diff --git a/.gitignore b/.gitignore
index 4c8414d28..63fb1b5b0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -46,8 +46,14 @@ coverage.xml
 *.log
 local_settings.py
 
-# Sphinx documentation
-docs/_build/
+# Sphinx
+docs/_build
+docs/bin
+docs/build
+docs/include
+docs/Lib
+doc/pyvenv.cfg
+pyvenv.cfg
 
 # PyBuilder
 target/
@@ -103,3 +109,13 @@ Pipfile
 *.bak
 /.cache/
 /tmp/
+
+# pyenv
+/.python-version
+/man/
+/.pytest_cache/
+lib64
+tcl
+
+# Ignore Jupyter Notebook related temp files
+.ipynb_checkpoints/
diff --git a/.readthedocs.yml b/.readthedocs.yml
index d5dde4cfd..683f3a82a 100644
--- a/.readthedocs.yml
+++ b/.readthedocs.yml
@@ -5,12 +5,25 @@
 # Required
 version: 2
 
+# Build in latest ubuntu/python
+build:
+  os: ubuntu-22.04
+  tools:
+    python: "3.11"
+
+# Build PDF & ePub
+formats:
+  - epub
+  - pdf
+
 # Where the Sphinx conf.py file is located
 sphinx:
    configuration: docs/source/conf.py
 
-# Setting the doc build requirements
+# Setting the python version and doc build requirements
 python:
-  version: "3.7"
   install:
-    - requirements: docs/requirements.txt
+    - method: pip
+      path: .
+      extra_requirements:
+        - dev
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 96afb1188..275c0b804 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -2,8 +2,108 @@ Release notes
 =============
 
 
+Version v33.6.3
+----------------
+
+- We updated RTD build configuration.
+- We added importer for OSS-Fuzz.
+- We removed vulnerabilities with empty aliases.
+- We fixed search encoding issue https://github.com/nexB/vulnerablecode/issues/1336.
+- We added middleware to ban "bytedance" user-agent.
+
+
+Version v33.6.2
+----------------
+
+- We added note about CSRF_TRUSTED_ORIGINS.
+- We added proper acknowledgements for NGI projects.
+- We added throttling for anonymous users.
+
+Version v33.6.1
+----------------
+
+- We added pagination to valid versions improver.
+
+
+Version v33.6.0
+----------------
+
+- We added support to write packages and vulnerabilities at the time of import.
+
+
+Version v33.5.0
+----------------
+
+- We fixed a text-overflow issue in the Essentials tab of the Vulnerability details template.
+- We added clickable links to the Essentials tab of the Vulnerability details template that enable
+  the user to navigate to the Fixed by packages tab and the Affected packages tab.
+- We fixed severity range issue for handling unknown scores.
+
+Version v33.4.0
+----------------
+
+- We added importer specific improvers and removed default improver
+  additionally improve recent advisories first.
+
+
+Version v33.3.0
+----------------
+
+- We filtered out the weakness that are not presented in the
+  cwe2.database before passing them into the vulnerability details view.
+
+
+Version v33.2.0
+-----------------
+
+- We fixed NVD importer to import the latest data by adding weakness
+  in unique content ID for advisories.
+
+
+Version v33.1.0
+-----------------
+
+- We have paginated the default improver and added keyboard interrupt support for import and improve processes.
+- We bumped PyYaml to 6.0.1 and saneyaml to 0.6.0 and dropped docker-compose.
+
+
+Version v33.0.0
+-----------------
+
+- We have dropped ``unresolved_vulnerabilities`` from /api/package endpoint API response.
+- We have added missing quotes for href values in template.
+- We have fixed merge functionality of AffectedPackage.
+
+
+Version v32.0.1
+-----------------
+
+- Clean imported data after import process.
+
+
+Version v32.0.0
+-----------------
+
+- We fixed Apache HTTPD and Apache Kafka importer.
+- We removed excessive network calls from Redhat importer.
+- Add documentation for version 32.0.0.
+
+
+Version v32.0.0rc4
+-------------------
+
+- We added loading of env for GitHub datasource in vulntotal.
+- We fixed import process in github importer in vulnerablecode reported here
+  https://github.com/nexB/vulnerablecode/issues/1142.
+- We added an improver to get all package versions
+  of all ecosystems for a range of affected packages.
+- We added documentation for configuring throttling rate for API endpoints.
+- We fixed kbmsr2019 importer.
+- We added support for conan advisories through gitlab importer.
+
+
 Version v32.0.0rc3
-------------
+-------------------
 
 - Add aliases to package endpoint.
 - We added Apache HTTPD improver.
diff --git a/README.rst b/README.rst
index f41e968ee..a5a256b13 100644
--- a/README.rst
+++ b/README.rst
@@ -105,6 +105,7 @@ On a Debian system, use this::
     git clone https://github.com/nexB/vulnerablecode.git && cd vulnerablecode
     make dev envfile postgres
     make test
+    source venv/bin/activate
     ./manage.py import vulnerabilities.importers.nginx.NginxImporter
     ./manage.py improve --all
     make run
@@ -145,3 +146,20 @@ See https://creativecommons.org/licenses/by-sa/4.0/legalcode for the license tex
 See https://github.com/nexB/vulnerablecode for support or download. 
 
 See https://aboutcode.org for more information about nexB OSS projects.
+
+Acknowledgements
+^^^^^^^^^^^^^^^^
+
+This project was funded through the NGI0 PET Fund, a fund established by
+NLnet with financial support from the European Commission's Next Generation
+Internet programme, under the aegis of DG Communications Networks, Content
+and Technology under grant agreement No 825310.
+
+https://nlnet.nl/project/VulnerableCode/
+
+This project was funded through the NGI0 Discovery Fund, a fund established
+by NLnet with financial support from the European Commission's Next Generation
+Internet programme, under the aegis of DG Communications Networks, Content
+and Technology under grant agreement No 825322.
+
+https://nlnet.nl/project/vulnerabilitydatabase/
diff --git a/SOURCES.rst b/SOURCES.rst
index 8cf65d02d..bc0963a10 100644
--- a/SOURCES.rst
+++ b/SOURCES.rst
@@ -13,7 +13,7 @@
 +----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
 |ruby            | https://github.com/rubysec/ruby-advisory-db.git                                                      |ruby gems                                           |
 +----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
-|ubuntu          | https://people.canonical.com/~ubuntu-security/oval/                                                  |ubuntu packages                                     |
+|ubuntu          |                                                                                                      |ubuntu packages                                     |
 +----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
 |retiredotnet    | https://github.com/RetireNet/Packages.git                                                            |.NET packages                                       |
 +----------------+------------------------------------------------------------------------------------------------------+----------------------------------------------------+
diff --git a/apache-2.0.LICENSE b/apache-2.0.LICENSE
index d9a10c0d8..261eeb9e9 100644
--- a/apache-2.0.LICENSE
+++ b/apache-2.0.LICENSE
@@ -174,3 +174,28 @@
       of your accepting any such warranty or additional liability.
 
    END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/docs/requirements.txt b/docs/requirements.txt
index e1b67b3c3..682892887 100644
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -1,3 +1,3 @@
 Sphinx>=3.3.1
 sphinx-rtd-theme>=0.5.0
-doc8>=0.8.1
\ No newline at end of file
+doc8>=0.8.1
diff --git a/docs/source/_static/theme_overrides.css b/docs/source/_static/theme_overrides.css
new file mode 100644
index 000000000..ce4aad98f
--- /dev/null
+++ b/docs/source/_static/theme_overrides.css
@@ -0,0 +1,31 @@
+/* this is the container for the pages */
+.wy-nav-content {
+    max-width: 100%;
+    padding: 0px 40px 0px 0px;
+    margin-top: 0px;
+    background-color: #fcfcfc;
+}
+
+.wy-nav-content-wrap {
+    background-color: #fcfcfc;
+    border-right: solid 1px #e8e8e8;
+}
+
+div.rst-content {
+    max-width: 1300px;
+    background-color: #fcfcfc;
+    border: 0;
+    padding: 0px 80px 10px 80px;
+    margin-left: 50px;
+}
+
+
+@media (max-width: 768px) {
+    div.rst-content {
+            max-width: 1300px;
+            background-color: #fcfcfc;
+            border: 0;
+            padding: 0px 10px 10px 10px;
+            margin-left: 0px;
+        }
+}
diff --git a/docs/source/api-admin.rst b/docs/source/api-admin.rst
new file mode 100644
index 000000000..53cf25354
--- /dev/null
+++ b/docs/source/api-admin.rst
@@ -0,0 +1,21 @@
+.. _api_admin:
+
+API usage administration for on-premise deployments
+====================================================
+
+Enable the API key authentication
+------------------------------------
+
+There is a setting VULNERABLECODEIO_REQUIRE_AUTHENTICATION for this. Use it this
+way::
+
+    $ VULNERABLECODEIO_REQUIRE_AUTHENTICATION=1 make run
+
+
+Create an API key-only user
+------------------------------------
+
+This can be done in the admin and from the command line::
+
+    $ ./manage.py create_api_user --email "p4@nexb.com" --first-name="Phil" --last-name "Goel"
+    User p4@nexb.com created with API key: ce8616b929d2adsddd6146346c2f26536423423491
diff --git a/docs/source/api.rst b/docs/source/api.rst
index c779784a5..7f34c5b0b 100644
--- a/docs/source/api.rst
+++ b/docs/source/api.rst
@@ -11,33 +11,136 @@ Browse the Open API documentation
 - https://public.vulnerablecode.io/api/schema/ for the OpenAPI schema
 
 
-Enable the API key authentication
+How to use OpenAPI documentation
+--------------------------------------
+
+The API documentation is available at https://public.vulnerablecode.io/api/docs/.
+To use the endpoints you need to authenticate with an API key. Request your API key
+from https://public.vulnerablecode.io/account/request_api_key/. Once you have
+your API key, click on the ``Authorize`` button on the top right of the page and enter
+your API key in the ``value`` field with ``Token`` prefix, so if your token is "1234567890abcdef"
+then you have to enter this: ``Token 1234567890abcdef``.
+
+.. _Package Vulnerabilities Query:
+
+Query for Package Vulnerabilities
 ------------------------------------
 
-There is a setting VULNERABLECODEIO_REQUIRE_AUTHENTICATION for this. Use it this
-way::
+The package endpoint allows you to query vulnerabilities by package using a
+purl or purl fields.
 
-    $ VULNERABLECODEIO_REQUIRE_AUTHENTICATION=1 make run
+Sample python script::
 
+    import requests
 
-Create an API key-only user
-------------------------------------
+    # Query by purl
+    resp = requests.get(
+        "https://public.vulnerablecode.io/api/packages?purl=pkg:maven/log4j/log4j@1.2.27",
+        headers={"Authorization": "Token 123456789"},
+    ).json()
+
+    # Query by purl type, get all the vulnerable maven packages
+    resp = requests.get(
+        "https://public.vulnerablecode.io/api/packages?type=maven",
+        headers={"Authorization": "Token 123456789"},
+    ).json()
+
+Sample using curl::
+
+    curl -X GET -H 'Authorization: Token <YOUR TOKEN>' https://public.vulnerablecode.io/api/packages?purl=pkg:maven/log4j/log4j@1.2.27
+
+
+The response will be a list of packages, these are packages
+that are affected by and/or that fix a vulnerability.
+
+
+.. _Package Bulk Search:
+
+Package Bulk Search
+---------------------
+
+
+The package bulk search endpoint allows you to search for purls in bulk. You can
+pass a list of purls in the request body and the endpoint will return a list of
+purls with vulnerabilities.
+
+
+You can pass a list of ``purls`` in the request body. Each package should be a
+valid purl string.
+
+You can also pass options like ``purl_only`` and ``plain_purl`` in the request.
+``purl_only`` will return only a list of vulnerable purls from the purls received in request.
+``plain_purl`` allows you to query the API using plain purls by removing qualifiers
+and subpath from the purl.
 
-This can be done in the admin and from the command line::
+The request body should be a JSON object with the following structure::
 
-    $ ./manage.py create_api_user --email "p4@nexb.com" --first-name="Phil" --last-name "Goel"
-    User p4@nexb.com created with API key: ce8616b929d2adsddd6146346c2f26536423423491
+    {
+        "purls": [
+            "pkg:pypi/flask@1.2.0",
+            "pkg:npm/express@1.0"
+        ],
+        "purl_only": false,
+        "plain_purl": false,
+    }
 
+Sample python script::
 
-Access the API using curl
------------------------------
+    import requests
 
-    curl -X GET -H 'Authorization: Token <YOUR TOKEN>' https://public.vulnerablecode.io/api/
+    request_body = {
+        "purls": [
+            "pkg:npm/grunt-radical@0.0.14"
+        ],
+    }
 
+    resp = requests.post('https://public.vulnerablecode.io/api/packages/bulk_search', json= request_body, headers={'Authorization': "Token 123456789"}).json()
 
-API endpoints
----------------
 
+The response will be a list of packages, these are packages
+that are affected by and/or that fix a vulnerability.
+
+.. _CPE Bulk Search:
+
+CPE Bulk Search
+---------------------
+
+
+The CPE bulk search endpoint allows you to search for packages in bulk.
+You can pass a list of packages in the request body and the endpoint will
+return a list of vulnerabilities.
+
+
+You can pass a list of ``cpes`` in the request body. Each cpe should be a
+non empty string and a valid CPE.
+
+
+The request body should be a JSON object with the following structure::
+
+    {
+        "cpes": [
+            "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*",
+            "cpe:2.3:a:apache:struts:2.3.2:*:*:*:*:*:*:*"
+        ]
+    }
+
+Sample python script::
+
+    import requests
+
+    request_body = {
+        "cpes": [
+            "cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*"
+        ],
+    }
+
+    resp = requests.post('https://public.vulnerablecode.io/api/cpes/bulk_search', json= request_body, headers={'Authorization': "Token 123456789"}).json()
+
+The response will be a list of vulnerabilities that have the following CPEs.
+
+
+API endpoints reference
+--------------------------
 
 There are two primary endpoints:
 
@@ -48,3 +151,83 @@ There are two primary endpoints:
 And two secondary endpoints, used to query vulnerability aliases (such as CVEs)
 and vulnerability by CPEs: cpes/ and aliases/
 
+
+.. list-table:: Table for the main API endpoints
+   :widths: 30 40 30
+   :header-rows: 1
+
+   * - Endpoint
+     - Query Parameters
+     - Expected Output
+   * - ``/api/packages``
+     -
+       - ``purl`` (string) = package-url of the package
+       - ``type`` (string) = type of the package
+       - ``namespace`` (string) = namespace of the package
+       - ``name`` (string) = name of the package
+       - ``version`` (string) = version of the package
+       - ``qualifiers`` (string) = qualifiers of the package
+       - ``subpath`` (string) = subpath of the package
+       - ``page`` (integer) = page number of the response
+       - ``page_size`` (integer) = number of packages in each page
+     - Return a list of packages using a package-url (purl) or a combination of
+       type, namespace, name, version, qualifiers, subpath purl fields. See the
+       `purl specification <https://github.com/package-url/purl-spec>`_ for more details. See example at :ref:`Package Vulnerabilities Query` section for more details.
+   * - ``/api/packages/bulk_search``
+     - Refer to package bulk search section :ref:`Package Bulk Search`
+     - Return a list of packages
+   * - ``/api/vulnerabilities/``
+     -
+       - ``vulnerability_id`` (string) = VCID (VulnerableCode Identifier) of the vulnerability
+       - ``page`` (integer) = page number of the response
+       - ``page_size`` (integer) = number of vulnerabilities in each page
+     - Return a list of vulnerabilities
+   * - ``/api/cpes``
+     -
+       - ``cpe`` (string) = value of the cpe
+       - ``page`` (integer) = page number of the response
+       - ``page_size`` (integer) = number of cpes in each page
+     - Return a list of vulnerabilities
+   * - ``/api/cpes/bulk_search``
+     - Refer to CPE bulk search section :ref:`CPE Bulk Search`
+     - Return a list of cpes
+   * - ``/api/aliases``
+     -
+       - ``alias`` (string) = value of the alias
+       - ``page`` (integer) = page number of the response
+       - ``page_size`` (integer) = number of aliases in each page
+     - Return a list of vulnerabilities
+
+.. list-table:: Table for other API endpoints
+   :widths: 30 40 30
+   :header-rows: 1
+
+   * - Endpoint
+     - Query Parameters
+     - Expected Output
+   * - ``/api/packages/{id}``
+     -
+       - ``id`` (integer) = internal primary id of the package
+     - Return a package with the given id
+   * - ``/api/packages/all``
+     - No parameter required
+     - Return a list of all vulnerable packages
+   * - ``/api/vulnerabilities/{id}``
+     -
+       - ``id`` (integer) = internal primary id of the vulnerability
+     - Return a vulnerability with the given id
+   * - ``/api/aliases/{id}``
+     -
+       - ``id`` (integer) = internal primary id of the alias
+     - Return an alias with the given id
+   * - ``/api/cpes/{id}``
+     -
+       - ``id`` = internal primary id of the cpe
+     - Return a cpe with the given id
+
+Miscellaneous
+----------------
+
+The API is paginated and the default page size is 100. You can change the page size
+by passing the ``page_size`` parameter. You can also change the page number by passing
+the ``page`` parameter.
diff --git a/docs/source/conf.py b/docs/source/conf.py
index 94f2c1d60..7141ba67d 100644
--- a/docs/source/conf.py
+++ b/docs/source/conf.py
@@ -60,6 +60,11 @@
 # Add any paths that contain custom static files (such as style sheets) here,
 # relative to this directory. They are copied after the builtin static files,
 # so a file named "default.css" will overwrite the builtin "default.css".
-html_static_path = []
+# html_static_path = []
+html_static_path = ["_static"]
+
+html_css_files = [
+    "theme_overrides.css",
+]
 
 master_doc = "index"
diff --git a/docs/source/contributing.rst b/docs/source/contributing.rst
index 18f021b4d..fa6e7075b 100644
--- a/docs/source/contributing.rst
+++ b/docs/source/contributing.rst
@@ -89,3 +89,577 @@ Helpful Resources
   on how to write good commit messages
 - `Pro Git book <https://git-scm.com/book/en/v2>`_
 - `How to write a good bug report <https://www.softwaretestinghelp.com/how-to-write-good-bug-report/>`_
+
+.. _tutorial_add_a_new_importer:
+
+Add a new importer
+-------------------
+
+This tutorial contains all the things one should know to quickly implement an importer.
+Many internal details about importers can be found inside the
+:file:`vulnerabilites/importer.py` file.
+Make sure to go through :ref:`importer-overview` before you begin writing one.
+
+TL;DR
+-------
+
+#. Create a new :file:`vulnerabilities/importers/{importer_name.py}` file.
+#. Create a new importer subclass inheriting from the ``Importer`` superclass defined in
+   ``vulnerabilites.importer``. It is conventional to end an importer name with *Importer*.
+#. Specify the importer license.
+#. Implement the ``advisory_data`` method to process the data source you are
+   writing an importer for.
+#. Add the newly created importer to the importers registry at
+   ``vulnerabilites/importers/__init__.py``
+
+.. _tutorial_add_a_new_importer_prerequisites:
+
+Prerequisites
+--------------
+
+Before writing an importer, it is important to familiarize yourself with the following concepts.
+
+PackageURL
+^^^^^^^^^^^^
+
+VulnerableCode extensively uses Package URLs to identify a package. See the
+`PackageURL specification <https://github.com/package-url/purl-spec>`_ and its `Python implementation
+<https://github.com/package-url/packageurl-python>`_ for more details.
+
+**Example usage:**
+
+.. code:: python
+
+    from packageurl import PackageURL
+    purl = PackageURL(name="ffmpeg", type="deb", version="1.2.3")
+
+
+AdvisoryData
+^^^^^^^^^^^^^
+
+``AdvisoryData`` is an intermediate data format:
+it is expected that your importer will convert the raw scraped data into ``AdvisoryData`` objects.
+All the fields in ``AdvisoryData`` dataclass are optional; it is the importer's resposibility to
+ensure that it contains meaningful information about a vulnerability.
+
+AffectedPackage
+^^^^^^^^^^^^^^^^
+
+``AffectedPackage`` data type is used to store a range of affected versions and a fixed version of a
+given package. For all version-related data, `univers <https://github.com/nexB/univers>`_ library
+is used.
+
+Univers
+^^^^^^^^
+
+`univers <https://github.com/nexB/univers>`_ is a Python implementation of the `vers specification <https://github.com/package-url/purl-spec/pull/139>`_.
+It can parse and compare all the package versions and all the ranges,
+from debian, npm, pypi, ruby and more.
+It processes all the version range specs and expressions.
+
+Importer
+^^^^^^^^^
+
+All the generic importers need to implement the ``Importer`` class.
+For ``Git`` or ``Oval`` data source, ``GitImporter`` or ``OvalImporter`` could be implemented.
+
+.. note::
+
+   ``GitImporter`` and ``OvalImporter`` need a complete rewrite.
+   Interested in :ref:`contributing` ?
+
+Writing an importer
+---------------------
+
+Create Importer Source File
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+All importers are located in the :file:`vulnerabilites/importers` directory.
+Create a new file to put your importer code in.
+Generic importers are implemented by writing a subclass for the ``Importer`` superclass and
+implementing the unimplemented methods.
+
+Specify the Importer License
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Importers scrape data off the internet.  In order to make sure the data is useable, a license
+must be provided.
+Populate the ``spdx_license_expression`` with the appropriate value.
+The SPDX license identifiers can be found at https://spdx.org/licenses/.
+
+.. note::
+   An SPDX license identifier by itself is a valid licence expression. In case you need more complex
+   expressions, see https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/
+
+Implement the ``advisory_data`` Method
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The ``advisory_data`` method scrapes the advisories from the data source this importer is
+targeted at.
+It is required to return an *Iterable of AdvisoryData objects*, and thus it is a good idea to yield
+from this method after creating each AdvisoryData object.
+
+At this point, an example importer will look like this:
+
+:file:`vulnerabilites/importers/example.py`
+
+.. code-block:: python
+
+    from typing import Iterable
+
+    from packageurl import PackageURL
+
+    from vulnerabilities.importer import AdvisoryData
+    from vulnerabilities.importer import Importer
+
+
+    class ExampleImporter(Importer):
+
+        spdx_license_expression = "BSD-2-Clause"
+
+        def advisory_data(self) -> Iterable[AdvisoryData]:
+            return []
+
+This importer is only a valid skeleton and does not import anything at all.
+
+Let us implement another dummy importer that actually imports some data.
+
+Here we have a ``dummy_package`` which follows ``NginxVersionRange`` and ``SemverVersion`` for
+version management from `univers <https://github.com/nexB/univers>`_.
+
+.. note::
+
+   It is possible that the versioning scheme you are targeting has not yet been
+   implemented in the `univers <https://github.com/nexB/univers>`_ library.
+   If this is the case, you will need to head over there and implement one.
+
+.. code-block:: python
+
+    from datetime import datetime
+    from datetime import timezone
+    from typing import Iterable
+
+    import requests
+    from packageurl import PackageURL
+    from univers.version_range import NginxVersionRange
+    from univers.versions import SemverVersion
+
+    from vulnerabilities.importer import AdvisoryData
+    from vulnerabilities.importer import AffectedPackage
+    from vulnerabilities.importer import Importer
+    from vulnerabilities.importer import Reference
+    from vulnerabilities.importer import VulnerabilitySeverity
+    from vulnerabilities.severity_systems import SCORING_SYSTEMS
+
+
+    class ExampleImporter(Importer):
+
+        spdx_license_expression = "BSD-2-Clause"
+
+        def advisory_data(self) -> Iterable[AdvisoryData]:
+            raw_data = fetch_advisory_data()
+            for data in raw_data:
+                yield parse_advisory_data(data)
+
+
+    def fetch_advisory_data():
+        return [
+            {
+                "id": "CVE-2021-23017",
+                "summary": "1-byte memory overwrite in resolver",
+                "advisory_severity": "medium",
+                "vulnerable": "0.6.18-1.20.0",
+                "fixed": "1.20.1",
+                "reference": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html",
+                "published_on": "14-02-2021 UTC",
+            },
+            {
+                "id": "CVE-2021-1234",
+                "summary": "Dummy advisory",
+                "advisory_severity": "high",
+                "vulnerable": "0.6.18-1.20.0",
+                "fixed": "1.20.1",
+                "reference": "http://example.com/cve-2021-1234",
+                "published_on": "06-10-2021 UTC",
+            },
+        ]
+
+
+    def parse_advisory_data(raw_data) -> AdvisoryData:
+        purl = PackageURL(type="example", name="dummy_package")
+        affected_version_range = NginxVersionRange.from_native(raw_data["vulnerable"])
+        fixed_version = SemverVersion(raw_data["fixed"])
+        affected_package = AffectedPackage(
+            package=purl, affected_version_range=affected_version_range, fixed_version=fixed_version
+        )
+        severity = VulnerabilitySeverity(
+            system=SCORING_SYSTEMS["generic_textual"], value=raw_data["advisory_severity"]
+        )
+        references = [Reference(url=raw_data["reference"], severities=[severity])]
+        date_published = datetime.strptime(raw_data["published_on"], "%d-%m-%Y %Z").replace(
+            tzinfo=timezone.utc
+        )
+
+        return AdvisoryData(
+            aliases=[raw_data["id"]],
+            summary=raw_data["summary"],
+            affected_packages=[affected_package],
+            references=references,
+            date_published=date_published,
+        )
+
+
+.. note::
+
+   | Use ``make valid`` to format your new code using black and isort automatically.
+   | Use ``make check`` to check for formatting errors.
+
+Register the Importer
+^^^^^^^^^^^^^^^^^^^^^^
+
+Finally, register your importer in the importer registry at
+:file:`vulnerabilites/importers/__init__.py`
+
+.. code-block:: python
+   :emphasize-lines: 1, 4
+
+    from vulnerabilities.importers import example
+    from vulnerabilities.importers import nginx
+
+    IMPORTERS_REGISTRY = [nginx.NginxImporter, example.ExampleImporter]
+
+    IMPORTERS_REGISTRY = {x.qualified_name: x for x in IMPORTERS_REGISTRY}
+
+Congratulations! You have written your first importer.
+
+Run Your First Importer
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+If everything went well, you will see your importer in the list of available importers.
+
+.. code-block:: console
+   :emphasize-lines: 5
+
+    $ ./manage.py import --list
+
+    Vulnerability data can be imported from the following importers:
+    vulnerabilities.importers.nginx.NginxImporter
+    vulnerabilities.importers.example.ExampleImporter
+
+Now, run the importer.
+
+.. code-block:: console
+
+    $ ./manage.py import vulnerabilities.importers.example.ExampleImporter
+
+    Importing data using vulnerabilities.importers.example.ExampleImporter
+    Successfully imported data using vulnerabilities.importers.example.ExampleImporter
+
+See :ref:`command_line_interface` for command line usage instructions.
+
+Enable Debug Logging (Optional)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+For more visibility, turn on debug logs in :file:`vulnerablecode/settings.py`.
+
+.. code-block:: python
+
+    DEBUG = True
+    LOGGING = {
+        'version': 1,
+        'disable_existing_loggers': False,
+        'handlers': {
+            'console': {
+                'class': 'logging.StreamHandler',
+            },
+        },
+        'root': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+        },
+    }
+
+Invoke the import command now and you will see (in a fresh database):
+
+.. code-block:: console
+
+    $ ./manage.py import vulnerabilities.importers.example.ExampleImporter
+
+    Importing data using vulnerabilities.importers.example.ExampleImporter
+    Starting import for vulnerabilities.importers.example.ExampleImporter
+    [*] New Advisory with aliases: ['CVE-2021-23017'], created_by: vulnerabilities.importers.example.ExampleImporter
+    [*] New Advisory with aliases: ['CVE-2021-1234'], created_by: vulnerabilities.importers.example.ExampleImporter
+    Finished import for vulnerabilities.importers.example.ExampleImporter. Imported 2 advisories.
+    Successfully imported data using vulnerabilities.importers.example.ExampleImporter
+
+.. _tutorial_add_a_new_improver:
+
+Add a new improver
+---------------------
+
+This tutorial contains all the things one should know to quickly
+implement an improver.
+Many internal details about improvers can be found inside the
+:file:`vulnerabilites/improver.py` file.
+Make sure to go through :ref:`improver-overview` before you begin writing one.
+
+TL;DR
+-------
+
+#. Locate the importer that this improver will be improving data of at
+   :file:`vulnerabilities/importers/{importer_name.py}` file.
+#. Create a new improver subclass inheriting from the ``Improver`` superclass defined in
+   ``vulnerabilites.improver``. It is conventional to end an improver name with *Improver*.
+#. Implement the ``interesting_advisories`` property to return a QuerySet of imported data
+   (``Advisory``) you are interested in.
+#. Implement the ``get_inferences`` method to return an iterable of ``Inference`` objects for the
+   given ``AdvisoryData``.
+#. Add the newly created improver to the improvers registry at
+   ``vulnerabilites/improvers/__init__.py``.
+
+Prerequisites
+--------------
+
+Before writing an improver, it is important to familiarize yourself with the following concepts.
+
+Importer
+^^^^^^^^^^
+
+Importers are responsible for scraping vulnerability data from various data sources without creating
+a complete relational model between vulnerabilites and their fixes and storing them in a structured
+fashion. These data are stored in the ``Advisory`` model and can be converted to an equivalent
+``AdvisoryData`` for various use cases.
+See :ref:`importer-overview` for a brief overview on importers.
+
+Importer Prerequisites
+^^^^^^^^^^^^^^^^^^^^^^^
+
+Improvers consume data produced by importers, and thus it is important to familiarize yourself with
+:ref:`Importer Prerequisites <tutorial_add_a_new_importer_prerequisites>`.
+
+Inference
+^^^^^^^^^^^
+
+Inferences express the contract between the improvers and the improve runner framework.
+An inference is intended to contain data points about a vulnerability without any uncertainties,
+which means that one inference will target one vulnerability with the specific relevant affected and
+fixed packages (in the form of `PackageURLs <https://github.com/package-url/packageurl-python>`_).
+There is no notion of version ranges here: all package versions must be explicitly specified.
+
+Because this concrete relationship is rarely available anywhere upstream, we have to *infer*
+these values, thus the name.
+As inferring something is not always perfect, an Inference also comes with a confidence score.
+
+Improver
+^^^^^^^^^
+
+All the Improvers must inherit from ``Improver`` superclass and implement the
+``interesting_advisories`` property and the ``get_inferences`` method.
+
+Writing an improver
+---------------------
+
+Locate the Source File
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+If the improver will be working on data imported by a specific importer, it  will be located in
+the same file at :file:`vulnerabilites/importers/{importer-name.py}`.  Otherwise, if it is a
+generic improver, create a new file :file:`vulnerabilites/improvers/{improver-name.py}`.
+
+Explore Package Managers (Optional)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+If your Improver depends on the discrete versions of a package, the package managers' VersionAPI
+located at :file:`vulnerabilites/package_managers.py` could come in handy.  You will need to
+instantiate the relevant ``VersionAPI`` in the improver's constructor and use it later in the
+implemented methods. See an already implemented improver (NginxBasicImprover) for an example usage.
+
+Implement the ``interesting_advisories`` Property
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This property is intended to return a QuerySet of ``Advisory`` on which the ``Improver`` is
+designed to work.
+
+For example, if the improver is designed to work on Advisories imported by ``ExampleImporter``,
+the property can be implemented as
+
+.. code-block:: python
+
+    class ExampleBasicImprover(Improver):
+
+        @property
+        def interesting_advisories(self) -> QuerySet:
+            return Advisory.objects.filter(created_by=ExampleImporter.qualified_name)
+
+Implement the ``get_inferences`` Method
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The framework calls ``get_inferences`` method for every ``AdvisoryData`` that is obtained from
+the ``Advisory`` QuerySet returned by the ``interesting_advisories`` property.
+
+It is expected to return an iterable of ``Inference`` objects for the given ``AdvisoryData``. To
+avoid storing a lot of Inferences in memory, it is preferable to yield from this method.
+
+A very simple Improver that processes all Advisories to create the minimal relationships that can
+be obtained by existing data can be found at :file:`vulnerabilites/improvers/default.py`, which is
+an example of a generic improver.  For a more sophisticated and targeted example, you can look
+at an already implemented improver (e.g., :file:`vulnerabilites/importers/nginx.py`).
+
+Improvers are not limited to improving discrete versions and may also improve ``aliases``.
+One such example, improving the importer written in the :ref:`importer tutorial
+<tutorial_add_a_new_importer>`, is shown below.
+
+.. code-block:: python
+
+    from datetime import datetime
+    from datetime import timezone
+    from typing import Iterable
+
+    import requests
+    from django.db.models.query import QuerySet
+    from packageurl import PackageURL
+    from univers.version_range import NginxVersionRange
+    from univers.versions import SemverVersion
+
+    from vulnerabilities.importer import AdvisoryData
+    from vulnerabilities.improver import MAX_CONFIDENCE
+    from vulnerabilities.improver import Improver
+    from vulnerabilities.improver import Inference
+    from vulnerabilities.models import Advisory
+    from vulnerabilities.severity_systems import SCORING_SYSTEMS
+
+
+    class ExampleImporter(Importer):
+        ...
+
+
+    class ExampleAliasImprover(Improver):
+        @property
+        def interesting_advisories(self) -> QuerySet:
+            return Advisory.objects.filter(created_by=ExampleImporter.qualified_name)
+
+        def get_inferences(self, advisory_data) -> Iterable[Inference]:
+            for alias in advisory_data.aliases:
+                new_aliases = fetch_additional_aliases(alias)
+                aliases = new_aliases + [alias]
+                yield Inference(aliases=aliases, confidence=MAX_CONFIDENCE)
+
+
+    def fetch_additional_aliases(alias):
+        alias_map = {
+            "CVE-2021-23017": ["PYSEC-1337", "CERTIN-1337"],
+            "CVE-2021-1234": ["ANONSEC-1337", "CERTDES-1337"],
+        }
+        return alias_map.get(alias)
+
+
+.. note::
+
+   | Use ``make valid`` to format your new code using black and isort automatically.
+   | Use ``make check`` to check for formatting errrors.
+
+Register the Improver
+^^^^^^^^^^^^^^^^^^^^^^
+
+Finally, register your improver in the improver registry at
+:file:`vulnerabilites/improvers/__init__.py`.
+
+.. code-block:: python
+   :emphasize-lines: 7
+
+    from vulnerabilities import importers
+    from vulnerabilities.improvers import default
+
+    IMPROVERS_REGISTRY = [
+        default.DefaultImprover,
+        importers.nginx.NginxBasicImprover,
+        importers.example.ExampleAliasImprover,
+    ]
+
+    IMPROVERS_REGISTRY = {x.qualified_name: x for x in IMPROVERS_REGISTRY}
+
+Congratulations! You have written your first improver.
+
+Run Your First Improver
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+If everything went well, you will see your improver in the list of available improvers.
+
+.. code-block:: console
+   :emphasize-lines: 6
+
+    $ ./manage.py improve --list
+
+    Vulnerability data can be processed by these available improvers:
+    vulnerabilities.improvers.default.DefaultImprover
+    vulnerabilities.importers.nginx.NginxBasicImprover
+    vulnerabilities.importers.example.ExampleAliasImprover
+
+Before running the improver, make sure you have imported the data. An improver cannot improve if
+there is nothing imported.
+
+.. code-block:: console
+
+    $ ./manage.py import vulnerabilities.importers.example.ExampleImporter
+
+    Importing data using vulnerabilities.importers.example.ExampleImporter
+    Successfully imported data using vulnerabilities.importers.example.ExampleImporter
+
+Now, run the improver.
+
+.. code-block:: console
+
+   $ ./manage.py improve vulnerabilities.importers.example.ExampleAliasImprover
+
+    Improving data using vulnerabilities.importers.example.ExampleAliasImprover
+    Successfully improved data using vulnerabilities.importers.example.ExampleAliasImprover
+
+See :ref:`command_line_interface` for command line usage instructions.
+
+Enable Debug Logging (Optional)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+For more visibility, turn on debug logs in :file:`vulnerablecode/settings.py`.
+
+.. code-block:: python
+
+    DEBUG = True
+    LOGGING = {
+        'version': 1,
+        'disable_existing_loggers': False,
+        'handlers': {
+            'console': {
+                'class': 'logging.StreamHandler',
+            },
+        },
+        'root': {
+            'handlers': ['console'],
+            'level': 'DEBUG',
+        },
+    }
+
+Invoke the improve command now and you will see (in a fresh database, after importing):
+
+.. code-block:: console
+
+    $ ./manage.py improve vulnerabilities.importers.example.ExampleAliasImprover
+
+    Improving data using vulnerabilities.importers.example.ExampleAliasImprover
+    Running improver: vulnerabilities.importers.example.ExampleAliasImprover
+    Improving advisory id: 1
+    New alias for <Vulnerability: VULCOID-23dd9060-3bc0-4454-bfbd-d16c08a966a6>: PYSEC-1337
+    New alias for <Vulnerability: VULCOID-23dd9060-3bc0-4454-bfbd-d16c08a966a6>: CVE-2021-23017
+    New alias for <Vulnerability: VULCOID-23dd9060-3bc0-4454-bfbd-d16c08a966a6>: CERTIN-1337
+    Improving advisory id: 2
+    New alias for <Vulnerability: VULCOID-fae4e06e-4815-45fe-ae95-8d2356ffb5b9>: CERTDES-1337
+    New alias for <Vulnerability: VULCOID-fae4e06e-4815-45fe-ae95-8d2356ffb5b9>: ANONSEC-1337
+    New alias for <Vulnerability: VULCOID-fae4e06e-4815-45fe-ae95-8d2356ffb5b9>: CVE-2021-1234
+    Finished improving using vulnerabilities.importers.example.ExampleAliasImprover.
+    Successfully improved data using vulnerabilities.importers.example.ExampleAliasImprover
+
+.. note::
+
+   Even though CVE-2021-23017 and CVE-2021-1234 are not supplied by this improver, the output above shows them
+   because we left out running the ``DefaultImprover`` in the example. The ``DefaultImprover``
+   inserts minimal data found via the importers in the database (here, the above two CVEs). Run
+   importer, DefaultImprover and then your improver in this sequence to avoid this anomaly.
diff --git a/docs/source/images/pkg_details.png b/docs/source/images/pkg_details.png
new file mode 100644
index 000000000..f1df78302
Binary files /dev/null and b/docs/source/images/pkg_details.png differ
diff --git a/docs/source/images/pkg_search.png b/docs/source/images/pkg_search.png
new file mode 100644
index 000000000..b152eaeaf
Binary files /dev/null and b/docs/source/images/pkg_search.png differ
diff --git a/docs/source/images/vuln_affected_packages.png b/docs/source/images/vuln_affected_packages.png
new file mode 100644
index 000000000..d326b8af3
Binary files /dev/null and b/docs/source/images/vuln_affected_packages.png differ
diff --git a/docs/source/images/vuln_details.png b/docs/source/images/vuln_details.png
new file mode 100644
index 000000000..9de3459b5
Binary files /dev/null and b/docs/source/images/vuln_details.png differ
diff --git a/docs/source/images/vuln_fixed_packages.png b/docs/source/images/vuln_fixed_packages.png
new file mode 100644
index 000000000..428671790
Binary files /dev/null and b/docs/source/images/vuln_fixed_packages.png differ
diff --git a/docs/source/images/vuln_search.png b/docs/source/images/vuln_search.png
new file mode 100644
index 000000000..11cda2712
Binary files /dev/null and b/docs/source/images/vuln_search.png differ
diff --git a/docs/source/index.rst b/docs/source/index.rst
index 4f32eb472..69fcffe8c 100644
--- a/docs/source/index.rst
+++ b/docs/source/index.rst
@@ -21,19 +21,14 @@ In this documentation you will find information on:
     :caption: Getting Started
 
     introduction
+    user-interface
     installation
+    api
+    api-admin
     contributing
     faq
     misc
 
-.. toctree::
-   :maxdepth: 2
-   :caption: Tutorial
-
-   tutorial_add_new_importer
-   tutorial_add_new_improver
-
-
 .. toctree::
     :maxdepth: 2
     :caption: Reference Documentation
@@ -43,7 +38,6 @@ In this documentation you will find information on:
     reference_framework_overview
     command-line-interface
     importers_link
-    api
 
 .. toctree::
    :maxdepth: 1
diff --git a/docs/source/installation.rst b/docs/source/installation.rst
index 4f098bc3f..638276c5d 100644
--- a/docs/source/installation.rst
+++ b/docs/source/installation.rst
@@ -69,11 +69,13 @@ to run on a different port than 8000.
 .. note::
 
     To access a dockerized VulnerableCode app from a remote location, the ``ALLOWED_HOSTS``
-    setting need to be provided in your ``docker.env`` file::
+    and ``CSRF_TRUSTED_ORIGINS`` setting need to be provided in your ``docker.env`` file::
 
         ALLOWED_HOSTS=.domain.com,127.0.0.1
+        CSRF_TRUSTED_ORIGINS=https://*.domain.com,http://127.0.0.1
 
-    Refer to `Django ALLOWED_HOSTS settings <https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts>`_
+    Refer to Django `ALLOWED_HOSTS settings <https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts>`_
+    and `CSRF_TRUSTED_ORIGINS settings <https://docs.djangoproject.com/en/dev/ref/settings/#std-setting-CSRF_TRUSTED_ORIGINS>`_
     for more details.
 
 .. warning::
diff --git a/docs/source/misc.rst b/docs/source/misc.rst
index 279357345..c2aab16a9 100644
--- a/docs/source/misc.rst
+++ b/docs/source/misc.rst
@@ -46,3 +46,20 @@ VulnerableCode first checks the file at `/etc/vulnerablecode/.env` and if not
 present, it will attempt to load a `.env` file from the checkout directory.
 
 The file at `/etc/vulnerablecode/.env` has precedence.
+
+
+Throttling rate configuration
+-------------------------------
+
+The default throttling settings are defined in ``settings.py``.
+
+To override the default settings, add env variables in ``.env`` file
+define the settings there. For example::
+
+    VULNERABLECODE_ALL_VULNERABLE_PACKAGES_THROTTLING_RATE = '1000/hour'
+    VULNERABLECODE_BULK_SEARCH_PACKAGE_THROTTLING_RATE = '10/minute'
+    VULNERABLECODE_PACKAGES_SEARCH_THROTTLING_RATE = '1000/second'
+    VULNERABLECODE_VULNERABILITIES_SEARCH_THROTTLING_RATE = '1000/hour'
+    VULNERABLECODE_ALIASES_SEARCH_THROTTLING_RATE = '1000/hour'
+    VULNERABLECODE_CPE_SEARCH_THROTTLING_RATE = '10/minute'
+    VULNERABLECODE_BULK_SEARCH_CPE_THROTTLING_RATE = '10/minute'
diff --git a/docs/source/tutorial_add_new_importer.rst b/docs/source/tutorial_add_new_importer.rst
deleted file mode 100644
index 454b60c81..000000000
--- a/docs/source/tutorial_add_new_importer.rst
+++ /dev/null
@@ -1,301 +0,0 @@
-.. _tutorial_add_a_new_importer:
-
-Add a new importer
-====================
-
-This tutorial contains all the things one should know to quickly implement an importer.
-Many internal details about importers can be found inside the
-:file:`vulnerabilites/importer.py` file.
-Make sure to go through :ref:`importer-overview` before you begin writing one.
-
-TL;DR
--------
-
-#. Create a new :file:`vulnerabilities/importers/{importer_name.py}` file.
-#. Create a new importer subclass inheriting from the ``Importer`` superclass defined in
-   ``vulnerabilites.importer``. It is conventional to end an importer name with *Importer*.
-#. Specify the importer license.
-#. Implement the ``advisory_data`` method to process the data source you are
-   writing an importer for.
-#. Add the newly created importer to the importers registry at
-   ``vulnerabilites/importers/__init__.py``
-
-.. _tutorial_add_a_new_importer_prerequisites:
-
-Prerequisites
---------------
-
-Before writing an importer, it is important to familiarize yourself with the following concepts.
-
-PackageURL
-^^^^^^^^^^^^
-
-VulnerableCode extensively uses Package URLs to identify a package. See the
-`PackageURL specification <https://github.com/package-url/purl-spec>`_ and its `Python implementation
-<https://github.com/package-url/packageurl-python>`_ for more details.
-
-**Example usage:**
-
-.. code:: python
-
-    from packageurl import PackageURL
-    purl = PackageURL(name="ffmpeg", type="deb", version="1.2.3")
-
-
-AdvisoryData
-^^^^^^^^^^^^^
-
-``AdvisoryData`` is an intermediate data format:
-it is expected that your importer will convert the raw scraped data into ``AdvisoryData`` objects.
-All the fields in ``AdvisoryData`` dataclass are optional; it is the importer's resposibility to
-ensure that it contains meaningful information about a vulnerability.
-
-AffectedPackage
-^^^^^^^^^^^^^^^^
-
-``AffectedPackage`` data type is used to store a range of affected versions and a fixed version of a
-given package. For all version-related data, `univers <https://github.com/nexB/univers>`_ library
-is used.
-
-Univers
-^^^^^^^^
-
-`univers <https://github.com/nexB/univers>`_ is a Python implementation of the `vers specification <https://github.com/package-url/purl-spec/pull/139>`_.
-It can parse and compare all the package versions and all the ranges,
-from debian, npm, pypi, ruby and more.
-It processes all the version range specs and expressions.
-
-Importer
-^^^^^^^^^
-
-All the generic importers need to implement the ``Importer`` class.
-For ``Git`` or ``Oval`` data source, ``GitImporter`` or ``OvalImporter`` could be implemented.
-
-.. note::
-
-   ``GitImporter`` and ``OvalImporter`` need a complete rewrite.
-   Interested in :ref:`contributing` ?
-
-Writing an importer
----------------------
-
-Create Importer Source File
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-All importers are located in the :file:`vulnerabilites/importers` package.
-Create a new file to put your importer code in.
-Generic importers are implemented by writing a subclass for the ``Importer`` superclass and
-implementing the unimplemented methods.
-
-Specify the Importer License
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Importers scrape data off the internet.  In order to make sure the data is useable, a license
-must be provided.
-Populate the ``spdx_license_expression`` with the appropriate value.
-The SPDX license identifiers can be found at https://spdx.org/licenses/.
-
-.. note::
-   An SPDX license identifier by itself is a valid licence expression. In case you need more complex
-   expressions, see https://spdx.github.io/spdx-spec/v2.3/SPDX-license-expressions/
-
-Implement the ``advisory_data`` Method
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-The ``advisory_data`` method scrapes the advisories from the data source this importer is
-targeted at.
-It is required to return an *Iterable of AdvisoryData objects*, and thus it is a good idea to yield
-from this method after creating each AdvisoryData object.
-
-At this point, an example importer will look like this:
-
-:file:`vulnerabilites/importers/example.py`
-
-.. code-block:: python
-
-    from typing import Iterable
-
-    from packageurl import PackageURL
-
-    from vulnerabilities.importer import AdvisoryData
-    from vulnerabilities.importer import Importer
-
-
-    class ExampleImporter(Importer):
-
-        spdx_license_expression = "BSD-2-Clause"
-
-        def advisory_data(self) -> Iterable[AdvisoryData]:
-            return []
-
-This importer is only a valid skeleton and does not import anything at all.
-
-Let us implement another dummy importer that actually imports some data.
-
-Here we have a ``dummy_package`` which follows ``NginxVersionRange`` and ``SemverVersion`` for
-version management from `univers <https://github.com/nexB/univers>`_.
-
-.. note::
-
-   It is possible that the versioning scheme you are targetting has not yet been
-   implemented in the `univers <https://github.com/nexB/univers>`_ library.
-   If this is the case, you will need to head over there and implement one.
-
-.. code-block:: python
-
-    from datetime import datetime
-    from datetime import timezone
-    from typing import Iterable
-
-    import requests
-    from packageurl import PackageURL
-    from univers.version_range import NginxVersionRange
-    from univers.versions import SemverVersion
-
-    from vulnerabilities.importer import AdvisoryData
-    from vulnerabilities.importer import AffectedPackage
-    from vulnerabilities.importer import Importer
-    from vulnerabilities.importer import Reference
-    from vulnerabilities.importer import VulnerabilitySeverity
-    from vulnerabilities.severity_systems import SCORING_SYSTEMS
-
-
-    class ExampleImporter(Importer):
-
-        spdx_license_expression = "BSD-2-Clause"
-
-        def advisory_data(self) -> Iterable[AdvisoryData]:
-            raw_data = fetch_advisory_data()
-            for data in raw_data:
-                yield parse_advisory_data(data)
-
-
-    def fetch_advisory_data():
-        return [
-            {
-                "id": "CVE-2021-23017",
-                "summary": "1-byte memory overwrite in resolver",
-                "advisory_severity": "medium",
-                "vulnerable": "0.6.18-1.20.0",
-                "fixed": "1.20.1",
-                "reference": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html",
-                "published_on": "14-02-2021 UTC",
-            },
-            {
-                "id": "CVE-2021-1234",
-                "summary": "Dummy advisory",
-                "advisory_severity": "high",
-                "vulnerable": "0.6.18-1.20.0",
-                "fixed": "1.20.1",
-                "reference": "http://example.com/cve-2021-1234",
-                "published_on": "06-10-2021 UTC",
-            },
-        ]
-
-
-    def parse_advisory_data(raw_data) -> AdvisoryData:
-        purl = PackageURL(type="example", name="dummy_package")
-        affected_version_range = NginxVersionRange.from_native(raw_data["vulnerable"])
-        fixed_version = SemverVersion(raw_data["fixed"])
-        affected_package = AffectedPackage(
-            package=purl, affected_version_range=affected_version_range, fixed_version=fixed_version
-        )
-        severity = VulnerabilitySeverity(
-            system=SCORING_SYSTEMS["generic_textual"], value=raw_data["advisory_severity"]
-        )
-        references = [Reference(url=raw_data["reference"], severities=[severity])]
-        date_published = datetime.strptime(raw_data["published_on"], "%d-%m-%Y %Z").replace(
-            tzinfo=timezone.utc
-        )
-
-        return AdvisoryData(
-            aliases=[raw_data["id"]],
-            summary=raw_data["summary"],
-            affected_packages=[affected_package],
-            references=references,
-            date_published=date_published,
-        )
-
-
-.. note::
-
-   | Use ``make valid`` to format your new code using black and isort automatically.
-   | Use ``make check`` to check for formatting errrors.
-
-Register the Importer
-^^^^^^^^^^^^^^^^^^^^^^
-
-Finally, register your importer in the importer registry at
-:file:`vulnerabilites/importers/__init__.py`
-
-.. code-block:: python
-   :emphasize-lines: 1, 4
-
-    from vulnerabilities.importers import example
-    from vulnerabilities.importers import nginx
-
-    IMPORTERS_REGISTRY = [nginx.NginxImporter, example.ExampleImporter]
-
-    IMPORTERS_REGISTRY = {x.qualified_name: x for x in IMPORTERS_REGISTRY}
-
-Congratulations! You have written your first importer.
-
-Run Your First Importer
-^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-If everything went well, you will see your importer in the list of available importers.
-
-.. code-block:: console
-   :emphasize-lines: 5
-
-    $ ./manage.py import --list
-
-    Vulnerability data can be imported from the following importers:
-    vulnerabilities.importers.nginx.NginxImporter
-    vulnerabilities.importers.example.ExampleImporter
-
-Now, run the importer.
-
-.. code-block:: console
-
-    $ ./manage.py import vulnerabilities.importers.example.ExampleImporter
-
-    Importing data using vulnerabilities.importers.example.ExampleImporter
-    Successfully imported data using vulnerabilities.importers.example.ExampleImporter
-
-See :ref:`command_line_interface` for command line usage instructions.
-
-Enable Debug Logging (Optional)
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-For more visibility, turn on debug logs in :file:`vulnerablecode/settings.py`.
-
-.. code-block:: python
-
-    DEBUG = True
-    LOGGING = {
-        'version': 1,
-        'disable_existing_loggers': False,
-        'handlers': {
-            'console': {
-                'class': 'logging.StreamHandler',
-            },
-        },
-        'root': {
-            'handlers': ['console'],
-            'level': 'DEBUG',
-        },
-    }
-
-Invoke the import command now and you will see (in a fresh database):
-
-.. code-block:: console
-
-    $ ./manage.py import vulnerabilities.importers.example.ExampleImporter
-
-    Importing data using vulnerabilities.importers.example.ExampleImporter
-    Starting import for vulnerabilities.importers.example.ExampleImporter
-    [*] New Advisory with aliases: ['CVE-2021-23017'], created_by: vulnerabilities.importers.example.ExampleImporter
-    [*] New Advisory with aliases: ['CVE-2021-1234'], created_by: vulnerabilities.importers.example.ExampleImporter
-    Finished import for vulnerabilities.importers.example.ExampleImporter. Imported 2 advisories.
-    Successfully imported data using vulnerabilities.importers.example.ExampleImporter
diff --git a/docs/source/tutorial_add_new_improver.rst b/docs/source/tutorial_add_new_improver.rst
deleted file mode 100644
index 16fc7beab..000000000
--- a/docs/source/tutorial_add_new_improver.rst
+++ /dev/null
@@ -1,271 +0,0 @@
-.. _tutorial_add_a_new_improver:
-
-Add a new improver
-====================
-
-This tutorial contains all the things one should know to quickly
-implement an improver.
-Many internal details about improvers can be found inside the
-:file:`vulnerabilites/improver.py` file.
-Make sure to go through :ref:`improver-overview` before you begin writing one.
-
-TL;DR
--------
-
-#. Locate the importer that this improver will be improving data of at
-   :file:`vulnerabilities/importers/{importer_name.py}` file.
-#. Create a new improver subclass inheriting from the ``Improver`` superclass defined in
-   ``vulnerabilites.improver``. It is conventional to end an improver name with *Improver*.
-#. Implement the ``interesting_advisories`` property to return a QuerySet of imported data
-   (``Advisory``) you are interested in.
-#. Implement the ``get_inferences`` method to return an iterable of ``Inference`` objects for the
-   given ``AdvisoryData``.
-#. Add the newly created improver to the improvers registry at
-   ``vulnerabilites/improvers/__init__.py``.
-
-Prerequisites
---------------
-
-Before writing an improver, it is important to familiarize yourself with the following concepts.
-
-Importer
-^^^^^^^^^^
-
-Importers are responsible for scraping vulnerability data from various data sources without creating
-a complete relational model between vulnerabilites and their fixes and storing them in a structured
-fashion. These data are stored in the ``Advisory`` model and can be converted to an equivalent
-``AdvisoryData`` for various use cases.
-See :ref:`importer-overview` for a brief overview on importers.
-
-Importer Prerequisites
-^^^^^^^^^^^^^^^^^^^^^^^
-
-Improvers consume data produced by importers, and thus it is important to familiarize yourself with
-:ref:`Importer Prerequisites <tutorial_add_a_new_importer_prerequisites>`.
-
-Inference
-^^^^^^^^^^^
-
-Inferences express the contract between the improvers and the improve runner framework.
-An inference is intended to contain data points about a vulnerability without any uncertainties,
-which means that one inference will target one vulnerability with the specific relevant affected and
-fixed packages (in the form of `PackageURLs <https://github.com/package-url/packageurl-python>`_).
-There is no notion of version ranges here: all package versions must be explicitly specified.
-
-Because this concrete relationship is rarely available anywhere upstream, we have to *infer*
-these values, thus the name.
-As inferring something is not always perfect, an Inference also comes with a confidence score.
-
-Improver
-^^^^^^^^^
-
-All the Improvers must inherit from ``Improver`` superclass and implement the
-``interesting_advisories`` property and the ``get_inferences`` method.
-
-Writing an improver
----------------------
-
-Locate the Source File
-^^^^^^^^^^^^^^^^^^^^^^^^
-
-If the improver will be working on data imported by a specific importer, it  will be located in
-the same file at :file:`vulnerabilites/importers/{importer-name.py}`.  Otherwise, if it is a
-generic improver, create a new file :file:`vulnerabilites/improvers/{improver-name.py}`.
-
-Explore Package Managers (Optional)
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-If your Improver depends on the discrete versions of a package, the package managers' VersionAPI
-located at :file:`vulnerabilites/package_managers.py` could come in handy.  You will need to
-instantiate the relevant ``VersionAPI`` in the improver's constructor and use it later in the
-implemented methods. See an already implemented improver (NginxBasicImprover) for an example usage.
-
-Implement the ``interesting_advisories`` Property
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-This property is intended to return a QuerySet of ``Advisory`` on which the ``Improver`` is
-designed to work.
-
-For example, if the improver is designed to work on Advisories imported by ``ExampleImporter``,
-the property can be implemented as
-
-.. code-block:: python
-
-    class ExampleBasicImprover(Improver):
-
-        @property
-        def interesting_advisories(self) -> QuerySet:
-            return Advisory.objects.filter(created_by=ExampleImporter.qualified_name)
-
-Implement the ``get_inferences`` Method
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-The framework calls ``get_inferences`` method for every ``AdvisoryData`` that is obtained from
-the ``Advisory`` QuerySet returned by the ``interesting_advisories`` property.
-
-It is expected to return an iterable of ``Inference`` objects for the given ``AdvisoryData``. To
-avoid storing a lot of Inferences in memory, it is preferable to yield from this method.
-
-A very simple Improver that processes all Advisories to create the minimal relationships that can
-be obtained by existing data can be found at :file:`vulnerabilites/improvers/default.py`, which is
-an example of a generic improver.  For a more sophisticated and targeted example, you can look
-at an already implemented improver (e.g., :file:`vulnerabilites/importers/nginx.py`).
-
-Improvers are not limited to improving discrete versions and may also improve ``aliases``.
-One such example, improving the importer written in the :ref:`importer tutorial
-<tutorial_add_a_new_importer>`, is shown below.
-
-.. code-block:: python
-
-    from datetime import datetime
-    from datetime import timezone
-    from typing import Iterable
-
-    import requests
-    from django.db.models.query import QuerySet
-    from packageurl import PackageURL
-    from univers.version_range import NginxVersionRange
-    from univers.versions import SemverVersion
-
-    from vulnerabilities.importer import AdvisoryData
-    from vulnerabilities.improver import MAX_CONFIDENCE
-    from vulnerabilities.improver import Improver
-    from vulnerabilities.improver import Inference
-    from vulnerabilities.models import Advisory
-    from vulnerabilities.severity_systems import SCORING_SYSTEMS
-
-
-    class ExampleImporter(Importer):
-        ...
-
-
-    class ExampleAliasImprover(Improver):
-        @property
-        def interesting_advisories(self) -> QuerySet:
-            return Advisory.objects.filter(created_by=ExampleImporter.qualified_name)
-
-        def get_inferences(self, advisory_data) -> Iterable[Inference]:
-            for alias in advisory_data.aliases:
-                new_aliases = fetch_additional_aliases(alias)
-                aliases = new_aliases + [alias]
-                yield Inference(aliases=aliases, confidence=MAX_CONFIDENCE)
-
-
-    def fetch_additional_aliases(alias):
-        alias_map = {
-            "CVE-2021-23017": ["PYSEC-1337", "CERTIN-1337"],
-            "CVE-2021-1234": ["ANONSEC-1337", "CERTDES-1337"],
-        }
-        return alias_map.get(alias)
-
-
-.. note::
-
-   | Use ``make valid`` to format your new code using black and isort automatically.
-   | Use ``make check`` to check for formatting errrors.
-
-Register the Improver
-^^^^^^^^^^^^^^^^^^^^^^
-
-Finally, register your improver in the improver registry at
-:file:`vulnerabilites/improvers/__init__.py`.
-
-.. code-block:: python
-   :emphasize-lines: 7
-
-    from vulnerabilities import importers
-    from vulnerabilities.improvers import default
-
-    IMPROVERS_REGISTRY = [
-        default.DefaultImprover,
-        importers.nginx.NginxBasicImprover,
-        importers.example.ExampleAliasImprover,
-    ]
-
-    IMPROVERS_REGISTRY = {x.qualified_name: x for x in IMPROVERS_REGISTRY}
-
-Congratulations! You have written your first improver.
-
-Run Your First Improver
-^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-If everything went well, you will see your improver in the list of available improvers.
-
-.. code-block:: console
-   :emphasize-lines: 6
-
-    $ ./manage.py improve --list
-
-    Vulnerability data can be processed by these available improvers:
-    vulnerabilities.improvers.default.DefaultImprover
-    vulnerabilities.importers.nginx.NginxBasicImprover
-    vulnerabilities.importers.example.ExampleAliasImprover
-
-Before running the improver, make sure you have imported the data. An improver cannot improve if
-there is nothing imported.
-
-.. code-block:: console
-
-    $ ./manage.py import vulnerabilities.importers.example.ExampleImporter
-
-    Importing data using vulnerabilities.importers.example.ExampleImporter
-    Successfully imported data using vulnerabilities.importers.example.ExampleImporter
-
-Now, run the improver.
-
-.. code-block:: console
-
-   $ ./manage.py improve vulnerabilities.importers.example.ExampleAliasImprover
-
-    Improving data using vulnerabilities.importers.example.ExampleAliasImprover
-    Successfully improved data using vulnerabilities.importers.example.ExampleAliasImprover
-
-See :ref:`command_line_interface` for command line usage instructions.
-
-Enable Debug Logging (Optional)
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-For more visibility, turn on debug logs in :file:`vulnerablecode/settings.py`.
-
-.. code-block:: python
-
-    DEBUG = True
-    LOGGING = {
-        'version': 1,
-        'disable_existing_loggers': False,
-        'handlers': {
-            'console': {
-                'class': 'logging.StreamHandler',
-            },
-        },
-        'root': {
-            'handlers': ['console'],
-            'level': 'DEBUG',
-        },
-    }
-
-Invoke the improve command now and you will see (in a fresh database, after importing):
-
-.. code-block:: console
-
-    $ ./manage.py improve vulnerabilities.importers.example.ExampleAliasImprover
-
-    Improving data using vulnerabilities.importers.example.ExampleAliasImprover
-    Running improver: vulnerabilities.importers.example.ExampleAliasImprover
-    Improving advisory id: 1
-    New alias for <Vulnerability: VULCOID-23dd9060-3bc0-4454-bfbd-d16c08a966a6>: PYSEC-1337
-    New alias for <Vulnerability: VULCOID-23dd9060-3bc0-4454-bfbd-d16c08a966a6>: CVE-2021-23017
-    New alias for <Vulnerability: VULCOID-23dd9060-3bc0-4454-bfbd-d16c08a966a6>: CERTIN-1337
-    Improving advisory id: 2
-    New alias for <Vulnerability: VULCOID-fae4e06e-4815-45fe-ae95-8d2356ffb5b9>: CERTDES-1337
-    New alias for <Vulnerability: VULCOID-fae4e06e-4815-45fe-ae95-8d2356ffb5b9>: ANONSEC-1337
-    New alias for <Vulnerability: VULCOID-fae4e06e-4815-45fe-ae95-8d2356ffb5b9>: CVE-2021-1234
-    Finished improving using vulnerabilities.importers.example.ExampleAliasImprover.
-    Successfully improved data using vulnerabilities.importers.example.ExampleAliasImprover
-
-.. note::
-
-   Even though CVE-2021-23017 and CVE-2021-1234 are not supplied by this improver, the output above shows them
-   because we left out running the ``DefaultImprover`` in the example. The ``DefaultImprover``
-   inserts minimal data found via the importers in the database (here, the above two CVEs). Run
-   importer, DefaultImprover and then your improver in this sequence to avoid this anomaly.
diff --git a/docs/source/user-interface.rst b/docs/source/user-interface.rst
new file mode 100644
index 000000000..251896c8a
--- /dev/null
+++ b/docs/source/user-interface.rst
@@ -0,0 +1,73 @@
+.. _user-interface:
+
+User Interface
+================
+
+.. _pkg-search:
+
+Search by packages
+------------------
+
+The search by packages is a very powerful feature of
+VulnerableCode. It allows you to search for packages by the
+package URL or purl prefix fragment such as
+``pkg:pypi`` or by package name.
+
+The search by packages is available at the following URL:
+
+    `https://public.vulnerablecode.io/packages/search <https://public.vulnerablecode.io/packages/search>`_
+
+How to search by packages:
+
+    1. Go to the URL: `https://public.vulnerablecode.io/packages/search <https://public.vulnerablecode.io/packages/search>`_
+    2. Enter the package URL or purl prefix fragment such as ``pkg:pypi``
+       or by package name in the search box.
+    3. Click on the search button.
+
+The search results will be displayed in the table below the search box.
+
+        .. image:: images/pkg_search.png
+
+Click on the package URL to view the package details.
+
+        .. image:: images/pkg_details.png
+
+
+.. _vuln-search:
+
+Search by vulnerabilities
+---------------------------
+
+The search by vulnerabilities is a very powerful feature of
+VulnerableCode. It allows you to search for vulnerabilities by the
+VCID itself. It also allows you to search for
+vulnerabilities by the CVE, GHSA, CPEs etc or by the
+fragment of these identifiers like ``CVE-2021``.
+
+The search by vulnerabilities is available at the following URL:
+
+    `https://public.vulnerablecode.io/vulnerabilities/search <https://public.vulnerablecode.io/vulnerabilities/search>`_
+
+How to search by vulnerabilities:
+
+    1. Go to the URL: `https://public.vulnerablecode.io/vulnerabilities/search <https://public.vulnerablecode.io/vulnerabilities/search>`_
+    2. Enter the VCID, CVE, GHSA, CPEs etc. in the search box.
+    3. Click on the search button.
+
+The search results will be displayed in the table below the search box.
+
+    .. image:: images/vuln_search.png
+
+Click on the VCID to view the vulnerability details.
+
+    .. image:: images/vuln_details.png
+
+Affected packages tab shows the list of packages affected by the
+vulnerability.
+
+    .. image:: images/vuln_affected_packages.png
+
+Fixed by packages tab shows the list of packages that fix the
+vulnerability.
+
+    .. image:: images/vuln_fixed_packages.png
diff --git a/requirements.txt b/requirements.txt
index 93587da8d..2baddad7f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,6 @@
 aiosignal==1.2.0
 alabaster==0.7.12
-asgiref==3.5.0
+asgiref==3.5.2
 asttokens==2.0.5
 async-timeout==4.0.2
 attrs==21.4.0
@@ -11,16 +11,16 @@ beautifulsoup4==4.10.0
 binaryornot==0.4.4
 black==22.3.0
 boolean.py==3.8
-certifi==2022.12.7
+certifi==2023.7.22
 cffi==1.15.0
 chardet==4.0.0
 charset-normalizer==2.0.12
 click==8.1.2
-cryptography==36.0.2
+cryptography==41.0.6
 decorator==5.1.1
 defusedxml==0.7.1
 distro==1.7.0
-Django==4.0.7
+Django==4.1.13
 django-crispy-forms==1.10.0
 django-environ==0.8.1
 django-filter==21.1
@@ -28,7 +28,6 @@ django-widget-tweaks==1.4.12
 djangorestframework==3.13.1
 doc8==0.11.1
 docker==5.0.3
-docker-compose==1.29.2
 dockerpty==0.4.1
 docopt==0.6.2
 docutils==0.17.1
@@ -36,13 +35,13 @@ executing==0.8.3
 freezegun==1.2.1
 frozenlist==1.3.0
 gitdb==4.0.9
-GitPython==3.1.30
+GitPython==3.1.37
 gunicorn==20.1.0
 idna==3.3
 imagesize==1.3.0
 importlib-metadata==4.11.3
 iniconfig==1.1.1
-ipython==8.0.1
+ipython==8.10.0
 isort==5.10.1
 jedi==0.18.1
 Jinja2==3.1.1
@@ -65,14 +64,14 @@ pickleshare==0.7.5
 platformdirs==2.5.1
 pluggy==1.0.0
 pprintpp==0.4.0
-prompt-toolkit==3.0.29
+prompt-toolkit==3.0.30
 psycopg2-binary==2.9.3
 ptyprocess==0.7.0
 pure-eval==0.2.2
 py==1.11.0
 pycodestyle==2.8.0
 pycparser==2.21
-Pygments==2.11.2
+Pygments==2.15.0
 PyNaCl==1.5.0
 pyparsing==3.0.7
 pyrsistent==0.18.1
@@ -81,10 +80,10 @@ pytest-django==4.5.2
 python-dateutil==2.8.2
 python-dotenv==0.20.0
 pytz==2022.1
-PyYAML==5.4.1
-requests==2.27.1
+PyYAML==6.0.1
+requests==2.31.0
 restructuredtext-lint==1.4.0
-saneyaml==0.5.2
+saneyaml==0.6.0
 semantic-version==2.9.0
 six==1.16.0
 smmap==5.0.0
@@ -99,7 +98,7 @@ sphinxcontrib-htmlhelp==2.0.0
 sphinxcontrib-jsmath==1.0.1
 sphinxcontrib-qthelp==1.0.3
 sphinxcontrib-serializinghtml==1.1.5
-sqlparse==0.4.2
+sqlparse==0.4.4
 stack-data==0.2.0
 stevedore==3.5.0
 texttable==1.6.4
@@ -107,8 +106,8 @@ toml==0.10.2
 tomli==2.0.1
 traitlets==5.1.1
 typing_extensions==4.1.1
-univers==30.9.1
-urllib3==1.26.9
+univers==30.10.0
+urllib3==1.26.18
 wcwidth==0.2.5
 websocket-client==0.59.0
 yarl==1.7.2
diff --git a/setup.cfg b/setup.cfg
index 651d6d6fa..f1019f1dc 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,6 +1,6 @@
 [metadata]
 name = vulnerablecode
-version = 32.0.0rc3
+version = 33.6.3
 license = Apache-2.0 AND CC-BY-SA-4.0
 
 # description must be on ONE line https://github.com/pypa/setuptools/issues/1390
@@ -70,12 +70,12 @@ install_requires =
 
     #essentials
     packageurl-python>=0.10.5rc1
-    univers>=30.9.1
+    univers>=30.10.0
     license-expression>=21.6.14
 
     # file and data formats
     binaryornot>=0.4.4
-    saneyaml>=0.5.2
+    saneyaml>=0.6.0
     beautifulsoup4>=4.9.3
     python-dateutil>=2.8.1
     toml>=0.10.2
@@ -91,6 +91,11 @@ install_requires =
     requests>=2.25.1
     fetchcode>=0.2.0
 
+    #vulntotal
+    python-dotenv
+    texttable
+
+
 [options.extras_require]
 dev =
     # Validation
@@ -107,8 +112,7 @@ dev =
     pytest-django>=4.5.2
     freezegun>=1.1.0
 	# misc
-    docker-compose
-    ipython==8.0.1
+    ipython==8.10.0
     # used for testing
     commoncode
     # debug
diff --git a/vulnerabilities/api.py b/vulnerabilities/api.py
index af8e5d889..86f800e71 100644
--- a/vulnerabilities/api.py
+++ b/vulnerabilities/api.py
@@ -16,6 +16,8 @@
 from rest_framework import viewsets
 from rest_framework.decorators import action
 from rest_framework.response import Response
+from rest_framework.throttling import AnonRateThrottle
+from rest_framework.throttling import UserRateThrottle
 
 from vulnerabilities.models import Alias
 from vulnerabilities.models import Package
@@ -46,11 +48,30 @@ class MinimalPackageSerializer(serializers.HyperlinkedModelSerializer):
     Used for nesting inside vulnerability focused APIs.
     """
 
+    def get_affected_vulnerabilities(self, package):
+        parent_affected_vulnerabilities = package.fixed_package_details.get("vulnerabilities") or []
+
+        affected_vulnerabilities = [
+            self.get_vulnerability(vuln) for vuln in parent_affected_vulnerabilities
+        ]
+
+        return affected_vulnerabilities
+
+    def get_vulnerability(self, vuln):
+        affected_vulnerability = {}
+
+        vulnerability = vuln.get("vulnerability")
+        if vulnerability:
+            affected_vulnerability["vulnerability"] = vulnerability.vulnerability_id
+            return affected_vulnerability
+
+    affected_by_vulnerabilities = serializers.SerializerMethodField("get_affected_vulnerabilities")
+
     purl = serializers.CharField(source="package_url")
 
     class Meta:
         model = Package
-        fields = ["url", "purl", "is_vulnerable"]
+        fields = ["url", "purl", "is_vulnerable", "affected_by_vulnerabilities"]
 
 
 class MinimalVulnerabilitySerializer(serializers.HyperlinkedModelSerializer):
@@ -97,7 +118,6 @@ class Meta:
 
 
 class VulnerabilitySerializer(serializers.HyperlinkedModelSerializer):
-
     fixed_packages = MinimalPackageSerializer(
         many=True, source="filtered_fixed_packages", read_only=True
     )
@@ -124,10 +144,19 @@ class PackageSerializer(serializers.HyperlinkedModelSerializer):
     Lookup software package using Package URLs
     """
 
-    def to_representation(self, instance):
-        data = super().to_representation(instance)
-        data["unresolved_vulnerabilities"] = data["affected_by_vulnerabilities"]
-        return data
+    next_non_vulnerable_version = serializers.SerializerMethodField("get_next_non_vulnerable")
+
+    def get_next_non_vulnerable(self, package):
+        next_non_vulnerable = package.fixed_package_details.get("next_non_vulnerable", None)
+        if next_non_vulnerable:
+            return next_non_vulnerable.version
+
+    latest_non_vulnerable_version = serializers.SerializerMethodField("get_latest_non_vulnerable")
+
+    def get_latest_non_vulnerable(self, package):
+        latest_non_vulnerable = package.fixed_package_details.get("latest_non_vulnerable", None)
+        if latest_non_vulnerable:
+            return latest_non_vulnerable.version
 
     purl = serializers.CharField(source="package_url")
 
@@ -137,7 +166,7 @@ def to_representation(self, instance):
 
     def get_fixed_packages(self, package):
         """
-        Return a queryset of all packages that fixes a vulnerability with
+        Return a queryset of all packages that fix a vulnerability with
         same type, namespace, name, subpath and qualifiers of the `package`
         """
         return Package.objects.filter(
@@ -152,7 +181,7 @@ def get_fixed_packages(self, package):
     def get_vulnerabilities_for_a_package(self, package, fix) -> dict:
         """
         Return a mapping of vulnerabilities data related to the given `package`.
-        Return vulnerabilities that affects the `package` if given `fix` flag is False,
+        Return vulnerabilities that affect the `package` if given `fix` flag is False,
         otherwise return vulnerabilities fixed by the `package`.
         """
         fixed_packages = self.get_fixed_packages(package=package)
@@ -178,9 +207,23 @@ def get_fixed_vulnerabilities(self, package) -> dict:
 
     def get_affected_vulnerabilities(self, package) -> dict:
         """
-        Return a mapping of vulnerabilities that affects the given `package`.
+        Return a mapping of vulnerabilities that affect the given `package` (including packages that
+        fix each vulnerability and whose version is greater than the `package` version).
         """
-        return self.get_vulnerabilities_for_a_package(package=package, fix=False)
+        excluded_purls = []
+        package_vulnerabilities = self.get_vulnerabilities_for_a_package(package=package, fix=False)
+
+        for vuln in package_vulnerabilities:
+            for pkg in vuln["fixed_packages"]:
+                real_purl = PackageURL.from_string(pkg["purl"])
+                if package.version_class(real_purl.version) <= package.current_version:
+                    excluded_purls.append(pkg)
+
+            vuln["fixed_packages"] = [
+                pkg for pkg in vuln["fixed_packages"] if pkg not in excluded_purls
+            ]
+
+        return package_vulnerabilities
 
     class Meta:
         model = Package
@@ -193,6 +236,8 @@ class Meta:
             "version",
             "qualifiers",
             "subpath",
+            "next_non_vulnerable_version",
+            "latest_non_vulnerable_version",
             "affected_by_vulnerabilities",
             "fixing_vulnerabilities",
         ]
@@ -236,11 +281,10 @@ class PackageViewSet(viewsets.ReadOnlyModelViewSet):
     serializer_class = PackageSerializer
     filter_backends = (filters.DjangoFilterBackend,)
     filterset_class = PackageFilterSet
-    throttle_classes = [StaffUserRateThrottle]
-    throttle_scope = "packages"
+    throttle_classes = [StaffUserRateThrottle, AnonRateThrottle]
 
     # TODO: Fix the swagger documentation for this endpoint
-    @action(detail=False, methods=["post"], throttle_scope="bulk_search_packages")
+    @action(detail=False, methods=["post"])
     def bulk_search(self, request):
         """
         Lookup for vulnerable packages using many Package URLs at once.
@@ -294,7 +338,7 @@ def bulk_search(self, request):
         vulnerable_purls = [str(package.package_url) for package in vulnerable_purls]
         return Response(data=vulnerable_purls)
 
-    @action(detail=False, methods=["get"], throttle_scope="vulnerable_packages")
+    @action(detail=False, methods=["get"])
     def all(self, request):
         """
         Return the Package URLs of all packages known to be vulnerable.
@@ -346,8 +390,7 @@ def get_queryset(self):
     serializer_class = VulnerabilitySerializer
     filter_backends = (filters.DjangoFilterBackend,)
     filterset_class = VulnerabilityFilterSet
-    throttle_classes = [StaffUserRateThrottle]
-    throttle_scope = "vulnerabilities"
+    throttle_classes = [StaffUserRateThrottle, AnonRateThrottle]
 
 
 class CPEFilterSet(filters.FilterSet):
@@ -368,11 +411,10 @@ class CPEViewSet(viewsets.ReadOnlyModelViewSet):
     ).distinct()
     serializer_class = VulnerabilitySerializer
     filter_backends = (filters.DjangoFilterBackend,)
-    throttle_classes = [StaffUserRateThrottle]
+    throttle_classes = [StaffUserRateThrottle, AnonRateThrottle]
     filterset_class = CPEFilterSet
-    throttle_scope = "cpes"
 
-    @action(detail=False, methods=["post"], throttle_scope="bulk_search_cpes")
+    @action(detail=False, methods=["post"])
     def bulk_search(self, request):
         """
         Lookup for vulnerabilities using many CPEs at once.
@@ -414,5 +456,4 @@ class AliasViewSet(viewsets.ReadOnlyModelViewSet):
     serializer_class = VulnerabilitySerializer
     filter_backends = (filters.DjangoFilterBackend,)
     filterset_class = AliasFilterSet
-    throttle_classes = [StaffUserRateThrottle]
-    throttle_scope = "aliases"
+    throttle_classes = [StaffUserRateThrottle, AnonRateThrottle]
diff --git a/vulnerabilities/import_runner.py b/vulnerabilities/import_runner.py
index cb6dcfc97..047710c2f 100644
--- a/vulnerabilities/import_runner.py
+++ b/vulnerabilities/import_runner.py
@@ -9,12 +9,26 @@
 
 import datetime
 import logging
+from traceback import format_exc as traceback_format_exc
 from typing import Iterable
 from typing import List
 
+from django.core.exceptions import ValidationError
+from django.db import transaction
+
 from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importer import Importer
+from vulnerabilities.improver import Inference
+from vulnerabilities.improvers.default import DefaultImporter
 from vulnerabilities.models import Advisory
+from vulnerabilities.models import Alias
+from vulnerabilities.models import Package
+from vulnerabilities.models import PackageRelatedVulnerability
+from vulnerabilities.models import Vulnerability
+from vulnerabilities.models import VulnerabilityReference
+from vulnerabilities.models import VulnerabilityRelatedReference
+from vulnerabilities.models import VulnerabilitySeverity
+from vulnerabilities.models import Weakness
 
 logger = logging.getLogger(__name__)
 
@@ -41,38 +55,287 @@ def run(self) -> None:
         importer_class = self.importer_class
         logger.info(f"Starting import for {importer_name}")
         advisory_datas = importer_class().advisory_data()
-        count = process_advisories(advisory_datas=advisory_datas, importer_name=importer_name)
+        count = self.process_advisories(advisory_datas=advisory_datas, importer_name=importer_name)
         logger.info(f"Finished import for {importer_name}. Imported {count} advisories.")
 
