Currently the report generated for the vulnerabilities to email SMTP does not show the current version of components/packages affected by the CVEs. See screenshot for current report output

FR: Include the component, and next to it, affected version. This should be queryable in the output report and easy to add 

customer who requested this: SEC