From 5bf9f263dd16945d35ed53850019598d960d2b56 Mon Sep 17 00:00:00 2001
From: Parth Bhatt <paarthbhatt37@gmail.com>
Date: Fri, 21 Nov 2025 13:08:39 +0530
Subject: [PATCH 1/3] Add Liferay Importer (Fixes #1410)

Signed-off-by: Parth Bhatt <paarthbhatt37@gmail.com>
---
 vulnerabilities/importers/__init__.py |   2 +
 vulnerabilities/importers/liferay.py  | 225 ++++++++++++++++++++++++++
 vulnerabilities/tests/test_liferay.py |  82 ++++++++++
 3 files changed, 309 insertions(+)
 create mode 100644 vulnerabilities/importers/liferay.py
 create mode 100644 vulnerabilities/tests/test_liferay.py

diff --git a/vulnerabilities/importers/__init__.py b/vulnerabilities/importers/__init__.py
index 82ee4525a..37a2bfeb9 100644
--- a/vulnerabilities/importers/__init__.py
+++ b/vulnerabilities/importers/__init__.py
@@ -20,6 +20,7 @@
 from vulnerabilities.importers import gentoo
 from vulnerabilities.importers import github_osv
 from vulnerabilities.importers import istio
+from vulnerabilities.importers import liferay
 from vulnerabilities.importers import mozilla
 from vulnerabilities.importers import openssl
 from vulnerabilities.importers import oss_fuzz
@@ -115,5 +116,6 @@
         ubuntu_usn.UbuntuUSNImporter,
         fireeye.FireyeImporter,
         oss_fuzz.OSSFuzzImporter,
+        liferay.LiferayImporter,
     ]
 )
diff --git a/vulnerabilities/importers/liferay.py b/vulnerabilities/importers/liferay.py
new file mode 100644
index 000000000..2b69867a1
--- /dev/null
+++ b/vulnerabilities/importers/liferay.py
@@ -0,0 +1,225 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/aboutcode-org/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+import logging
+import re
+from urllib.parse import urljoin
+
+import requests
+from bs4 import BeautifulSoup
+from packageurl import PackageURL
+from univers.version_range import VersionRange
+from univers.version_range import MavenVersionRange
+from univers.versions import MavenVersion
+
+from vulnerabilities.importer import AdvisoryData
+from vulnerabilities.importer import AffectedPackage
+from vulnerabilities.importer import Importer
+from vulnerabilities.importer import Reference
+from vulnerabilities.importer import VulnerabilitySeverity
+from vulnerabilities.severity_systems import CVSSV31
+from vulnerabilities.utils import get_item
+
+logger = logging.getLogger(__name__)
+
+
+class LiferayImporter(Importer):
+    spdx_license_expression = "Apache-2.0"
+    license_url = "https://www.apache.org/licenses/LICENSE-2.0"
+    importer_name = "Liferay Importer"
+
+    def advisory_data(self):
+        """
+        Yield AdvisoryData objects.
+        """
+        base_url = "https://liferay.dev/portal/security/known-vulnerabilities"
+        
+        # 1. Fetch Main Page
+        try:
+            main_page = requests.get(base_url)
+            main_page.raise_for_status()
+        except requests.RequestException as e:
+            logger.error(f"Failed to fetch Liferay main page: {e}")
+            return
+
+        soup = BeautifulSoup(main_page.content, "lxml")
+        
+        # 2. Find Release Links
+        # Based on analysis, releases are listed. We need to find links that look like release categories.
+        # The structure seemed to be links under "Releases" section.
+        # We'll look for links containing "/categories/" which seems to be the pattern for Liferay categories.
+        release_links = set()
+        for a in soup.find_all("a", href=True):
+            href = a["href"]
+            if "/categories/" in href and "known-vulnerabilities" in href:
+                release_links.add(urljoin(base_url, href))
+
+        for release_url in release_links:
+            yield from self.process_release_page(release_url)
+
+    def process_release_page(self, release_url):
+        try:
+            page = requests.get(release_url)
+            page.raise_for_status()
+        except requests.RequestException as e:
+            logger.error(f"Failed to fetch release page {release_url}: {e}")
+            return
+
+        soup = BeautifulSoup(page.content, "lxml")
+        
+        # 3. Find Vulnerability Links
+        # Vulnerabilities seem to be listed as links to "asset_publisher".
+        vuln_links = set()
+        for a in soup.find_all("a", href=True):
+            href = a["href"]
+            if "/asset_publisher/" in href and "cve-" in href.lower():
+                vuln_links.add(urljoin(release_url, href))
+
+        for vuln_url in vuln_links:
