Skip to content

[BUG]: Advisories are not published correctly #363

New issue
New issue
Open
Open
[BUG]: Advisories are not published correctly#363
Labels
bugSomething isn't working
@another-rex

Description

@another-rex
another-rex
opened on Mar 13, 2026

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Hello!

We (OSV team) found that some of your records are laid out incorrectly, where it looks like currently you have a few advisories that are repeated across different alma releases, but they share the same OSV id.

E.g.

ALSA-2024:8117 exists in both the almalinux8 and almalinux9 directories. Both records have the exact same id, but the contents are slightly different (The one in almalinux8 contains records with affected ecosystem being AlmaLinux:8, and almalinux9 dir contains AlmaLinux:9)

This isn't really valid as records with the same ID should be unique and only be published once.

What ends up happening on osv.dev is we only ingest 1 of these records, and the other one just gets overwritten, so we'll randomly get either records affecting either almalinux8 or almalinux 9, but not both like what you probably are trying to represent.

Expected Behavior

Both records are combined into 1 record with the affected fields from both.

Steps To Reproduce

Here are some other examples:

ALSA-2024:8121
ALSA-2024:8127
ALSA-2025:10862
ALSA-2025:0422
ALSA-2025:10867

There are about 38 of these in total.

Anything else?

No response

Search terms

OSV Advisories

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions