with the SSH login credentials and it found a number of issues, for instance "Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Vim vulnerabilities (USN-6026-1)" ( So I removed vim using:

sudo apt-get purge vim

rebooted the device and reran the scan. But I’m still getting the same issue. The security notice only mentions vim, it doesn’t give the name of any other packages that need to be removed. How can I resolve this?

vim isn’t the only package I’m having this problem with, I also see it for others (ceph, cups-filters, libreoffice, etc).

Asked By: parsley72


I can’t figure out how to do this in the UI, but if I export the report as a PDF then under the issue:

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Vim vulnerabilities (USN-6026-1)

there’s a subsection "Assets" with:

  • Installed package : xxd_2:8.1.2269-1ubuntu5.11
  • Fixed package: xxd_2:8.1.2269-1ubuntu5.14

Removing xxd removes the vim issues from the next scan.

Answered By: parsley72
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.