Skip to content

Inconsistency: GHSA public but assigned CVE remains in RESERVED state [GHSA-p9jg-fcr6-3mhf] #8411

Description

@jorsol

Description

The GitHub Security Advisory for https://github.com/ongres/scram/ has been fully published and reviewed, but the associated CVE is still showing as "RESERVED" on MITRE/NVD after almost a month.

It appears the automated synchronization payload from GitHub (as the CNA) to the CVE Project was either dropped, failed schema validation, or is stuck in the upstream pipeline.

References & Links

Additional Context

The GHSA was published on June 4, 2026. Because the CVE remains in a "Reserved" state, downstream compliance tools, vulnerability scanners, and automated database checks are failing to flag this vulnerability correctly.

Could a member of the curation team please trigger a manual sync or push the updated CVE JSON 5 record upstream to the CVE Program? Thank you!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions