Our repo is able to handle this mistake by mere accident (design) and is working fine.
This is because alphabetically NvdSource comes after GitHubSource so the information for the same CVE is getting updated from NVD which in this case is correct.
I will keep this open till we figure out a technological solution that doesn't involve paying a commercial company or human to check every report.
Vulnerability reports on CVE, GitHub etc can have a number of mistakes. Unlike CVE, GitHub doesn't seem to have a way of reporting mistakes at all!
Below is an example:
Our repo is able to handle this mistake by mere accident (design) and is working fine.
This is because alphabetically NvdSource comes after GitHubSource so the information for the same CVE is getting updated from NVD which in this case is correct.
I will keep this open till we figure out a technological solution that doesn't involve paying a commercial company or human to check every report.