Vulnerabilities do not have title neither description

[carlosthe19916]

• Upload the file
  CVE-2024-26930.json

• If you fetch advisories using GET /api/v1/advisories you will get something like:

{
    "items": [
        {
            "uuid": "urn:uuid:ce0496c9-5126-4087-a1a2-b776a13a37dd",
            "identifier": "CVE-2024-26930",
            "hashes": [
                "sha256:1290cde0a20915f5c047b2b4e43ff199e0c6155ba92e350a03885e2a6fa14c83",
                "sha384:07cda2e06b14415fe689fff786025e1ab5d516fdfaf68686b4614539685ffc62da9a5e9fae12b363d29916c8c9cb072c",
                "sha512:3233332e03dd2fc1056726176e5f992fd409dbc2a6f1319471c975abfee8ba5de339319046c3af647a1a04e17e7a72401580de89cce70275532e7187cdc52262"
            ],
            "issuer": {
                "id": "c16cfcf3-4a57-4ee8-9ff4-def153815e9d",
                "name": "Red Hat Product Security"
            },
            "published": "2024-05-01T00:00:00Z",
            "modified": "2024-07-29T23:36:55Z",
            "title": "kernel: scsi: qla2xxx: Fix double free of the ha->vp_map pointer",
            "labels": {
                "type": "csaf"
            },
            "average_severity": "medium",
            "average_score": 6.1,
            "vulnerabilities": [
                {
                    "identifier": "CVE-2024-26930",
                    "title": "kernel: scsi: qla2xxx: Fix double free of the ha->vp_map pointer",
                    "discovered": "2024-05-01T00:00:00Z",
                    "released": "2024-05-01T00:00:00Z",
                    "severity": "medium",
                    "score": 6.1
                }
            ]
        }
    ],
    "total": 1
}

NOTICE THAT THE items.vulnerabilities.title is there.

• Here is the problem. If I hit /api/v1/vulnerability I do not get any title neither description for the vulnerability

{
    "items": [
        {
            "normative": true,
            "identifier": "CVE-2024-26930",
            "average_severity": "medium",
            "average_score": 6.1,
            "advisories": [
                {
                    "uuid": "urn:uuid:ce0496c9-5126-4087-a1a2-b776a13a37dd",
                    "identifier": "CVE-2024-26930",
                    "hashes": [
                        "sha256:1290cde0a20915f5c047b2b4e43ff199e0c6155ba92e350a03885e2a6fa14c83",
                        "sha384:07cda2e06b14415fe689fff786025e1ab5d516fdfaf68686b4614539685ffc62da9a5e9fae12b363d29916c8c9cb072c",
                        "sha512:3233332e03dd2fc1056726176e5f992fd409dbc2a6f1319471c975abfee8ba5de339319046c3af647a1a04e17e7a72401580de89cce70275532e7187cdc52262"
                    ],
                    "issuer": {
                        "id": "c16cfcf3-4a57-4ee8-9ff4-def153815e9d",
                        "name": "Red Hat Product Security"
                    },
                    "published": "2024-05-01T00:00:00Z",
                    "modified": "2024-07-29T23:36:55Z",
                    "title": "kernel: scsi: qla2xxx: Fix double free of the ha->vp_map pointer",
                    "labels": {
                        "type": "csaf"
                    },
                    "severity": "medium",
                    "score": 6.1
                }
            ]
        }
    ],
    "total": 1
}

• There is a title that is provided by the advisory itself and it must be reflected into the Vulnerabilities.
• In case there are multiple advisories for the same vulnerability the server should pick one or merge them all but always provide a title