cnspec vuln shows removed packages

[twarnick]

Hi,

I have run cnspec vuln on my debian bookworm machine and the result is as follow:

  ■   SCORE  PACKAGE    INSTALLED         FIXED             AVAILABLE  ADVISORY    
  ■   7.5    libssl1.1  1.1.1n-0+deb11u5  3.0.11-1~deb12u2                         
  ╰─  0      libssl1.1  1.1.1n-0+deb11u5  3.0.11-1~deb12u2             DSA-5532-1  

But, if I check it with:

dpkg -l libssl1.1

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-===============-================-============-===============================================
rc libssl1.1:amd64 1.1.1n-0+deb11u5 amd64 Secure Sockets Layer toolkit - shared libraries

This package is not installed.
I remove it with dpkg --purge

Is there a way to tell mondoo / cnspec to not scan or ignore the values for vulnerabilities on uninstalled packages?