+    def do_import(self, advisories) -> None:
+        advisory_importer = DefaultImporter(advisories=advisories)
+        logger.info(f"Running importer: {advisory_importer.qualified_name}")
+        importer_name = advisory_importer.qualified_name
+        advisories = []
+        for advisory in advisory_importer.interesting_advisories:
+            if advisory.date_imported:
+                continue
+            logger.info(f"Processing advisory: {advisory!r}")
+            try:
+                inferences = advisory_importer.get_inferences(
+                    advisory_data=advisory.to_advisory_data()
+                )
+                process_inferences(
+                    inferences=inferences,
+                    advisory=advisory,
+                    improver_name=importer_name,
+                )
+            except Exception as e:
+                logger.info(f"Failed to process advisory: {advisory!r} with error {e!r}")
+        logger.info("Finished importing using %s.", advisory_importer.__class__.qualified_name)
+
+    def process_advisories(
+        self, advisory_datas: Iterable[AdvisoryData], importer_name: str
+    ) -> List:
+        """
+        Insert advisories into the database
+        Return the number of inserted advisories.
+        """
+        count = 0
+        advisories = []
+        for data in advisory_datas:
+            try:
+                obj, created = Advisory.objects.get_or_create(
+                    aliases=data.aliases,
+                    summary=data.summary,
+                    affected_packages=[pkg.to_dict() for pkg in data.affected_packages],
+                    references=[ref.to_dict() for ref in data.references],
+                    date_published=data.date_published,
+                    weaknesses=data.weaknesses,
+                    defaults={
+                        "created_by": importer_name,
+                        "date_collected": datetime.datetime.now(tz=datetime.timezone.utc),
+                    },
+                )
+                if not obj.date_imported:
+                    advisories.append(obj)
+            except Exception as e:
+                logger.error(
+                    f"Error while processing {data!r} with aliases {data.aliases!r}: {e!r} \n {traceback_format_exc()}"
+                )
+                continue
+            if created:
+                logger.info(
+                    f"[*] New Advisory with aliases: {obj.aliases!r}, created_by: {obj.created_by}"
+                )
+                count += 1
+            else:
+                logger.debug(f"Advisory with aliases: {obj.aliases!r} already exists.")
+        try:
+            self.do_import(advisories)
+        except Exception as e:
+            logger.error(
+                f"Error while processing advisories from {importer_name!r}: {e!r} \n {traceback_format_exc()}"
+            )
+        return count
+
 
-def process_advisories(advisory_datas: Iterable[AdvisoryData], importer_name: str) -> List:
+@transaction.atomic
+def process_inferences(inferences: List[Inference], advisory: Advisory, improver_name: str):
     """
-    Insert advisories into the database
-    Return the number of inserted advisories.
+    Return number of inferences processed.
+    An atomic transaction that updates both the Advisory (e.g. date_imported)
+    and processes the given inferences to create or update corresponding
+    database fields.
+
+    This avoids failing the entire improver when only a single inference is
+    erroneous. Also, the atomic transaction for every advisory and its
+    inferences makes sure that date_imported of advisory is consistent.
     """
-    count = 0
-    for data in advisory_datas:
-        # https://nvd.nist.gov/vuln/detail/CVE-2013-4314
-        # https://github.com/cms-dev/cms/issues/888#issuecomment-516977572
-        data.summary = data.summary.replace("\x00", "\uFFFD")
-        obj, created = Advisory.objects.get_or_create(
-            aliases=data.aliases,
-            summary=data.summary,
-            affected_packages=[pkg.to_dict() for pkg in data.affected_packages],
-            references=[ref.to_dict() for ref in data.references],
-            date_published=data.date_published,
-            weaknesses=data.weaknesses,
-            defaults={
-                "created_by": importer_name,
-                "date_collected": datetime.datetime.now(tz=datetime.timezone.utc),
-            },
+    inferences_processed_count = 0
+
+    if not inferences:
+        logger.warning(f"Nothing to improve. Source: {improver_name} Advisory id: {advisory.id}")
+        return inferences_processed_count
+
+    logger.info(f"Improving advisory id: {advisory.id}")
+
+    for inference in inferences:
+        vulnerability = get_or_create_vulnerability_and_aliases(
+            vulnerability_id=inference.vulnerability_id,
+            alias_names=inference.aliases,
+            summary=inference.summary,
         )
-        if created:
-            logger.info(
-                f"[*] New Advisory with aliases: {obj.aliases!r}, created_by: {obj.created_by}"
+
+        if not vulnerability:
+            logger.warning(f"Unable to get vulnerability for inference: {inference!r}")
+            continue
+
+        for ref in inference.references:
+
+            reference = VulnerabilityReference.objects.get_or_none(
+                reference_id=ref.reference_id,
+                url=ref.url,
+            )
+
+            if not reference:
+                reference = create_valid_vulnerability_reference(
+                    reference_id=ref.reference_id,
+                    url=ref.url,
+                )
+                if not reference:
+                    continue
+
+            VulnerabilityRelatedReference.objects.update_or_create(
+                reference=reference,
+                vulnerability=vulnerability,
             )
-            count += 1
+
+            for severity in ref.severities:
+                _vs, updated = VulnerabilitySeverity.objects.update_or_create(
+                    scoring_system=severity.system.identifier,
+                    reference=reference,
+                    defaults={
+                        "value": str(severity.value),
+                        "scoring_elements": str(severity.scoring_elements),
+                    },
+                )
+                if updated:
+                    logger.info(
+                        f"Severity updated for reference {ref!r} to value: {severity.value!r} "
+                        f"and scoring_elements: {severity.scoring_elements!r}"
+                    )
+
+        for affected_purl in inference.affected_purls or []:
+            vulnerable_package = Package.objects.get_or_create_from_purl(purl=affected_purl)
+            PackageRelatedVulnerability(
+                vulnerability=vulnerability,
+                package=vulnerable_package,
+                created_by=improver_name,
+                confidence=inference.confidence,
+                fix=False,
+            ).update_or_create()
+
+        if inference.fixed_purl:
+            fixed_package = Package.objects.get_or_create_from_purl(purl=inference.fixed_purl)
+            PackageRelatedVulnerability(
+                vulnerability=vulnerability,
+                package=fixed_package,
+                created_by=improver_name,
+                confidence=inference.confidence,
+                fix=True,
+            ).update_or_create()
+
+        if inference.weaknesses and vulnerability:
+            for cwe_id in inference.weaknesses:
+                cwe_obj, created = Weakness.objects.get_or_create(cwe_id=cwe_id)
+                cwe_obj.vulnerabilities.add(vulnerability)
+                cwe_obj.save()
+        inferences_processed_count += 1
+
+    advisory.date_imported = datetime.datetime.now(tz=datetime.timezone.utc)
+    advisory.save()
+    return inferences_processed_count
+
+
+def create_valid_vulnerability_reference(url, reference_id=None):
+    """
+    Create and return a new validated VulnerabilityReference from a
+    ``url`` and ``reference_id``.
+    Return None and log a warning if this is not a valid reference.
+    """
+    reference = VulnerabilityReference(
+        reference_id=reference_id,
+        url=url,
+    )
+
+    try:
+        reference.full_clean()
+    except ValidationError as e:
+        logger.warning(f"Invalid vulnerability reference: {reference!r}: {e}")
+        return
+
+    reference.save()
+    return reference
+
+
+def get_or_create_vulnerability_and_aliases(
+    aliases: List[str], vulnerability_id=None, summary=None
+):
+    """
+    Get or create vulnerabilitiy and aliases such that all existing and new
+    aliases point to the same vulnerability
+    """
+    aliases = set(alias.strip() for alias in aliases if alias and alias.strip())
+    new_alias_names, existing_vulns = get_vulns_for_aliases_and_get_new_aliases(aliases)
+
+    # All aliases must point to the same vulnerability
+    vulnerability = None
+    if existing_vulns:
+        if len(existing_vulns) != 1:
+            vcids = ", ".join(v.vulnerability_id for v in existing_vulns)
+            logger.error(
+                f"Cannot create vulnerability. "
+                f"Aliases {aliases} already exist and point "
+                f"to multiple vulnerabilities {vcids}."
+            )
+            return
         else:
-            logger.debug(f"Advisory with aliases: {obj.aliases!r} already exists. Skipped.")
+            vulnerability = existing_vulns.pop()
+
+            if vulnerability_id and vulnerability.vulnerability_id != vulnerability_id:
+                logger.error(
+                    f"Cannot create vulnerability. "
+                    f"Aliases {aliases} already exist and point to a different "
+                    f"vulnerability {vulnerability} than the requested "
+                    f"vulnerability {vulnerability_id}."
+                )
+                return
+
+    if vulnerability_id and not vulnerability:
+        try:
+            vulnerability = Vulnerability.objects.get(vulnerability_id=vulnerability_id)
+        except Vulnerability.DoesNotExist:
+            logger.error(f"Cannot get requested vulnerability {vulnerability_id}.")
+            return
+    if vulnerability:
+        # TODO: We should keep multiple summaries, one for each advisory
+        # if summary and summary != vulnerability.summary:
+        #     logger.warning(
+        #         f"Inconsistent summary for {vulnerability.vulnerability_id}. "
+        #         f"Existing: {vulnerability.summary!r}, provided: {summary!r}"
+        #     )
+        associate_vulnerability_with_aliases(vulnerability=vulnerability, aliases=new_alias_names)
+    else:
+        try:
+            vulnerability = create_vulnerability_and_add_aliases(
+                aliases=new_alias_names, summary=summary
+            )
+        except Exception as e:
+            logger.error(
+                f"Cannot create vulnerability with summary {summary!r} and {new_alias_names!r} {e!r}.\n{traceback_format_exc()}."
+            )
+            return
+
+    return vulnerability
+
+
+def get_vulns_for_aliases_and_get_new_aliases(aliases):
+    """
+    Return ``new_aliases`` that are not in the database and
+    ``existing_vulns`` that point to the given ``aliases``.
+    """
+    new_aliases = set(aliases)
+    existing_vulns = set()
+    for alias in Alias.objects.filter(alias__in=aliases):
+        existing_vulns.add(alias.vulnerability)
+        new_aliases.remove(alias.alias)
+    return new_aliases, existing_vulns
+
+
+@transaction.atomic
+def create_vulnerability_and_add_aliases(aliases, summary):
+    """
+    Return a new ``vulnerability`` created with ``summary``
+    and associate the ``vulnerability`` with ``aliases``.
+    Raise exception if no alias is associated with the ``vulnerability``.
+    """
+    vulnerability = Vulnerability(summary=summary)
+    vulnerability.save()
+    associate_vulnerability_with_aliases(aliases, vulnerability)
+    if not vulnerability.aliases.count():
+        raise Exception(f"Vulnerability {vulnerability.vcid} must have one or more aliases")
+    return vulnerability
+
 
-    return count
+def associate_vulnerability_with_aliases(aliases, vulnerability):
+    for alias_name in aliases:
+        alias = Alias(alias=alias_name, vulnerability=vulnerability)
+        alias.save()
+        logger.info(f"New alias for {vulnerability!r}: {alias_name}")
diff --git a/vulnerabilities/importer.py b/vulnerabilities/importer.py
index 0bc1b788d..2b4d73b2d 100644
--- a/vulnerabilities/importer.py
+++ b/vulnerabilities/importer.py
@@ -24,6 +24,7 @@
 
 import pytz
 from dateutil import parser as dateparser
+from fetchcode.vcs import VCSResponse
 from fetchcode.vcs import fetch_via_vcs
 from license_expression import Licensing
 from packageurl import PackageURL
@@ -187,7 +188,7 @@ def merge(
             purls.add(pkg.package)
         if len(purls) > 1:
             raise UnMergeablePackageError("Cannot merge with different purls", purls)
-        return purls.pop(), sorted(affected_version_ranges), sorted(fixed_versions)
+        return purls.pop(), list(affected_version_ranges), sorted(fixed_versions)
 
     def to_dict(self):
         """
@@ -251,6 +252,16 @@ class AdvisoryData:
     def __post_init__(self):
         if self.date_published and not self.date_published.tzinfo:
             logger.warning(f"AdvisoryData with no tzinfo: {self!r}")
+        if self.summary:
+            self.summary = self.clean_summary(self.summary)
+
+    def clean_summary(self, summary):
+        # https://nvd.nist.gov/vuln/detail/CVE-2013-4314
+        # https://github.com/cms-dev/cms/issues/888#issuecomment-516977572
+        summary = summary.strip()
+        if summary:
+            summary = summary.replace("\x00", "\uFFFD")
+        return summary
 
     def to_dict(self):
         return {
@@ -288,6 +299,10 @@ class InvalidSPDXLicense(Exception):
     pass
 
 
+class ForkError(Exception):
+    pass
+
+
 class Importer:
     """
     An Importer collects data from various upstreams and returns corresponding AdvisoryData objects
@@ -297,7 +312,7 @@ class Importer:
     spdx_license_expression = ""
     license_url = ""
     notice = ""
-    vcs_response = None
+    vcs_response: VCSResponse = None
 
     def __init__(self):
         if not self.spdx_license_expression:
@@ -324,47 +339,18 @@ def advisory_data(self) -> Iterable[AdvisoryData]:
         raise NotImplementedError
 
     def clone(self, repo_url):
+        """
+        Clone the repo at repo_url and return the VCSResponse object
+        """
         try:
             self.vcs_response = fetch_via_vcs(repo_url)
+            return self.vcs_response
         except Exception as e:
             msg = f"Failed to fetch {repo_url} via vcs: {e}"
             logger.error(msg)
             raise ForkError(msg) from e
 
 
-class ForkError(Exception):
-    pass
-
-
-class GitImporter(Importer):
-    def __init__(self, repo_url):
-        super().__init__()
-        self.repo_url = repo_url
-        self.vcs_response = None
-
-    def __enter__(self):
-        super().__enter__()
-        self.clone()
-        return self
-
-    def __exit__(self):
-        self.vcs_response.delete()
-
-    def clone(self):
-        try:
-            self.vcs_response = fetch_via_vcs(self.repo_url)
-        except Exception as e:
-            msg = f"Failed to fetch {self.repo_url} via vcs: {e}"
-            logger.error(msg)
-            raise ForkError(msg) from e
-
-    def advisory_data(self) -> Iterable[AdvisoryData]:
-        """
-        Return AdvisoryData objects corresponding to the data being imported
-        """
-        raise NotImplementedError
-
-
 # TODO: Needs rewrite
 class OvalImporter(Importer):
     """
diff --git a/vulnerabilities/importers/__init__.py b/vulnerabilities/importers/__init__.py
index 4a2fd6ac7..add6967f8 100644
--- a/vulnerabilities/importers/__init__.py
+++ b/vulnerabilities/importers/__init__.py
@@ -25,6 +25,7 @@
 from vulnerabilities.importers import npm
 from vulnerabilities.importers import nvd
 from vulnerabilities.importers import openssl
+from vulnerabilities.importers import oss_fuzz
 from vulnerabilities.importers import postgresql
 from vulnerabilities.importers import project_kb_msr2019
 from vulnerabilities.importers import pypa
@@ -37,21 +38,21 @@
 from vulnerabilities.importers import xen
 
 IMPORTERS_REGISTRY = [
+    nvd.NVDImporter,
+    github.GitHubAPIImporter,
+    gitlab.GitLabAPIImporter,
+    npm.NpmImporter,
+    pypa.PyPaImporter,
     nginx.NginxImporter,
+    pysec.PyPIImporter,
     alpine_linux.AlpineImporter,
-    github.GitHubAPIImporter,
-    nvd.NVDImporter,
     openssl.OpensslImporter,
     redhat.RedhatImporter,
-    pysec.PyPIImporter,
     debian.DebianImporter,
-    gitlab.GitLabAPIImporter,
     postgresql.PostgreSQLImporter,
-    pypa.PyPaImporter,
     archlinux.ArchlinuxImporter,
     ubuntu.UbuntuImporter,
     debian_oval.DebianOvalImporter,
-    npm.NpmImporter,
     retiredotnet.RetireDotnetImporter,
     apache_httpd.ApacheHTTPDImporter,
     mozilla.MozillaImporter,
@@ -65,6 +66,7 @@
     ubuntu_usn.UbuntuUSNImporter,
     fireeye.FireyeImporter,
     apache_kafka.ApacheKafkaImporter,
+    oss_fuzz.OSSFuzzImporter,
 ]
 
