Skip to content

feat: clarify API 404 behavior when querying alias CVE IDs#5208

Open
Vedthakar wants to merge 2 commits into
google:masterfrom
Vedthakar:Issue-2235
Open

feat: clarify API 404 behavior when querying alias CVE IDs#5208
Vedthakar wants to merge 2 commits into
google:masterfrom
Vedthakar:Issue-2235

Conversation

@Vedthakar

@Vedthakar Vedthakar commented Apr 8, 2026

Copy link
Copy Markdown

Overview

Improve the documentation for failed vulnerability retrievals when users query an alias CVE directly through the OSV API and receive a 404 Bug not found response.

Fixes #2235

What changed

  • Clarified that some CVE IDs shown in the OSV.dev web UI may be aliases rather than first-class OSV vulnerability records
  • Added guidance explaining why direct API lookups for those alias IDs can return 404
  • Pointed users to the appropriate documentation/FAQ so the failure is easier to understand and troubleshoot

Why

Today, users can see a CVE listed as an alias on the website, try to retrieve it through the API, and get a confusing not found response. This change improves the UX by documenting the difference between first-class vulnerability IDs and aliases, and by giving users clearer next steps when a lookup fails.

Example

Before:

{"code":5,"message":"Bug not found."}

@github-actions

github-actions Bot commented Jun 7, 2026

Copy link
Copy Markdown

This pull request has not had any activity for 60 days and will be automatically closed in two weeks

@github-actions github-actions Bot added the stale The issue or PR is stale and pending automated closure label Jun 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

stale The issue or PR is stale and pending automated closure

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Improve the UX of failed vulnerability retrieval by the API

1 participant

@Vedthakar