Describe the bug
Users try to retrieve a vulnerability (typically a CVE) by the API that the web interface reports as an alias of another vulnerability and that retrieval fails because the CVE record does not exist in OSV.dev

To Reproduce
Steps to reproduce the behaviour:

1. View a vulnerability record on OSV.dev with an (unlinked) alias to a CVE
2. Attempt to retrieve that CVE via the API
3. Get a 404/Bug not found response from the API

Expected behaviour
The user receives some pointers to documentation to assist with interpreting the search failure.

My initial thoughts:

• include a link to https://osv.dev/faq in the message text
• add a new FAQ entry about bugs not found/404s from the API
• add to https://google.github.io/osv.dev/post-v1-query/ about querying by first class vulnerabilities versus aliases (also discussed in API: query vulnerabilities by cve id #1016)

Screenshots

Contrived example:

$ GET -s https://api.osv.dev/v1/vulns/CVE-2025-0001
404 Not Found
{"code":5,"message":"Bug not found."}