Missing advisory json GHSA-f825-f98c-gj3g

[christopherferreira19]

Context:
We are building a database aggregating vulnerabilities from different sources.
While comparing our results to other similar products, I found that our database is missing GHSA-f825-f98c-gj3g.

After investigating it seems that the json file of this vulnerability was removed.
Publish commit: 14330db
Removal commit: 723d106
The removal commit does not give any indication explaining why it was removed.

Otherwise, the vulnerability is still visible here: GHSA-f825-f98c-gj3g.
Is that somehow a mistake or is my assumption that this repository should be the underlying source of truth for https://github.com/advisories wrong ?

[KateCatlin]

Thanks for reporting @christopherferreira19, we're looking into this!
You are correct that this repository should be the underlying source of truth.

[KateCatlin]

@christopherferreira19 we looked into it and it turns out that advisory was using an exclusive lower bound (>) operator in the list of affected versions, which we can't convert to OSV and therefore couldn't republish to this repo.

Coincidentally, we've been conducting a review of all advisories with this operator and recently fixed this.

The advisory does now have a json file, and we've hopefully taken the right steps to prevent this from being an issue in the future but do let us know if something like this comes up again!