Description
The GitHub Security Advisory for https://github.com/ongres/scram/ has been fully published and reviewed, but the associated CVE is still showing as "RESERVED" on MITRE/NVD after almost a month.
It appears the automated synchronization payload from GitHub (as the CNA) to the CVE Project was either dropped, failed schema validation, or is stuck in the upstream pipeline.
References & Links
Additional Context
The GHSA was published on June 4, 2026. Because the CVE remains in a "Reserved" state, downstream compliance tools, vulnerability scanners, and automated database checks are failing to flag this vulnerability correctly.
Could a member of the curation team please trigger a manual sync or push the updated CVE JSON 5 record upstream to the CVE Program? Thank you!
Description
The GitHub Security Advisory for https://github.com/ongres/scram/ has been fully published and reviewed, but the associated CVE is still showing as "RESERVED" on MITRE/NVD after almost a month.
It appears the automated synchronization payload from GitHub (as the CNA) to the CVE Project was either dropped, failed schema validation, or is stuck in the upstream pipeline.
References & Links
Additional Context
The GHSA was published on June 4, 2026. Because the CVE remains in a "Reserved" state, downstream compliance tools, vulnerability scanners, and automated database checks are failing to flag this vulnerability correctly.
Could a member of the curation team please trigger a manual sync or push the updated CVE JSON 5 record upstream to the CVE Program? Thank you!