DependencyTrack · fahedouch · Mar 27, 2026 · Copilot · Mar 27, 2026
diff --git a/apiserver/src/main/java/org/dependencytrack/model/Vulnerability.java b/apiserver/src/main/java/org/dependencytrack/model/Vulnerability.java
@@ -131,7 +131,8 @@ public enum Source {
         INTERNAL,  // Internally-managed (and manually entered) vulnerability
         OSV, // Google OSV Advisories
         SNYK,    // Snyk Purl Vulnerability
-        CSAF;    // CSAF Vulnerability sources
+        CSAF,    // CSAF Vulnerability sources
+        UNKNOWN; // Unknown or unrecognized vulnerability source
 
         public static boolean isKnownSource(String source) {
             return Arrays.stream(values()).anyMatch(enumSource -> enumSource.name().equalsIgnoreCase(source));