 IMPORTERS_REGISTRY = {x.qualified_name: x for x in IMPORTERS_REGISTRY}
diff --git a/vulnerabilities/importers/apache_httpd.py b/vulnerabilities/importers/apache_httpd.py
index 6f120addd..0b5e4a425 100644
--- a/vulnerabilities/importers/apache_httpd.py
+++ b/vulnerabilities/importers/apache_httpd.py
@@ -9,15 +9,9 @@
 
 import logging
 import urllib
-from datetime import datetime
-from typing import Iterable
-from typing import List
-from typing import Mapping
-from typing import Optional
 
 import requests
 from bs4 import BeautifulSoup
-from django.db.models.query import QuerySet
 from packageurl import PackageURL
 from univers.version_constraint import VersionConstraint
 from univers.version_range import ApacheVersionRange
@@ -27,18 +21,9 @@
 from vulnerabilities.importer import AffectedPackage
 from vulnerabilities.importer import Importer
 from vulnerabilities.importer import Reference
-from vulnerabilities.importer import UnMergeablePackageError
 from vulnerabilities.importer import VulnerabilitySeverity
-from vulnerabilities.improver import Improver
-from vulnerabilities.improver import Inference
-from vulnerabilities.models import Advisory
-from vulnerabilities.package_managers import GitHubTagsAPI
-from vulnerabilities.package_managers import VersionAPI
 from vulnerabilities.severity_systems import APACHE_HTTPD
-from vulnerabilities.utils import AffectedPackage as LegacyAffectedPackage
-from vulnerabilities.utils import get_affected_packages_by_patched_package
-from vulnerabilities.utils import nearest_patched_package
-from vulnerabilities.utils import resolve_version_range
+from vulnerabilities.utils import get_item
 
 logger = logging.getLogger(__name__)
 
@@ -56,16 +41,18 @@ def advisory_data(self):
             yield self.to_advisory(data)
 
     def to_advisory(self, data):
-        alias = data["CVE_data_meta"]["ID"]
-        descriptions = data["description"]["description_data"]
+        alias = get_item(data, "CVE_data_meta", "ID")
+        if not alias:
+            alias = get_item(data, "cveMetadata", "cveId")
+        descriptions = get_item(data, "description", "description_data") or []
         description = None
         for desc in descriptions:
-            if desc["lang"] == "eng":
+            if desc.get("lang") == "eng":
                 description = desc.get("value")
                 break
 
         severities = []
-        impacts = data.get("impact", [])
+        impacts = data.get("impact") or []
         for impact in impacts:
             value = impact.get("other")
             if value:
@@ -84,14 +71,14 @@ def to_advisory(self, data):
         )
 
         versions_data = []
-        for vendor in data["affects"]["vendor"]["vendor_data"]:
-            for products in vendor["product"]["product_data"]:
-                for version_data in products["version"]["version_data"]:
+        for vendor in get_item(data, "affects", "vendor", "vendor_data") or []:
+            for products in get_item(vendor, "product", "product_data") or []:
+                for version_data in get_item(products, "version", "version_data") or []:
                     versions_data.append(version_data)
 
         fixed_versions = []
         for timeline_object in data.get("timeline") or []:
-            timeline_value = timeline_object["value"]
+            timeline_value = timeline_object.get("value")
             if "release" in timeline_value:
                 split_timeline_value = timeline_value.split(" ")
                 if "never" in timeline_value:
@@ -116,7 +103,7 @@ def to_advisory(self, data):
 
         return AdvisoryData(
             aliases=[alias],
-            summary=description,
+            summary=description or "",
             affected_packages=affected_packages,
             references=[reference],
         )
@@ -163,144 +150,3 @@ def fetch_links(url):
             continue
         links.append(urllib.parse.urljoin(url, link))
     return links
-
-
-IGNORE_TAGS = {
-    "AGB_BEFORE_AAA_CHANGES",
-    "APACHE_1_2b1",
-    "APACHE_1_2b10",
-    "APACHE_1_2b11",
-    "APACHE_1_2b2",
-    "APACHE_1_2b3",
-    "APACHE_1_2b4",
-    "APACHE_1_2b5",
-    "APACHE_1_2b6",
-    "APACHE_1_2b7",
-    "APACHE_1_2b8",
-    "APACHE_1_2b9",
-    "APACHE_1_3_PRE_NT",
-    "APACHE_1_3a1",
-    "APACHE_1_3b1",
-    "APACHE_1_3b2",
-    "APACHE_1_3b3",
-    "APACHE_1_3b5",
-    "APACHE_1_3b6",
-    "APACHE_1_3b7",
-    "APACHE_2_0_2001_02_09",
-    "APACHE_2_0_52_WROWE_RC1",
-    "APACHE_2_0_ALPHA",
-    "APACHE_2_0_ALPHA_2",
-    "APACHE_2_0_ALPHA_3",
-    "APACHE_2_0_ALPHA_4",
-    "APACHE_2_0_ALPHA_5",
-    "APACHE_2_0_ALPHA_6",
-    "APACHE_2_0_ALPHA_7",
-    "APACHE_2_0_ALPHA_8",
-    "APACHE_2_0_ALPHA_9",
-    "APACHE_2_0_BETA_CANDIDATE_1",
-    "APACHE_BIG_SYMBOL_RENAME_POST",
-    "APACHE_BIG_SYMBOL_RENAME_PRE",
-    "CHANGES",
-    "HTTPD_LDAP_1_0_0",
-    "INITIAL",
-    "MOD_SSL_2_8_3",
-    "PCRE_3_9",
-    "POST_APR_SPLIT",
-    "PRE_APR_CHANGES",
-    "STRIKER_2_0_51_RC1",
-    "STRIKER_2_0_51_RC2",
-    "STRIKER_2_1_0_RC1",
-    "WROWE_2_0_43_PRE1",
-    "apache-1_3-merge-1-post",
-    "apache-1_3-merge-1-pre",
-    "apache-1_3-merge-2-post",
-    "apache-1_3-merge-2-pre",
-    "apache-apr-merge-3",
-    "apache-doc-split-01",
-    "dg_last_1_2_doc_merge",
-    "djg-apache-nspr-07",
-    "djg_nspr_split",
-    "moving_to_httpd_module",
-    "mpm-3",
-    "mpm-merge-1",
-    "mpm-merge-2",
-    "post_ajp_proxy",
-    "pre_ajp_proxy",
-}
-
-
-class ApacheHTTPDImprover(Improver):
-    def __init__(self) -> None:
-        self.versions_fetcher_by_purl: Mapping[str, VersionAPI] = {}
-        self.vesions_by_purl = {}
-
-    @property
-    def interesting_advisories(self) -> QuerySet:
-        return Advisory.objects.filter(created_by=ApacheHTTPDImporter.qualified_name)
-
-    def get_package_versions(
-        self, package_url: PackageURL, until: Optional[datetime] = None
-    ) -> List[str]:
-        """
-        Return a list of `valid_versions` for the `package_url`
-        """
-        api_name = "apache/httpd"
-        versions_fetcher = GitHubTagsAPI()
-        return versions_fetcher.get_until(package_name=api_name, until=until).valid_versions
-
-    def get_inferences(self, advisory_data: AdvisoryData) -> Iterable[Inference]:
-        """
-        Yield Inferences for the given advisory data
-        """
-        if not advisory_data.affected_packages:
-            return
-        try:
-            purl, affected_version_ranges, _ = AffectedPackage.merge(
-                advisory_data.affected_packages
-            )
-        except UnMergeablePackageError:
-            logger.error(f"Cannot merge with different purls {advisory_data.affected_packages!r}")
-            return iter([])
-
-        pkg_type = purl.type
-        pkg_namespace = purl.namespace
-        pkg_name = purl.name
-
-        if not self.vesions_by_purl.get(str(purl)):
-            valid_versions = self.get_package_versions(
-                package_url=purl, until=advisory_data.date_published
-            )
-            self.vesions_by_purl[str(purl)] = valid_versions
-
-        valid_versions = self.vesions_by_purl[str(purl)]
-
-        for affected_version_range in affected_version_ranges:
-            aff_vers, unaff_vers = resolve_version_range(
-                affected_version_range=affected_version_range,
-                package_versions=valid_versions,
-                ignorable_versions=IGNORE_TAGS,
-            )
-            affected_purls = [
-                PackageURL(type=pkg_type, namespace=pkg_namespace, name=pkg_name, version=version)
-                for version in aff_vers
-            ]
-
-            unaffected_purls = [
-                PackageURL(type=pkg_type, namespace=pkg_namespace, name=pkg_name, version=version)
-                for version in unaff_vers
-            ]
-
-            affected_packages: List[LegacyAffectedPackage] = nearest_patched_package(
-                vulnerable_packages=affected_purls, resolved_packages=unaffected_purls
-            )
-
-            for (
-                fixed_package,
-                affected_packages,
-            ) in get_affected_packages_by_patched_package(affected_packages).items():
-                yield Inference.from_advisory_data(
-                    advisory_data,
-                    confidence=100,  # We are getting all valid versions to get this inference
-                    affected_purls=affected_packages,
-                    fixed_purl=fixed_package,
-                )
diff --git a/vulnerabilities/importers/apache_kafka.py b/vulnerabilities/importers/apache_kafka.py
index 96b55748f..1195d3d28 100644
--- a/vulnerabilities/importers/apache_kafka.py
+++ b/vulnerabilities/importers/apache_kafka.py
@@ -8,6 +8,8 @@
 #
 
 
+import logging
+
 import pytz
 import requests
 from bs4 import BeautifulSoup
@@ -19,6 +21,8 @@
 from vulnerabilities.importer import Importer
 from vulnerabilities.importer import Reference
 
+logger = logging.getLogger(__name__)
+
 # The entries below with `"action": "omit"` have no useful/reportable fixed or affected version data.
 # See https://kafka.apache.org/cve-list
 affected_version_range_mapping = {
@@ -135,13 +139,17 @@ def to_advisory(self, advisory_page):
             fixed_versions_clean = [v.strip() for v in fixed_versions.split(",")]
             fixed_versions_clean = [v for v in fixed_versions if v]
 
-            # This throws a KeyError if the opening h2 tag `id` data changes or is not in the
-            # hard-coded affected_version_range_mapping dictionary.
-            cve_version_mapping = affected_version_range_mapping[cve_id]
-            if cve_version_mapping["action"] == "include":
-                # These 2 variables (not used elsewhere) trigger the KeyError for changed/missing data.
-                check_affected_versions_key = cve_version_mapping[affected_versions]
-                check_fixed_versions_key = cve_version_mapping[fixed_versions]
+            cve_version_mapping = affected_version_range_mapping.get(cve_id)
+            if not cve_version_mapping:
+                logger.error(f"Data for {cve_id} not found in mapping. Skipping.")
+            if cve_version_mapping and cve_version_mapping.get("action") == "include":
+                check_affected_versions_key = cve_version_mapping.get(affected_versions) or []
+                check_fixed_versions_key = cve_version_mapping.get(fixed_versions) or []
+
+                if not check_affected_versions_key:
+                    logger.error(f"Affected versions for {cve_id} not found in mapping. Skipping.")
+                if not check_fixed_versions_key:
+                    logger.error(f"Fixed versions for {cve_id} not found in mapping. Skipping.")
 
                 references = [
                     Reference(
@@ -159,18 +167,22 @@ def to_advisory(self, advisory_page):
                 ]
 
                 affected_packages = []
-                affected_package = AffectedPackage(
-                    package=PackageURL(
-                        name="kafka",
-                        type="apache",
-                    ),
-                    affected_version_range=cve_version_mapping["affected_version_range"],
-                )
-                affected_packages.append(affected_package)
+                affected_version_range = cve_version_mapping.get("affected_version_range")
+                if cve_version_mapping.get("affected_version_range"):
+                    affected_package = AffectedPackage(
+                        package=PackageURL(
+                            name="kafka",
+                            type="apache",
+                        ),
+                        affected_version_range=affected_version_range,
+                    )
+                    affected_packages.append(affected_package)
 
-                date_published = parse(cve_version_mapping["Issue announced"]).replace(
-                    tzinfo=pytz.UTC
-                )
+                date_published = None
+                issue_announced = cve_version_mapping.get("Issue announced")
+
+                if issue_announced:
+                    date_published = parse(issue_announced).replace(tzinfo=pytz.UTC)
 
                 advisories.append(
                     AdvisoryData(
diff --git a/vulnerabilities/importers/apache_tomcat.py b/vulnerabilities/importers/apache_tomcat.py
index 3d754d6df..04270059a 100644
--- a/vulnerabilities/importers/apache_tomcat.py
+++ b/vulnerabilities/importers/apache_tomcat.py
@@ -138,7 +138,7 @@ def fetch_advisory_links(self, url):
         for tag in soup.find_all("a"):
             link = tag.get("href")
 
-            if "security-" in link and any(char.isdigit() for char in link):
+            if link and "security-" in link and any(char.isdigit() for char in link):
                 yield urllib.parse.urljoin(url, link)
 
     def advisory_data(self):
diff --git a/vulnerabilities/importers/debian.py b/vulnerabilities/importers/debian.py
index 5191639db..113550673 100644
--- a/vulnerabilities/importers/debian.py
+++ b/vulnerabilities/importers/debian.py
@@ -14,7 +14,6 @@
 from typing import Mapping
 
 import requests
-from django.db.models.query import QuerySet
 from packageurl import PackageURL
 from univers.version_range import DebianVersionRange
 from univers.versions import DebianVersion
@@ -23,16 +22,8 @@
 from vulnerabilities.importer import AffectedPackage
 from vulnerabilities.importer import Importer
 from vulnerabilities.importer import Reference
-from vulnerabilities.importer import UnMergeablePackageError
-from vulnerabilities.improver import MAX_CONFIDENCE
-from vulnerabilities.improver import Improver
-from vulnerabilities.improver import Inference
-from vulnerabilities.models import Advisory
-from vulnerabilities.utils import AffectedPackage as LegacyAffectedPackage
 from vulnerabilities.utils import dedupe
-from vulnerabilities.utils import get_affected_packages_by_patched_package
 from vulnerabilities.utils import get_item
-from vulnerabilities.utils import nearest_patched_package
 
 logger = logging.getLogger(__name__)
 
@@ -164,74 +155,3 @@ def parse(self, pkg_name: str, records: Mapping[str, Any]) -> Iterable[AdvisoryD
                 affected_packages=affected_packages,
                 references=references,
             )
-
-
-class DebianBasicImprover(Improver):
-    @property
-    def interesting_advisories(self) -> QuerySet:
-        return Advisory.objects.filter(created_by=DebianImporter.qualified_name)
-
-    def get_inferences(self, advisory_data: AdvisoryData) -> Iterable[Inference]:
-        """
-        Yield Inferences for the given advisory data
-        """
-        if not advisory_data.affected_packages:
-            return
-        try:
-            purl, affected_version_ranges, fixed_versions = AffectedPackage.merge(
-                advisory_data.affected_packages
-            )
-        except UnMergeablePackageError:
-            logger.error(f"Cannot merge with different purls {advisory_data.affected_packages!r}")
-            return
-
-        pkg_type = purl.type
-        pkg_namespace = purl.namespace
-        pkg_name = purl.name
-        pkg_qualifiers = purl.qualifiers
-        fixed_purls = [
-            PackageURL(
-                type=pkg_type,
-                namespace=pkg_namespace,
-                name=pkg_name,
-                version=str(version),
-                qualifiers=pkg_qualifiers,
-            )
-            for version in fixed_versions
-        ]
-        if not affected_version_ranges:
-            for fixed_purl in fixed_purls:
-                yield Inference.from_advisory_data(
-                    advisory_data,  # We are getting all valid versions to get this inference
-                    confidence=MAX_CONFIDENCE,
-                    affected_purls=[],
-                    fixed_purl=fixed_purl,
-                )
-        else:
-            aff_versions = set()
-            for affected_version_range in affected_version_ranges:
-                for constraint in affected_version_range.constraints:
-                    aff_versions.add(constraint.version.string)
-            affected_purls = [
-                PackageURL(
-                    type=pkg_type,
-                    namespace=pkg_namespace,
-                    name=pkg_name,
-                    version=version,
-                    qualifiers=pkg_qualifiers,
-                )
-                for version in aff_versions
-            ]
-            affected_packages: List[LegacyAffectedPackage] = nearest_patched_package(
-                vulnerable_packages=affected_purls, resolved_packages=fixed_purls
-            )
-
-            for (fixed_package, affected_packages,) in get_affected_packages_by_patched_package(
-                affected_packages=affected_packages
-            ).items():
-                yield Inference.from_advisory_data(
-                    advisory_data,
-                    confidence=MAX_CONFIDENCE,  # We are getting all valid versions to get this inference
-                    affected_purls=affected_packages,
-                    fixed_purl=fixed_package,
-                )
diff --git a/vulnerabilities/importers/elixir_security.py b/vulnerabilities/importers/elixir_security.py
index a1d0a33cf..ff9deed70 100644
--- a/vulnerabilities/importers/elixir_security.py
+++ b/vulnerabilities/importers/elixir_security.py
@@ -29,7 +29,7 @@ class ElixirSecurityImporter(Importer):
 
     def advisory_data(self) -> Set[AdvisoryData]:
         try:
-            self.clone(self.repo_url)
+            self.clone(repo_url=self.repo_url)
             path = Path(self.vcs_response.dest_dir)
             vuln = path / "packages"
             for file in vuln.glob("**/*.yml"):
diff --git a/vulnerabilities/importers/fireeye.py b/vulnerabilities/importers/fireeye.py
index dc9fc129f..940154bb5 100644
--- a/vulnerabilities/importers/fireeye.py
+++ b/vulnerabilities/importers/fireeye.py
@@ -13,7 +13,7 @@
 from typing import List
 
 from vulnerabilities.importer import AdvisoryData
-from vulnerabilities.importer import GitImporter
+from vulnerabilities.importer import Importer
 from vulnerabilities.importer import Reference
 from vulnerabilities.utils import build_description
 from vulnerabilities.utils import dedupe
@@ -21,7 +21,7 @@
 logger = logging.getLogger(__name__)
 
 
-class FireyeImporter(GitImporter):
+class FireyeImporter(Importer):
     spdx_license_expression = "CC-BY-SA-4.0 AND MIT"
     license_url = "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/README.md"
     notice = """
@@ -30,23 +30,25 @@ class FireyeImporter(GitImporter):
     1. CC BY-SA 4.0 - For CVE related information not including source code (such as PoCs)
     2. MIT - For source code contained within provided CVE information
     """
-
-    def __init__(self):
-        super().__init__(repo_url="git+https://github.com/mandiant/Vulnerability-Disclosures")
+    repo_url = "git+https://github.com/mandiant/Vulnerability-Disclosures"
 
     def advisory_data(self) -> Iterable[AdvisoryData]:
-        self.clone()
-        files = filter(
-            lambda p: p.suffix in [".md", ".MD"], Path(self.vcs_response.dest_dir).glob("**/*")
-        )
-        for file in files:
-            if Path(file).stem == "README":
-                continue
-            try:
-                with open(file) as f:
-                    yield parse_advisory_data(f.read())
-            except UnicodeError:
-                logger.error(f"Invalid file {file}")
+        try:
+            self.clone(repo_url=self.repo_url)
+            files = filter(
+                lambda p: p.suffix in [".md", ".MD"], Path(self.vcs_response.dest_dir).glob("**/*")
+            )
+            for file in files:
+                if Path(file).stem == "README":
+                    continue
+                try:
+                    with open(file) as f:
+                        yield parse_advisory_data(f.read())
+                except UnicodeError:
+                    logger.error(f"Invalid file {file}")
+        finally:
+            if self.vcs_response:
+                self.vcs_response.delete()
 
 
 def parse_advisory_data(raw_data) -> AdvisoryData:
diff --git a/vulnerabilities/importers/github.py b/vulnerabilities/importers/github.py
index ad3643ba6..8ef1b3a9c 100644
--- a/vulnerabilities/importers/github.py
+++ b/vulnerabilities/importers/github.py
@@ -8,14 +8,11 @@
 #
 
 import logging
-from datetime import datetime
 from typing import Iterable
-from typing import List
-from typing import Mapping
 from typing import Optional
 