+            yield from self.process_vulnerability_page(vuln_url)
+
+    def process_vulnerability_page(self, vuln_url):
+        try:
+            page = requests.get(vuln_url)
+            page.raise_for_status()
+        except requests.RequestException as e:
+            logger.error(f"Failed to fetch vulnerability page {vuln_url}: {e}")
+            return
+
+        soup = BeautifulSoup(page.content, "lxml")
+        
+        # Extract Details
+        # Title usually contains CVE
+        title = soup.find("h1")
+        title_text = title.get_text(strip=True) if title else ""
+        
+        # CVE ID
+        cve_match = re.search(r"(CVE-\d{4}-\d{4,})", title_text)
+        if not cve_match:
+            # Try to find in content
+            cve_match = re.search(r"(CVE-\d{4}-\d{4,})", soup.get_text())
+        
+        cve_id = cve_match.group(1) if cve_match else ""
+        if not cve_id:
+            # If no CVE, we might skip or use a generated ID. For now, skip.
+            return
+
+        # Description
+        description_header = soup.find(string=re.compile("Description"))
+        description = ""
+        if description_header:
+            # Usually the description is in the next paragraph or sibling
+            # The structure observed was <h3>Description</h3> <p>...</p>
+            header_elem = description_header.parent
+            if header_elem.name.startswith("h"):
+                desc_elem = header_elem.find_next_sibling()
+                if desc_elem:
+                    description = desc_elem.get_text(strip=True)
+
+        # Severity
+        severity_header = soup.find(string=re.compile("Severity"))
+        severities = []
+        if severity_header:
+            header_elem = severity_header.parent
+            if header_elem.name.startswith("h"):
+                sev_elem = header_elem.find_next_sibling()
+                if sev_elem:
+                    sev_text = sev_elem.get_text(strip=True)
+                    # Example: 4.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)
+                    cvss_match = re.search(r"\(CVSS:3\.1/(.*?)\)", sev_text)
+                    if cvss_match:
+                        vector = cvss_match.group(1)
+                        # We need to construct the full vector string if the library expects it, 
+                        # or just pass the vector part. 
+                        # VulnerabilitySeverity expects `scoring_elements` usually as the vector.
+                        # And we need to calculate the score or use the one provided.
+                        # Let's try to parse the score from text first.
+                        score_match = re.match(r"([\d\.]+)", sev_text)
+                        score = score_match.group(1) if score_match else None
+                        
+                        severities.append(
+                            VulnerabilitySeverity(
+                                system=CVSSV31,
+                                value=score,
+                                scoring_elements=f"CVSS:3.1/{vector}"
+                            )
+                        )
+
+        # Affected Versions
+        affected_header = soup.find(string=re.compile("Affected Version"))
+        affected_packages = []
+        if affected_header:
+            header_elem = affected_header.parent
+            if header_elem.name.startswith("h"):
+                # Usually a list <ul> or just text
+                next_elem = header_elem.find_next_sibling()
+                if next_elem:
+                    if next_elem.name == "ul":
+                        items = next_elem.find_all("li")
+                        for item in items:
+                            pkg = self.parse_version_text(item.get_text(strip=True))
+                            if pkg:
+                                affected_packages.append(pkg)
+                    else:
+                        # Maybe just text lines?
+                        lines = next_elem.get_text("\n").split("\n")
+                        for line in lines:
+                            pkg = self.parse_version_text(line.strip())
+                            if pkg:
+                                affected_packages.append(pkg)
+
+        # Fixed Versions (Optional for now, but good to have)
+        # ... (Implementation similar to affected versions if needed)
+
+        yield AdvisoryData(
+            aliases=[cve_id],
+            summary=description,
+            affected_packages=affected_packages,
+            references=[Reference(url=vuln_url)],
+            url=vuln_url
+        )
+
+    def parse_version_text(self, text):
+        """
+        Parse a string like "Liferay DXP 7.3 before update 14" into an AffectedPackage.
+        """
+        # Heuristic parsing
+        if not text:
+            return None
+            
+        # Determine package type/name
+        if "DXP" in text:
+            name = "liferay-dxp"
+        elif "Portal" in text:
+            name = "liferay-portal"
+        else:
+            name = "liferay-portal" # Default
+            
+        purl = PackageURL(type="generic", name=name)
+        
+        # Extract version
+        # "7.3 before update 14" -> range
+        # "7.4.0" -> exact
+        
+        # Simple regex for "X.Y.Z"
+        version_match = re.search(r"(\d+\.\d+(\.\d+)?)", text)
+        if version_match:
+            version = version_match.group(1)
+            try:
+                # Treat as exact version for now
+                affected_range = MavenVersionRange.from_versions([version])
+                return AffectedPackage(
+                    package=purl,
+                    affected_version_range=affected_range
+                )
+            except Exception as e:
+                logger.error(f"Failed to parse version {version}: {e}")
+                return None
+            
+        return None
diff --git a/vulnerabilities/tests/test_liferay.py b/vulnerabilities/tests/test_liferay.py
new file mode 100644
index 000000000..07fefceb0
--- /dev/null
+++ b/vulnerabilities/tests/test_liferay.py
@@ -0,0 +1,82 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/aboutcode-org/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+import os
+from unittest import TestCase
+from unittest.mock import patch, MagicMock
+
+from vulnerabilities.importers.liferay import LiferayImporter
+from vulnerabilities.importer import AdvisoryData
+
+BASE_DIR = os.path.dirname(os.path.abspath(__file__))
+TEST_DATA = os.path.join(BASE_DIR, "test_data")
+
+
+class TestLiferayImporter(TestCase):
+    @patch("vulnerabilities.importers.liferay.requests.get")
+    def test_advisory_data(self, mock_get):
+        importer = LiferayImporter()
+        
+        # Mock responses
+        mock_main_page = MagicMock()
+        mock_main_page.content = b"""
+        <html>
+            <body>
+                <a href="/portal/security/known-vulnerabilities/-/categories/12345">Liferay Portal 7.4</a>
+            </body>
+        </html>
+        """
+        
+        mock_release_page = MagicMock()
+        mock_release_page.content = b"""
+        <html>
+            <body>
+                <a href="/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-1234">CVE-2023-1234 Title</a>
+            </body>
+        </html>
+        """
+        
+        mock_vuln_page = MagicMock()
+        mock_vuln_page.content = b"""
+        <html>
+            <body>
+                <h1>CVE-2023-1234 Title</h1>
+                <h3>Description</h3>
+                <p>This is a test vulnerability description.</p>
+                <h3>Severity</h3>
+                <p>4.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)</p>
+                <h3>Affected Version(s)</h3>
+                <ul>
+                    <li>Liferay Portal 7.4.0</li>
+                </ul>
+            </body>
+        </html>
+        """
+        
+        # Configure side_effect to return different mocks based on URL
+        def side_effect(url):
+            if url == "https://liferay.dev/portal/security/known-vulnerabilities":
+                return mock_main_page
+            elif "categories" in url:
+                return mock_release_page
+            elif "asset_publisher" in url:
+                return mock_vuln_page
+            return MagicMock()
+            
+        mock_get.side_effect = side_effect
+        
+        advisories = list(importer.advisory_data())
+        
+        self.assertEqual(len(advisories), 1)
+        advisory = advisories[0]
+        self.assertIsInstance(advisory, AdvisoryData)
+        self.assertEqual(advisory.aliases, ["CVE-2023-1234"])
+        self.assertEqual(advisory.summary, "This is a test vulnerability description.")
+        self.assertEqual(len(advisory.affected_packages), 1)
+        self.assertEqual(advisory.affected_packages[0].package.name, "liferay-portal")

From fbb92c02c2f761b6655c024dd0439acf880ae4e1 Mon Sep 17 00:00:00 2001
From: Parth Bhatt <paarthbhatt37@gmail.com>
Date: Fri, 21 Nov 2025 19:06:23 +0530
Subject: [PATCH 2/3] Migrate Liferay importer to V2 pipeline

Signed-off-by: Parth Bhatt <paarthbhatt37@gmail.com>
---
 vulnerabilities/importers/__init__.py         |  4 +-
 .../v2_importers/liferay_importer.py}         | 68 +++++++------------
 vulnerabilities/tests/test_liferay.py         | 12 ++--
 3 files changed, 31 insertions(+), 53 deletions(-)
 rename vulnerabilities/{importers/liferay.py => pipelines/v2_importers/liferay_importer.py} (74%)

diff --git a/vulnerabilities/importers/__init__.py b/vulnerabilities/importers/__init__.py
index 37a2bfeb9..d05828864 100644
--- a/vulnerabilities/importers/__init__.py
+++ b/vulnerabilities/importers/__init__.py
@@ -20,8 +20,8 @@
 from vulnerabilities.importers import gentoo
 from vulnerabilities.importers import github_osv
 from vulnerabilities.importers import istio
-from vulnerabilities.importers import liferay
 from vulnerabilities.importers import mozilla
+from vulnerabilities.pipelines.v2_importers import liferay_importer
 from vulnerabilities.importers import openssl
 from vulnerabilities.importers import oss_fuzz
 from vulnerabilities.importers import postgresql
@@ -116,6 +116,6 @@
         ubuntu_usn.UbuntuUSNImporter,
         fireeye.FireyeImporter,
         oss_fuzz.OSSFuzzImporter,
-        liferay.LiferayImporter,
+        liferay_importer.LiferayImporterPipeline,
     ]
 )
diff --git a/vulnerabilities/importers/liferay.py b/vulnerabilities/pipelines/v2_importers/liferay_importer.py
similarity index 74%
rename from vulnerabilities/importers/liferay.py
rename to vulnerabilities/pipelines/v2_importers/liferay_importer.py
index 2b69867a1..d00afd25b 100644
--- a/vulnerabilities/importers/liferay.py
+++ b/vulnerabilities/pipelines/v2_importers/liferay_importer.py
@@ -9,35 +9,38 @@
 
 import logging
 import re
+from typing import Iterable
 from urllib.parse import urljoin
 
 import requests
 from bs4 import BeautifulSoup
 from packageurl import PackageURL
-from univers.version_range import VersionRange
 from univers.version_range import MavenVersionRange
-from univers.versions import MavenVersion
 
 from vulnerabilities.importer import AdvisoryData
-from vulnerabilities.importer import AffectedPackage
-from vulnerabilities.importer import Importer
-from vulnerabilities.importer import Reference
+from vulnerabilities.importer import AffectedPackageV2
+from vulnerabilities.importer import ReferenceV2
 from vulnerabilities.importer import VulnerabilitySeverity
+from vulnerabilities.pipelines import VulnerableCodeBaseImporterPipelineV2
 from vulnerabilities.severity_systems import CVSSV31
-from vulnerabilities.utils import get_item
 
 logger = logging.getLogger(__name__)
 
