The trailing-30-day HIGH and CRITICAL CVEs that carry no public remediation evidence — no vendor fix, advisory, mitigation, release note, security update, or patch commit linked in their record. These are the vulnerabilities pulling the Patch-Reference Coverage ratio down. Ranked criticals first, then highs.
⚠ This is a presence proxy, not a patch-lag measurement. A missing reference does not prove no patch exists — a vendor may have shipped a fix that simply is not yet linked in the NVD record. Live view computes the gap directly from NVD; the headline ratio prefers the daily server baseline when available. See methodology →