+from cwe2.database import Database
 from dateutil import parser as dateparser
-from django.db.models.query import QuerySet
 from packageurl import PackageURL
 from univers.version_range import RANGE_CLASS_BY_SCHEMES
 from univers.version_range import build_range_from_github_advisory_constraint
@@ -26,88 +23,13 @@
 from vulnerabilities.importer import AffectedPackage
 from vulnerabilities.importer import Importer
 from vulnerabilities.importer import Reference
-from vulnerabilities.importer import UnMergeablePackageError
 from vulnerabilities.importer import VulnerabilitySeverity
-from vulnerabilities.improver import Improver
-from vulnerabilities.improver import Inference
-from vulnerabilities.models import Advisory
-from vulnerabilities.package_managers import VERSION_API_CLASSES_BY_PACKAGE_TYPE
-from vulnerabilities.package_managers import GoproxyVersionAPI
-from vulnerabilities.package_managers import VersionAPI
-from vulnerabilities.package_managers import get_api_package_name
-from vulnerabilities.utils import AffectedPackage as LegacyAffectedPackage
 from vulnerabilities.utils import dedupe
-from vulnerabilities.utils import get_affected_packages_by_patched_package
+from vulnerabilities.utils import get_cwe_id
 from vulnerabilities.utils import get_item
-from vulnerabilities.utils import nearest_patched_package
-from vulnerabilities.utils import resolve_version_range
 
 logger = logging.getLogger(__name__)
 
-WEIRD_IGNORABLE_VERSIONS = frozenset(
-    [
-        "0.1-bulbasaur",
-        "0.1-charmander",
-        "0.3m1",
-        "0.3m2",
-        "0.3m3",
-        "0.3m4",
-        "0.3m5",
-        "0.4m1",
-        "0.4m2",
-        "0.4m3",
-        "0.4m4",
-        "0.4m5",
-        "0.5m1",
-        "0.5m2",
-        "0.5m3",
-        "0.5m4",
-        "0.5m5",
-        "0.6m1",
-        "0.6m2",
-        "0.6m3",
-        "0.6m4",
-        "0.6m5",
-        "0.6m6",
-        "0.7.10p1",
-        "0.7.11p1",
-        "0.7.11p2",
-        "0.7.11p3",
-        "0.8.1p1",
-        "0.8.3p1",
-        "0.8.4p1",
-        "0.8.4p2",
-        "0.8.6p1",
-        "0.8.7p1",
-        "0.9-doduo",
-        "0.9-eevee",
-        "0.9-fearow",
-        "0.9-gyarados",
-        "0.9-horsea",
-        "0.9-ivysaur",
-        "2013-01-21T20:33:09+0100",
-        "2013-01-23T17:11:52+0100",
-        "2013-02-01T20:50:46+0100",
-        "2013-02-02T19:59:03+0100",
-        "2013-02-02T20:23:17+0100",
-        "2013-02-08T17:40:57+0000",
-        "2013-03-27T16:32:26+0100",
-        "2013-05-09T12:47:53+0200",
-        "2013-05-10T17:55:56+0200",
-        "2013-05-14T20:16:05+0200",
-        "2013-06-01T10:32:51+0200",
-        "2013-07-19T09:11:08+0000",
-        "2013-08-12T21:48:56+0200",
-        "2013-09-11T19-27-10",
-        "2013-12-23T17-51-15",
-        "2014-01-12T15-52-10",
-        "2.0.1rc2-git",
-        "3.0.0b3-",
-        "3.0b6dev-r41684",
-        "-class.-jw.util.version.Version-",
-    ]
-)
-
 PACKAGE_TYPE_BY_GITHUB_ECOSYSTEM = {
     "MAVEN": "maven",
     "NUGET": "nuget",
@@ -142,6 +64,11 @@
                         url
                     }
                     severity
+                    cwes(first: 10){ 
+                        nodes {
+                            cweId       
+                        }
+                    }
                     publishedAt
                 }
                 firstPatchedVersion{
@@ -216,12 +143,6 @@ def get_purl(pkg_type: str, github_name: str) -> Optional[PackageURL]:
     logger.error(f"get_purl: Unknown package type {pkg_type}")
 
 
-class InvalidVersionRange(Exception):
-    """
-    Raises exception when the version range is invalid
-    """
-
-
 def process_response(resp: dict, package_type: str) -> Iterable[AdvisoryData]:
     """
     Yield `AdvisoryData` by taking `resp` and `ecosystem` as input
@@ -268,7 +189,7 @@ def process_response(resp: dict, package_type: str) -> Iterable[AdvisoryData]:
                     affected_range = build_range_from_github_advisory_constraint(
                         package_type, affected_range
                     )
-                except InvalidVersionRange as e:
+                except Exception as e:
                     logger.error(f"Could not parse affected range {affected_range!r} {e!r}")
                     affected_range = None
             if fixed_version:
@@ -312,99 +233,34 @@ def process_response(resp: dict, package_type: str) -> Iterable[AdvisoryData]:
             else:
                 logger.error(f"Unknown identifier type {identifier_type!r} and value {value!r}")
 
+        weaknesses = get_cwes_from_github_advisory(advisory)
+
         yield AdvisoryData(
             aliases=sorted(dedupe(aliases)),
             summary=summary,
             references=references,
             affected_packages=affected_packages,
             date_published=date_published,
+            weaknesses=weaknesses,
         )
 
 
-class GitHubBasicImprover(Improver):
-    def __init__(self) -> None:
-        self.versions_fetcher_by_purl: Mapping[str, VersionAPI] = {}
-
-    @property
-    def interesting_advisories(self) -> QuerySet:
-        return Advisory.objects.filter(created_by=GitHubAPIImporter.qualified_name)
-
-    def get_package_versions(
-        self, package_url: PackageURL, until: Optional[datetime] = None
-    ) -> List[str]:
-        """
-        Return a list of `valid_versions` for the `package_url`
-        """
-        api_name = get_api_package_name(package_url)
-        if not api_name:
-            logger.error(f"Could not get versions for {package_url!r}")
-            return []
-        versions_fetcher = self.versions_fetcher_by_purl.get(package_url)
-        if not versions_fetcher:
-            versions_fetcher: VersionAPI = VERSION_API_CLASSES_BY_PACKAGE_TYPE[package_url.type]
-            self.versions_fetcher_by_purl[package_url] = versions_fetcher()
-
-        versions_fetcher = self.versions_fetcher_by_purl[package_url]
-
-        self.versions_fetcher_by_purl[package_url] = versions_fetcher
-        return versions_fetcher.get_until(package_name=api_name, until=until).valid_versions
-
-    def get_inferences(self, advisory_data: AdvisoryData) -> Iterable[Inference]:
-        """
-        Yield Inferences for the given advisory data
-        """
-        if not advisory_data.affected_packages:
-            return
-        try:
-            purl, affected_version_ranges, _ = AffectedPackage.merge(
-                advisory_data.affected_packages
-            )
-        except UnMergeablePackageError:
-            logger.error(f"Cannot merge with different purls {advisory_data.affected_packages!r}")
-            return iter([])
-
-        pkg_type = purl.type
-        pkg_namespace = purl.namespace
-        pkg_name = purl.name
-        if purl.type == "golang":
-            # Problem with the Golang and Go that they provide full path
-            # FIXME: We need to get the PURL subpath for Go module
-            versions_fetcher = self.versions_fetcher_by_purl.get(purl)
-            if not versions_fetcher:
-                versions_fetcher = GoproxyVersionAPI()
-                self.versions_fetcher_by_purl[purl] = versions_fetcher
-            pkg_name = versions_fetcher.module_name_by_package_name.get(pkg_name, pkg_name)
-
-        valid_versions = self.get_package_versions(
-            package_url=purl, until=advisory_data.date_published
-        )
-        for affected_version_range in affected_version_ranges:
-            aff_vers, unaff_vers = resolve_version_range(
-                affected_version_range=affected_version_range,
-                package_versions=valid_versions,
-                ignorable_versions=WEIRD_IGNORABLE_VERSIONS,
-            )
-            affected_purls = [
-                PackageURL(type=pkg_type, namespace=pkg_namespace, name=pkg_name, version=version)
-                for version in aff_vers
-            ]
-
-            unaffected_purls = [
-                PackageURL(type=pkg_type, namespace=pkg_namespace, name=pkg_name, version=version)
-                for version in unaff_vers
-            ]
-
-            affected_packages: List[LegacyAffectedPackage] = nearest_patched_package(
-                vulnerable_packages=affected_purls, resolved_packages=unaffected_purls
-            )
-
-            for (
-                fixed_package,
-                affected_packages,
-            ) in get_affected_packages_by_patched_package(affected_packages).items():
-                yield Inference.from_advisory_data(
-                    advisory_data,
-                    confidence=100,  # We are getting all valid versions to get this inference
-                    affected_purls=affected_packages,
-                    fixed_purl=fixed_package,
-                )
+def get_cwes_from_github_advisory(advisory) -> [int]:
+    """
+    Return the cwe-id list from advisory ex: [ 522 ]
+    by extracting the cwe_list from advisory ex: [{'cweId': 'CWE-522'}]
+    then remove the CWE- from string and convert it to integer 522 and Check if the CWE in CWE-Database
+    """
+    weaknesses = []
+    db = Database()
+    cwe_list = get_item(advisory, "cwes", "nodes") or []
+    for cwe_item in cwe_list:
+        cwe_string = get_item(cwe_item, "cweId")
+        if cwe_string:
+            cwe_id = get_cwe_id(cwe_string)
+            try:
+                db.get(cwe_id)
+                weaknesses.append(cwe_id)
+            except Exception:
+                logger.error("Invalid CWE id")
+    return weaknesses
diff --git a/vulnerabilities/importers/gitlab.py b/vulnerabilities/importers/gitlab.py
index afdb3f865..561b1a7d9 100644
--- a/vulnerabilities/importers/gitlab.py
+++ b/vulnerabilities/importers/gitlab.py
@@ -9,17 +9,14 @@
 
 import logging
 import traceback
-from datetime import datetime
 from pathlib import Path
 from typing import Iterable
 from typing import List
-from typing import Mapping
 from typing import Optional
 
 import pytz
 import saneyaml
 from dateutil import parser as dateparser
-from django.db.models.query import QuerySet
 from packageurl import PackageURL
 from univers.version_range import RANGE_CLASS_BY_SCHEMES
 from univers.version_range import VersionRange
@@ -28,27 +25,15 @@
 
 from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importer import AffectedPackage
-from vulnerabilities.importer import GitImporter
+from vulnerabilities.importer import Importer
 from vulnerabilities.importer import Reference
-from vulnerabilities.importer import UnMergeablePackageError
-from vulnerabilities.improver import Improver
-from vulnerabilities.improver import Inference
-from vulnerabilities.models import Advisory
-from vulnerabilities.package_managers import VERSION_API_CLASSES_BY_PACKAGE_TYPE
-from vulnerabilities.package_managers import GoproxyVersionAPI
-from vulnerabilities.package_managers import VersionAPI
-from vulnerabilities.package_managers import get_api_package_name
-from vulnerabilities.utils import AffectedPackage as LegacyAffectedPackage
 from vulnerabilities.utils import build_description
-from vulnerabilities.utils import get_affected_packages_by_patched_package
-from vulnerabilities.utils import nearest_patched_package
-from vulnerabilities.utils import resolve_version_range
+from vulnerabilities.utils import get_cwe_id
 
 logger = logging.getLogger(__name__)
 
-
 PURL_TYPE_BY_GITLAB_SCHEME = {
-    # "conan": "conan",
+    "conan": "conan",
     "gem": "gem",
     # Entering issue to parse go package names https://github.com/nexB/vulnerablecode/issues/742
     # "go": "golang",
@@ -59,20 +44,17 @@
     "pypi": "pypi",
 }
 
-
 GITLAB_SCHEME_BY_PURL_TYPE = {v: k for k, v in PURL_TYPE_BY_GITLAB_SCHEME.items()}
 
 
-class GitLabAPIImporter(GitImporter):
+class GitLabAPIImporter(Importer):
     spdx_license_expression = "MIT"
     license_url = "https://gitlab.com/gitlab-org/advisories-community/-/blob/main/LICENSE"
+    repo_url = "git+https://gitlab.com/gitlab-org/advisories-community/"
 
-    def __init__(self):
-        super().__init__(repo_url="git+https://gitlab.com/gitlab-org/advisories-community/")
-
-    def advisory_data(self, _keep_clone=True) -> Iterable[AdvisoryData]:
+    def advisory_data(self, _keep_clone=False) -> Iterable[AdvisoryData]:
         try:
-            self.clone()
+            self.clone(repo_url=self.repo_url)
             base_path = Path(self.vcs_response.dest_dir)
 
             for file_path in base_path.glob("**/*.yml"):
@@ -203,6 +185,10 @@ def parse_gitlab_advisory(file):
     summary = build_description(gitlab_advisory.get("title"), gitlab_advisory.get("description"))
     urls = gitlab_advisory.get("urls")
     references = [Reference.from_url(u) for u in urls]
+
+    cwe_ids = gitlab_advisory.get("cwe_ids") or []
+    cwe_list = list(map(get_cwe_id, cwe_ids))
+
     date_published = dateparser.parse(gitlab_advisory.get("pubdate"))
     date_published = date_published.replace(tzinfo=pytz.UTC)
     package_slug = gitlab_advisory.get("package_slug")
@@ -218,7 +204,7 @@ def parse_gitlab_advisory(file):
     affected_version_range = None
     fixed_versions = gitlab_advisory.get("fixed_versions") or []
     affected_range = gitlab_advisory.get("affected_range")
-    gitlab_native_schemes = set(["pypi", "gem", "npm", "go", "packagist"])
+    gitlab_native_schemes = set(["pypi", "gem", "npm", "go", "packagist", "conan"])
     vrc: VersionRange = RANGE_CLASS_BY_SCHEMES[purl.type]
     gitlab_scheme = GITLAB_SCHEME_BY_PURL_TYPE[purl.type]
     try:
@@ -268,101 +254,5 @@ def parse_gitlab_advisory(file):
         references=references,
         date_published=date_published,
         affected_packages=affected_packages,
+        weaknesses=cwe_list,
     )
-
-
-class GitLabBasicImprover(Improver):
-    """
-    Get the nearest fixed_version and then resolve the version range with the help of all valid versions.
-    Generate inference between all the affected packages and the fixed_version that fixes all those affected packages.
-
-    In case of gitlab advisory data we get a list of fixed_versions and a affected_version_range.
-    Since we can not determine which package fixes which range.
-    """
-
-    def __init__(self) -> None:
-        self.versions_fetcher_by_purl: Mapping[str, VersionAPI] = {}
-
-    @property
-    def interesting_advisories(self) -> QuerySet:
-        return Advisory.objects.filter(created_by=GitLabAPIImporter.qualified_name)
-
-    def get_package_versions(
-        self, package_url: PackageURL, until: Optional[datetime] = None
-    ) -> List[str]:
-        """
-        Return a list of `valid_versions` for the `package_url`
-        """
-        api_name = get_api_package_name(purl=package_url)
-        if not api_name:
-            logger.error(f"Could not get versions for {package_url!r}")
-            return []
-        versions_fetcher = self.versions_fetcher_by_purl.get(package_url)
-        if not versions_fetcher:
-            versions_fetcher: VersionAPI = VERSION_API_CLASSES_BY_PACKAGE_TYPE[package_url.type]
-            self.versions_fetcher_by_purl[package_url] = versions_fetcher()
-
-        versions_fetcher = self.versions_fetcher_by_purl[package_url]
-
-        self.versions_fetcher_by_purl[package_url] = versions_fetcher
-        return versions_fetcher.get_until(package_name=api_name, until=until).valid_versions
-
-    def get_inferences(self, advisory_data: AdvisoryData) -> Iterable[Inference]:
-        """
-        Yield Inferences for the given advisory data
-        """
-        if not advisory_data.affected_packages:
-            return iter([])
-        try:
-            purl, affected_version_ranges, _ = AffectedPackage.merge(
-                advisory_data.affected_packages
-            )
-        except UnMergeablePackageError:
-            logger.error(f"Cannot merge with different purls {advisory_data.affected_packages!r}")
-            return iter([])
-
-        pkg_type = purl.type
-        pkg_namespace = purl.namespace
-        pkg_name = purl.name
-        if purl.type == "golang":
-            # Problem with the Golang and Go that they provide full path
-            # FIXME: We need to get the PURL subpath for Go module
-            versions_fetcher = self.versions_fetcher_by_purl.get(purl)
-            if not versions_fetcher:
-                versions_fetcher = GoproxyVersionAPI()
-                self.versions_fetcher_by_purl[purl] = versions_fetcher
-            pkg_name = versions_fetcher.module_name_by_package_name.get(pkg_name, pkg_name)
-
-        valid_versions = self.get_package_versions(
-            package_url=purl, until=advisory_data.date_published
-        )
-        for affected_version_range in affected_version_ranges:
-            aff_vers, unaff_vers = resolve_version_range(
-                affected_version_range=affected_version_range,
-                package_versions=valid_versions,
-                ignorable_versions=[],
-            )
-            affected_purls = [
-                PackageURL(type=pkg_type, namespace=pkg_namespace, name=pkg_name, version=version)
-                for version in aff_vers
-            ]
-
-            unaffected_purls = [
-                PackageURL(type=pkg_type, namespace=pkg_namespace, name=pkg_name, version=version)
-                for version in unaff_vers
-            ]
-
-            affected_packages: List[LegacyAffectedPackage] = nearest_patched_package(
-                vulnerable_packages=affected_purls, resolved_packages=unaffected_purls
-            )
-
-            for (
-                fixed_package,
-                affected_packages,
-            ) in get_affected_packages_by_patched_package(affected_packages).items():
-                yield Inference.from_advisory_data(
-                    advisory_data,  # We are getting all valid versions to get this inference
-                    confidence=100,
-                    affected_purls=affected_packages,
-                    fixed_purl=fixed_package,
-                )
diff --git a/vulnerabilities/importers/istio.py b/vulnerabilities/importers/istio.py
index 951fa5297..d37c6083e 100644
--- a/vulnerabilities/importers/istio.py
+++ b/vulnerabilities/importers/istio.py
@@ -53,17 +53,21 @@ class IstioImporter(Importer):
     repo_url = "git+https://github.com/istio/istio.io/"
 
     def advisory_data(self) -> Set[AdvisoryData]:
-        self.clone(self.repo_url)
-        path = Path(self.vcs_response.dest_dir)
-        vuln = path / "content/en/news/security/"
-        for file in vuln.glob("**/*.md"):
-            # Istio website has files with name starting with underscore, these contain metadata
-            # required for rendering the website. We're not interested in these.
-            # See also https://github.com/nexB/vulnerablecode/issues/563
-            file = str(file)
-            if file.endswith("_index.md"):
-                continue
-            yield from self.process_file(file)
+        try:
+            self.clone(repo_url=self.repo_url)
+            path = Path(self.vcs_response.dest_dir)
+            vuln = path / "content/en/news/security/"
+            for file in vuln.glob("**/*.md"):
+                # Istio website has files with name starting with underscore, these contain metadata
+                # required for rendering the website. We're not interested in these.
+                # See also https://github.com/nexB/vulnerablecode/issues/563
+                file = str(file)
+                if file.endswith("_index.md"):
+                    continue
+                yield from self.process_file(file)
+        finally:
+            if self.vcs_response:
+                self.vcs_response.delete()
 
     def process_file(self, path):
 
