Why not every CVE collected in GHSA?

[JustinB1eber]

Accroding to the document, it seems that github security advisory database would collect every CVE from NVD

But I have seen a few CVEs not in GHSA, neither reviewed nor unreviewed, e.g. CVE-2023-31058

[spcompanyf15t33n]

unreviewed

[spcompanyf15t33n]

Accroding to the document, it seems that github security advisory database would collect every CVE from NVD

But I have seen a few CVEs not in GHSA, neither reviewed nor unreviewed, e.g. CVE-2023-31058

[KateCatlin]

Hey @JustinB1eber, thank you so much for writing in about this. We do have one small gap in our data, which is advisories originated from a GitHub security advisory which get a CVE but which are not part of our supported ecosystems. This is a date flow error that we are planning to correct.

Can you share any CVEs that you find which are not in our Advisory Database so I can confirm the issue is the same and that we don't have any other leaks?