Skip to content

feat: clarify API 404 behavior when querying alias CVE IDs#5208

Open
Vedthakar wants to merge 2 commits intogoogle:masterfrom
Vedthakar:Issue-2235
Open

feat: clarify API 404 behavior when querying alias CVE IDs#5208
Vedthakar wants to merge 2 commits intogoogle:masterfrom
Vedthakar:Issue-2235

Conversation

@Vedthakar
Copy link
Copy Markdown

@Vedthakar Vedthakar commented Apr 8, 2026

Overview

Improve the documentation for failed vulnerability retrievals when users query an alias CVE directly through the OSV API and receive a 404 Bug not found response.

Fixes #2235

What changed

  • Clarified that some CVE IDs shown in the OSV.dev web UI may be aliases rather than first-class OSV vulnerability records
  • Added guidance explaining why direct API lookups for those alias IDs can return 404
  • Pointed users to the appropriate documentation/FAQ so the failure is easier to understand and troubleshoot

Why

Today, users can see a CVE listed as an alias on the website, try to retrieve it through the API, and get a confusing not found response. This change improves the UX by documenting the difference between first-class vulnerability IDs and aliases, and by giving users clearer next steps when a lookup fails.

Example

Before:

{"code":5,"message":"Bug not found."}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Improve the UX of failed vulnerability retrieval by the API

1 participant

@Vedthakar