 
-class LiferayImporter(Importer):
+class LiferayImporterPipeline(VulnerableCodeBaseImporterPipelineV2):
     spdx_license_expression = "Apache-2.0"
     license_url = "https://www.apache.org/licenses/LICENSE-2.0"
+    pipeline_id = "liferay_importer_v2"
     importer_name = "Liferay Importer"
 
-    def advisory_data(self):
-        """
-        Yield AdvisoryData objects.
-        """
+    @classmethod
+    def steps(cls):
+        return (cls.collect_and_store_advisories,)
+
+    def advisories_count(self) -> int:
+        return 1
+
+    def collect_advisories(self) -> Iterable[AdvisoryData]:
         base_url = "https://liferay.dev/portal/security/known-vulnerabilities"
         
         # 1. Fetch Main Page
@@ -51,9 +54,6 @@ def advisory_data(self):
         soup = BeautifulSoup(main_page.content, "lxml")
         
         # 2. Find Release Links
-        # Based on analysis, releases are listed. We need to find links that look like release categories.
-        # The structure seemed to be links under "Releases" section.
-        # We'll look for links containing "/categories/" which seems to be the pattern for Liferay categories.
         release_links = set()
         for a in soup.find_all("a", href=True):
             href = a["href"]
@@ -74,7 +74,6 @@ def process_release_page(self, release_url):
         soup = BeautifulSoup(page.content, "lxml")
         
         # 3. Find Vulnerability Links
-        # Vulnerabilities seem to be listed as links to "asset_publisher".
         vuln_links = set()
         for a in soup.find_all("a", href=True):
             href = a["href"]
@@ -95,27 +94,22 @@ def process_vulnerability_page(self, vuln_url):
         soup = BeautifulSoup(page.content, "lxml")
         
         # Extract Details
-        # Title usually contains CVE
         title = soup.find("h1")
         title_text = title.get_text(strip=True) if title else ""
         
         # CVE ID
         cve_match = re.search(r"(CVE-\d{4}-\d{4,})", title_text)
         if not cve_match:
-            # Try to find in content
             cve_match = re.search(r"(CVE-\d{4}-\d{4,})", soup.get_text())
         
         cve_id = cve_match.group(1) if cve_match else ""
         if not cve_id:
-            # If no CVE, we might skip or use a generated ID. For now, skip.
             return
 
         # Description
         description_header = soup.find(string=re.compile("Description"))
         description = ""
         if description_header:
-            # Usually the description is in the next paragraph or sibling
-            # The structure observed was <h3>Description</h3> <p>...</p>
             header_elem = description_header.parent
             if header_elem.name.startswith("h"):
                 desc_elem = header_elem.find_next_sibling()
@@ -131,15 +125,9 @@ def process_vulnerability_page(self, vuln_url):
                 sev_elem = header_elem.find_next_sibling()
                 if sev_elem:
                     sev_text = sev_elem.get_text(strip=True)
-                    # Example: 4.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)
                     cvss_match = re.search(r"\(CVSS:3\.1/(.*?)\)", sev_text)
                     if cvss_match:
                         vector = cvss_match.group(1)
-                        # We need to construct the full vector string if the library expects it, 
-                        # or just pass the vector part. 
-                        # VulnerabilitySeverity expects `scoring_elements` usually as the vector.
-                        # And we need to calculate the score or use the one provided.
-                        # Let's try to parse the score from text first.
                         score_match = re.match(r"([\d\.]+)", sev_text)
                         score = score_match.group(1) if score_match else None
                         
@@ -157,7 +145,6 @@ def process_vulnerability_page(self, vuln_url):
         if affected_header:
             header_elem = affected_header.parent
             if header_elem.name.startswith("h"):
-                # Usually a list <ul> or just text
                 next_elem = header_elem.find_next_sibling()
                 if next_elem:
                     if next_elem.name == "ul":
@@ -167,54 +154,45 @@ def process_vulnerability_page(self, vuln_url):
                             if pkg:
                                 affected_packages.append(pkg)
                     else:
-                        # Maybe just text lines?
                         lines = next_elem.get_text("\n").split("\n")
                         for line in lines:
                             pkg = self.parse_version_text(line.strip())
                             if pkg:
                                 affected_packages.append(pkg)
 
-        # Fixed Versions (Optional for now, but good to have)
-        # ... (Implementation similar to affected versions if needed)
+        # Clean URL
+        if "?" in vuln_url:
+            vuln_url = vuln_url.split("?")[0]
 
         yield AdvisoryData(
+            advisory_id=cve_id,
             aliases=[cve_id],
             summary=description,
             affected_packages=affected_packages,
-            references=[Reference(url=vuln_url)],
-            url=vuln_url
+            references_v2=[ReferenceV2(url=vuln_url)],
+            url=vuln_url,
+            severities=severities
         )
 
     def parse_version_text(self, text):
-        """
-        Parse a string like "Liferay DXP 7.3 before update 14" into an AffectedPackage.
-        """
-        # Heuristic parsing
         if not text:
             return None
             
-        # Determine package type/name
         if "DXP" in text:
             name = "liferay-dxp"
         elif "Portal" in text:
             name = "liferay-portal"
         else:
-            name = "liferay-portal" # Default
+            name = "liferay-portal"
             
         purl = PackageURL(type="generic", name=name)
         
-        # Extract version
-        # "7.3 before update 14" -> range
-        # "7.4.0" -> exact
-        
-        # Simple regex for "X.Y.Z"
         version_match = re.search(r"(\d+\.\d+(\.\d+)?)", text)
         if version_match:
             version = version_match.group(1)
             try:
-                # Treat as exact version for now
                 affected_range = MavenVersionRange.from_versions([version])
-                return AffectedPackage(
+                return AffectedPackageV2(
                     package=purl,
                     affected_version_range=affected_range
                 )
diff --git a/vulnerabilities/tests/test_liferay.py b/vulnerabilities/tests/test_liferay.py
index 07fefceb0..1307a4f2b 100644
--- a/vulnerabilities/tests/test_liferay.py
+++ b/vulnerabilities/tests/test_liferay.py
@@ -11,17 +11,17 @@
 from unittest import TestCase
 from unittest.mock import patch, MagicMock
 
-from vulnerabilities.importers.liferay import LiferayImporter
+from vulnerabilities.pipelines.v2_importers.liferay_importer import LiferayImporterPipeline
 from vulnerabilities.importer import AdvisoryData
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 TEST_DATA = os.path.join(BASE_DIR, "test_data")
 
 
-class TestLiferayImporter(TestCase):
-    @patch("vulnerabilities.importers.liferay.requests.get")
-    def test_advisory_data(self, mock_get):
-        importer = LiferayImporter()
+class TestLiferayImporterPipeline(TestCase):
+    @patch("vulnerabilities.pipelines.v2_importers.liferay_importer.requests.get")
+    def test_collect_advisories(self, mock_get):
+        importer = LiferayImporterPipeline()
         
         # Mock responses
         mock_main_page = MagicMock()
@@ -71,7 +71,7 @@ def side_effect(url):
             
         mock_get.side_effect = side_effect
         
-        advisories = list(importer.advisory_data())
+        advisories = list(importer.collect_advisories())
         
         self.assertEqual(len(advisories), 1)
         advisory = advisories[0]

From cbceb8890552d5ba398805210b8ff0e420709911 Mon Sep 17 00:00:00 2001
From: Parth Bhatt <paarthbhatt37@gmail.com>
Date: Fri, 21 Nov 2025 20:48:40 +0530
Subject: [PATCH 3/3] Address PR review feedback

