CVE Conversion - handle cases where only 1 version is affected better.

**The CVE ID**
[CVE-2025-58050](https://osv.dev/vulnerability/CVE-2025-58050)

**Describe the data quality issue observed**
This vulnerability affects `PCRE2-10.45-RC1` and `PCRE2-10.45`. `PCRE2-10.44` and earlier are not affected.

- [NVD: CVE-2025-58050](https://nvd.nist.gov/vuln/detail/CVE-2025-58050) specifies a CPE of `cpe:2.3:a:pcre:pcre2:10.45:*:*:*:*:*:*:*`.
- [GitHub: GHSA-c2gv-xgf5-5cc2/BIGSLEEP-438254142](https://github.com/PCRE2Project/pcre2/security/advisories/GHSA-c2gv-xgf5-5cc2)  specifies affected versions: `10.45`

However, in the OSV record, the GIT ranges are:
```
      "versions": [
        "pcre2-10.38",
        "pcre2-10.38-RC1",
        "pcre2-10.39",
        "pcre2-10.40",
        "pcre2-10.41",
        "pcre2-10.42",
        "pcre2-10.43",
        "pcre2-10.43-RC1",
        "pcre2-10.44",
        "pcre2-10.45"
      ],
```

**Suggested changes to record**
The GIT versions should be limited to `PCRE2-10.45-RC1` and `PCRE2-10.45`.



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE Conversion - handle cases where only 1 version is affected better. #3938

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE Conversion - handle cases where only 1 version is affected better. #3938

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions