TVM still showing outdated vulnerabilities despite applications being up to date

Thanks for the detailed response. In our case, Python is installed and the endpoint team confirmed it’s already at the latest version. Still, TVM is flagging the recommendation to “Update Python to the latest version.”

What I observed:

There are some older Python libraries/packages present (e.g., from AppData or venv folders).

The software inventory shows the correct latest version, but the vulnerability still appears.

As a SOC analyst, I don’t have local access to validate file paths or registry.

👉 My follow-up questions:

Could the presence of old Python libraries (even if the main Python interpreter is updated) cause TVM to trigger the recommendation?

Is there a way (via KQL or portal) to find which version/path TVM is detecting that’s causing this?

Would reporting this as an “inaccuracy” help — or would Microsoft reject it since Python is technically installed?

Just trying to understand whether this is a mapping issue, residual file issue, or normal TVM delay.