- Implement proper advisories_count with release link caching
- Remove redundant CVE ID from aliases field (advisory_id already contains it)
- Add URL cleaning comment with example
- Update tests to match corrected behavior

Signed-off-by: Parth Bhatt <paarthbhatt37@gmail.com>
---
 .../v2_importers/liferay_importer.py          | 30 +++++++++++--------
 vulnerabilities/tests/test_liferay.py         |  2 +-
 2 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/vulnerabilities/pipelines/v2_importers/liferay_importer.py b/vulnerabilities/pipelines/v2_importers/liferay_importer.py
index d00afd25b..e8f7cdb55 100644
--- a/vulnerabilities/pipelines/v2_importers/liferay_importer.py
+++ b/vulnerabilities/pipelines/v2_importers/liferay_importer.py
@@ -33,35 +33,40 @@ class LiferayImporterPipeline(VulnerableCodeBaseImporterPipelineV2):
     pipeline_id = "liferay_importer_v2"
     importer_name = "Liferay Importer"
 
+    release_links = []
+
     @classmethod
     def steps(cls):
         return (cls.collect_and_store_advisories,)
 
     def advisories_count(self) -> int:
-        return 1
+        if not self.release_links:
+            self.release_links = self.fetch_release_links()
+        return len(self.release_links)
 
     def collect_advisories(self) -> Iterable[AdvisoryData]:
+        if not self.release_links:
+            self.release_links = self.fetch_release_links()
+
+        for release_url in self.release_links:
+            yield from self.process_release_page(release_url)
+
+    def fetch_release_links(self):
         base_url = "https://liferay.dev/portal/security/known-vulnerabilities"
-        
-        # 1. Fetch Main Page
         try:
             main_page = requests.get(base_url)
             main_page.raise_for_status()
         except requests.RequestException as e:
             logger.error(f"Failed to fetch Liferay main page: {e}")
-            return
+            return []
 
         soup = BeautifulSoup(main_page.content, "lxml")
-        
-        # 2. Find Release Links
-        release_links = set()
+        links = set()
         for a in soup.find_all("a", href=True):
             href = a["href"]
             if "/categories/" in href and "known-vulnerabilities" in href:
-                release_links.add(urljoin(base_url, href))
-
-        for release_url in release_links:
-            yield from self.process_release_page(release_url)
+                links.add(urljoin(base_url, href))
+        return list(links)
 
     def process_release_page(self, release_url):
         try:
@@ -161,12 +166,13 @@ def process_vulnerability_page(self, vuln_url):
                                 affected_packages.append(pkg)
 
         # Clean URL
+        # Example: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-1234?_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=...
         if "?" in vuln_url:
             vuln_url = vuln_url.split("?")[0]
 
         yield AdvisoryData(
             advisory_id=cve_id,
-            aliases=[cve_id],
+            aliases=[],
             summary=description,
             affected_packages=affected_packages,
             references_v2=[ReferenceV2(url=vuln_url)],
diff --git a/vulnerabilities/tests/test_liferay.py b/vulnerabilities/tests/test_liferay.py
index 1307a4f2b..d7d7d9d8c 100644
--- a/vulnerabilities/tests/test_liferay.py
+++ b/vulnerabilities/tests/test_liferay.py
@@ -76,7 +76,7 @@ def side_effect(url):
         self.assertEqual(len(advisories), 1)
         advisory = advisories[0]
         self.assertIsInstance(advisory, AdvisoryData)
-        self.assertEqual(advisory.aliases, ["CVE-2023-1234"])
+        self.assertEqual(advisory.aliases, [])
         self.assertEqual(advisory.summary, "This is a test vulnerability description.")
         self.assertEqual(len(advisory.affected_packages), 1)
         self.assertEqual(advisory.affected_packages[0].package.name, "liferay-portal")