@@ -155,70 +159,3 @@ def get_data_from_md(self, path):
         with open(path) as f:
             front_matter, _ = split_markdown_front_matter(f.read())
             return saneyaml.load(front_matter)
-
-
-class IstioImprover(Improver):
-    def __init__(self) -> None:
-        self.versions_fetcher_by_purl: Mapping[str, VersionAPI] = {}
-        self.vesions_by_purl = {}
-
-    @property
-    def interesting_advisories(self) -> QuerySet:
-        return Advisory.objects.filter(created_by=IstioImporter.qualified_name)
-
-    def get_package_versions(
-        self, package_url: PackageURL, until: Optional[datetime] = None
-    ) -> List[str]:
-        """
-        Return a list of `valid_versions` for the `package_url`
-        """
-        api_name = "istio/istio"
-        versions_fetcher = GitHubTagsAPI()
-        return versions_fetcher.get_until(package_name=api_name, until=until).valid_versions
-
-    def get_inferences(self, advisory_data: AdvisoryData) -> Iterable[Inference]:
-        """
-        Yield Inferences for the given advisory data
-        """
-        if not advisory_data.affected_packages:
-            return
-        for affected_package in advisory_data.affected_packages:
-            purl = affected_package.package
-            affected_version_range = affected_package.affected_version_range
-            pkg_type = purl.type
-            pkg_namespace = purl.namespace
-            pkg_name = purl.name
-            if not self.vesions_by_purl.get("istio/istio"):
-                valid_versions = self.get_package_versions(
-                    package_url=purl, until=advisory_data.date_published
-                )
-                self.vesions_by_purl["istio/istio"] = valid_versions
-            valid_versions = self.vesions_by_purl["istio/istio"]
-            aff_vers, unaff_vers = resolve_version_range(
-                affected_version_range=affected_version_range,
-                package_versions=valid_versions,
-            )
-            affected_purls = [
-                PackageURL(type=pkg_type, namespace=pkg_namespace, name=pkg_name, version=version)
-                for version in aff_vers
-            ]
-
-            unaffected_purls = [
-                PackageURL(type=pkg_type, namespace=pkg_namespace, name=pkg_name, version=version)
-                for version in unaff_vers
-            ]
-
-            affected_packages: List[LegacyAffectedPackage] = nearest_patched_package(
-                vulnerable_packages=affected_purls, resolved_packages=unaffected_purls
-            )
-
-            for (
-                fixed_package,
-                affected_packages,
-            ) in get_affected_packages_by_patched_package(affected_packages).items():
-                yield Inference.from_advisory_data(
-                    advisory_data,
-                    confidence=100,  # We are getting all valid versions to get this inference
-                    affected_purls=affected_packages,
-                    fixed_purl=fixed_package,
-                )
diff --git a/vulnerabilities/importers/kaybee.py b/vulnerabilities/importers/kaybee.py
index 7464a999f..1b908e4b5 100644
--- a/vulnerabilities/importers/kaybee.py
+++ b/vulnerabilities/importers/kaybee.py
@@ -10,13 +10,13 @@
 from packageurl import PackageURL
 
 from vulnerabilities.importer import AdvisoryData
-from vulnerabilities.importer import GitImporter
+from vulnerabilities.importer import Importer
 from vulnerabilities.importer import Reference
 from vulnerabilities.utils import load_yaml
 from vulnerabilities.utils import nearest_patched_package
 
 
-class KaybeeImporter(GitImporter):
+class KaybeeImporter(Importer):
     def __enter__(self):
         super(KaybeeImporter, self).__enter__()
         self._added_files, self._updated_files = self.file_changes(
diff --git a/vulnerabilities/importers/mozilla.py b/vulnerabilities/importers/mozilla.py
index 1cdaac357..3c4324bdf 100644
--- a/vulnerabilities/importers/mozilla.py
+++ b/vulnerabilities/importers/mozilla.py
@@ -39,7 +39,7 @@ class MozillaImporter(Importer):
 
     def advisory_data(self) -> Iterable[AdvisoryData]:
         try:
-            self.clone(self.repo_url)
+            self.clone(repo_url=self.repo_url)
             path = Path(self.vcs_response.dest_dir)
 
             vuln = path / "announce"
diff --git a/vulnerabilities/importers/nginx.py b/vulnerabilities/importers/nginx.py
index 1320fc895..918f29f20 100644
--- a/vulnerabilities/importers/nginx.py
+++ b/vulnerabilities/importers/nginx.py
@@ -23,15 +23,8 @@
 from vulnerabilities.importer import AffectedPackage
 from vulnerabilities.importer import Importer
 from vulnerabilities.importer import Reference
-from vulnerabilities.importer import UnMergeablePackageError
 from vulnerabilities.importer import VulnerabilitySeverity
-from vulnerabilities.improver import Improver
-from vulnerabilities.improver import Inference
-from vulnerabilities.models import Advisory
-from vulnerabilities.package_managers import GitHubTagsAPI
-from vulnerabilities.package_managers import PackageVersion
 from vulnerabilities.severity_systems import GENERIC
-from vulnerabilities.utils import evolve_purl
 
 logger = logging.getLogger(__name__)
 
@@ -223,122 +216,3 @@ def build_severity(severity):
     severity = severity.strip()
     if severity:
         return VulnerabilitySeverity(system=GENERIC, value=severity)
-
-
-class NginxBasicImprover(Improver):
-    """
-    Improve Nginx data by fetching the its GitHub repo versions and resolving
-    the vulnerable ranges.
-    """
-
-    @property
-    def interesting_advisories(self) -> QuerySet:
-        return Advisory.objects.filter(created_by=NginxImporter.qualified_name)
-
-    def get_inferences(self, advisory_data: AdvisoryData) -> Iterable[Inference]:
-        all_versions = list(self.fetch_nginx_version_from_git_tags())
-        yield from self.get_inferences_from_versions(
-            advisory_data=advisory_data, all_versions=all_versions
-        )
-
-    def get_inferences_from_versions(
-        self, advisory_data: AdvisoryData, all_versions: List[PackageVersion]
-    ) -> Iterable[Inference]:
-        """
-        Yield inferences given an ``advisory_data`` and a ``all_versions`` of
-        PackageVersion.
-        """
-
-        try:
-            purl, affected_version_ranges, fixed_versions = AffectedPackage.merge(
-                advisory_data.affected_packages
-            )
-        except UnMergeablePackageError:
-            logger.error(
-                f"NginxBasicImprover: Cannot merge with different purls: "
-                f"{advisory_data.affected_packages!r}"
-            )
-            return iter([])
-
-        affected_purls = []
-        for affected_version_range in affected_version_ranges:
-            for package_version in all_versions:
-                # FIXME: we should reference an NginxVersion tbd in univers
-                version = NginxVersion(package_version.value)
-                if is_vulnerable(
-                    version=version,
-                    affected_version_range=affected_version_range,
-                    fixed_versions=fixed_versions,
-                ):
-                    new_purl = evolve_purl(purl=purl, version=str(version))
-                    affected_purls.append(new_purl)
-
-        # TODO: This also yields with a lower fixed version, maybe we should
-        # only yield fixes that are upgrades ?
-        for fixed_version in fixed_versions:
-            fixed_purl = evolve_purl(purl=purl, version=str(fixed_version))
-
-            yield Inference.from_advisory_data(
-                advisory_data,
-                # TODO: is 90 a correct confidence??
-                confidence=90,
-                affected_purls=affected_purls,
-                fixed_purl=fixed_purl,
-            )
-
-    def fetch_nginx_version_from_git_tags(self):
-        """
-        Yield all nginx PackageVersion from its git tags.
-        """
-        nginx_versions = GitHubTagsAPI().fetch("nginx/nginx")
-        for version in nginx_versions:
-            cleaned = clean_nginx_git_tag(version.value)
-            yield PackageVersion(value=cleaned, release_date=version.release_date)
-
-
-def clean_nginx_git_tag(tag):
-    """
-    Return a cleaned ``version`` string from an nginx git tag.
-
-    Nginx tags git release as in `release-1.2.3`
-    This removes the the `release-` prefix.
-
-    For example:
-    >>> clean_nginx_git_tag("release-1.2.3") == "1.2.3"
-    True
-    >>> clean_nginx_git_tag("1.2.3") == "1.2.3"
-    True
-    """
-    if tag.startswith("release-"):
-        _, _, tag = tag.partition("release-")
-    return tag
-
-
-def is_vulnerable(version, affected_version_range, fixed_versions):
-    """
-    Return True if the ``version`` Version for nginx is vulnerable according to
-    the nginx approach.
-
-    A ``version`` is vulnerable as explained by @mdounin
-    in https://marc.info/?l=nginx&m=164070162912710&w=2 :
-
-        "Note that it is generally trivial to find out if a version is
-        vulnerable or not from the information about a vulnerability,
-        without any knowledge about nginx branches.  That is:
-
-        - Check if the version is in "Vulnerable" range.  If it's not, the
-          version is not vulnerable.
-
-        - If it is, check if the branch is explicitly listed in the "Not
-          vulnerable".  If it's not, the version is vulnerable.  If it
-          is, check the minor number: if it's greater or equal to the
-          version listed as not vulnerable, the version is not vulnerable,
-          else the version is vulnerable."
-
-    """
-    if version in NginxVersionRange.from_string(affected_version_range.to_string()):
-        for fixed_version in fixed_versions:
-            if version.value.minor == fixed_version.value.minor and version >= fixed_version:
-                return False
-        return True
-    return False
diff --git a/vulnerabilities/importers/npm.py b/vulnerabilities/importers/npm.py
index 4b6df9055..e1112158c 100644
--- a/vulnerabilities/importers/npm.py
+++ b/vulnerabilities/importers/npm.py
@@ -36,7 +36,7 @@ class NpmImporter(Importer):
 
     def advisory_data(self) -> Iterable[AdvisoryData]:
         try:
-            self.clone(self.repo_url)
+            self.clone(repo_url=self.repo_url)
             path = Path(self.vcs_response.dest_dir)
 
             vuln = path / "vuln"
@@ -52,7 +52,9 @@ def to_advisory_data(self, file: Path) -> List[AdvisoryData]:
         id = data.get("id")
         description = data.get("overview") or ""
         summary = data.get("title") or ""
-        date_published = parse(data.get("created_at")).replace(tzinfo=pytz.UTC)
+        date_published = None
+        if isinstance(data.get("created_at"), str):
+            date_published = parse(data.get("created_at")).replace(tzinfo=pytz.UTC)
         references = []
         cvss_vector = data.get("cvss_vector")
         cvss_score = data.get("cvss_score")
diff --git a/vulnerabilities/importers/oss_fuzz.py b/vulnerabilities/importers/oss_fuzz.py
new file mode 100644
index 000000000..6e4d3fef4
--- /dev/null
+++ b/vulnerabilities/importers/oss_fuzz.py
@@ -0,0 +1,37 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+import logging
+from pathlib import Path
+from typing import Iterable
+
+import saneyaml
+
+from vulnerabilities.importer import AdvisoryData
+from vulnerabilities.importer import Importer
+from vulnerabilities.importers.osv import parse_advisory_data
+
+logger = logging.getLogger(__name__)
+
+
+class OSSFuzzImporter(Importer):
+    license_url = "https://github.com/google/oss-fuzz-vulns/blob/main/LICENSE"
+    spdx_license_expression = "CC-BY-4.0"
+    url = "git+https://github.com/google/oss-fuzz-vulns"
+
+    def advisory_data(self) -> Iterable[AdvisoryData]:
+        try:
+            self.clone(repo_url=self.url)
+            path = Path(self.vcs_response.dest_dir) / "vulns"
+            for file in path.glob("**/*.yaml"):
+                with open(file) as f:
+                    yaml_data = saneyaml.load(f.read())
+                    yield parse_advisory_data(yaml_data, supported_ecosystem="oss-fuzz")
+        finally:
+            if self.vcs_response:
+                self.vcs_response.delete()
diff --git a/vulnerabilities/importers/osv.py b/vulnerabilities/importers/osv.py
index c4ee58685..cb06b2162 100644
--- a/vulnerabilities/importers/osv.py
+++ b/vulnerabilities/importers/osv.py
@@ -27,6 +27,7 @@
 from vulnerabilities.severity_systems import SCORING_SYSTEMS
 from vulnerabilities.utils import build_description
 from vulnerabilities.utils import dedupe
+from vulnerabilities.utils import get_cwe_id
 
 logger = logging.getLogger(__name__)
 
@@ -74,6 +75,9 @@ def parse_advisory_data(raw_data: dict, supported_ecosystem) -> Optional[Advisor
                         fixed_version=version,
                     )
                 )
+    database_specific = raw_data.get("database_specific") or {}
+    cwe_ids = database_specific.get("cwe_ids") or []
+    weaknesses = list(map(get_cwe_id, cwe_ids))
 
     return AdvisoryData(
         aliases=aliases,
@@ -81,6 +85,7 @@ def parse_advisory_data(raw_data: dict, supported_ecosystem) -> Optional[Advisor
         references=references,
         affected_packages=affected_packages,
         date_published=date_published,
+        weaknesses=weaknesses,
     )
 
 
diff --git a/vulnerabilities/importers/project_kb_msr2019.py b/vulnerabilities/importers/project_kb_msr2019.py
index 9d281de72..9fcfb7cc6 100644
--- a/vulnerabilities/importers/project_kb_msr2019.py
+++ b/vulnerabilities/importers/project_kb_msr2019.py
@@ -10,6 +10,7 @@
 from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importer import Importer
 from vulnerabilities.importer import Reference
+from vulnerabilities.utils import fetch_and_read_from_csv
 from vulnerabilities.utils import is_cve
 
 # Reading CSV file from  a url using `requests` is bit too complicated.
diff --git a/vulnerabilities/importers/pypa.py b/vulnerabilities/importers/pypa.py
index 6ffbaae9f..9d62af48d 100644
--- a/vulnerabilities/importers/pypa.py
+++ b/vulnerabilities/importers/pypa.py
@@ -8,6 +8,7 @@
 #
 import logging
 import os
+from pathlib import Path
 from typing import Iterable
 
 import saneyaml
@@ -23,33 +24,28 @@
 class PyPaImporter(Importer):
     license_url = "https://github.com/pypa/advisory-database/blob/main/LICENSE"
     spdx_license_expression = "CC-BY-4.0"
-    url = "git+https://github.com/pypa/advisory-database"
+    repo_url = "git+https://github.com/pypa/advisory-database"
 
     def advisory_data(self) -> Iterable[AdvisoryData]:
-        for raw_data in fork_and_get_files(self.url):
-            yield parse_advisory_data(raw_data=raw_data, supported_ecosystem="pypi")
+        try:
+            self.clone(repo_url=self.repo_url)
+            path = Path(self.vcs_response.dest_dir)
+            for raw_data in fork_and_get_files(path=path):
+                yield parse_advisory_data(raw_data=raw_data, supported_ecosystem="pypi")
+        finally:
+            if self.vcs_response:
+                self.vcs_response.delete()
 
 
 class ForkError(Exception):
     pass
 
 
-def fork_and_get_files(url) -> dict:
+def fork_and_get_files(path) -> dict:
     """
     Yield advisorie data mappings from the PyPA GitHub repository at ``url``.
     """
-    try:
-        fork_directory = fetch_via_git(url=url)
-    except Exception as e:
-        logger.error(f"Failed to clone url {url}: {e}")
-        raise ForkError(url) from e
-
-    advisory_dirs = os.path.join(fork_directory.dest_dir, "vulns")
-    for root, _, files in os.walk(advisory_dirs):
-        for file in files:
-            path = os.path.join(root, file)
-            if not file.endswith(".yaml"):
-                logger.warning(f"Unsupported non-YAML PyPA advisory file: {path}")
-                continue
-            with open(path) as f:
-                yield saneyaml.load(f.read())
+    advisory_dirs = path / "vulns"
+    for file in advisory_dirs.glob("**/*.yaml"):
+        with open(file) as f:
+            yield saneyaml.load(f.read())
diff --git a/vulnerabilities/importers/redhat.py b/vulnerabilities/importers/redhat.py
index 967f0dc38..4e14a7f86 100644
--- a/vulnerabilities/importers/redhat.py
+++ b/vulnerabilities/importers/redhat.py
@@ -8,6 +8,7 @@
 #
 
 import logging
+import re
 from typing import Dict
 from typing import Iterable
 from typing import List
@@ -23,6 +24,7 @@
 from vulnerabilities.importer import Reference
 from vulnerabilities.importer import VulnerabilitySeverity
 from vulnerabilities.rpm_utils import rpm_to_purl
+from vulnerabilities.utils import get_cwe_id
 from vulnerabilities.utils import get_item
 from vulnerabilities.utils import requests_with_5xx_retry
 
@@ -61,7 +63,6 @@ def get_data_from_url(url):
 
 
 class RedhatImporter(Importer):
-
     spdx_license_expression = "CC-BY-4.0"
     license_url = "https://access.redhat.com/documentation/en-us/red_hat_security_data_api/1.0/html/red_hat_security_data_api/legal-notice"
 
@@ -98,24 +99,12 @@ def to_advisory(advisory_data):
     bugzilla = advisory_data.get("bugzilla")
     if bugzilla:
         url = "https://bugzilla.redhat.com/show_bug.cgi?id={}".format(bugzilla)
-        bugzilla_url = f"https://bugzilla.redhat.com/rest/bug/{bugzilla}"
-        bugzilla_data = get_data_from_url(bugzilla_url)
-        bugs = bugzilla_data.get("bugs") or []
-        if bugs:
-            # why [0] only here?
-            severity = bugs[0].get("severity")
-            if severity:
-                bugzilla_severity = VulnerabilitySeverity(
-                    system=severity_systems.REDHAT_BUGZILLA,
-                    value=severity,
-                )
-                references.append(
-                    Reference(
-                        severities=[bugzilla_severity],
-                        url=url,
-                        reference_id=bugzilla,
-                    )
-                )
+        references.append(
+            Reference(
+                url=url,
+                reference_id=bugzilla,
+            )
+        )
 
     for rh_adv in advisory_data.get("advisories") or []:
         # RH provides 3 types of advisories RHSA, RHBA, RHEA. Only RHSA's contain severity score.
@@ -126,25 +115,8 @@ def to_advisory(advisory_data):
             continue
 
         if "RHSA" in rh_adv.upper():
-            rhsa_url = f"https://access.redhat.com/hydra/rest/securitydata/cvrf/{rh_adv}.json"
-            rhsa_data = get_data_from_url(rhsa_url)
-            if not rhsa_data:
-                continue
-            rhsa_aggregate_severities = []
-            if rhsa_data.get("cvrfdoc"):
-                # not all RHSA errata have a corresponding CVRF document
-                value = get_item(rhsa_data, "cvrfdoc", "aggregate_severity")
-                if value:
-                    rhsa_aggregate_severities.append(
-                        VulnerabilitySeverity(
-                            system=severity_systems.REDHAT_AGGREGATE,
-                            value=value,
-                        )
-                    )
-
             references.append(
                 Reference(
-                    severities=rhsa_aggregate_severities,
                     url="https://access.redhat.com/errata/{}".format(rh_adv),
                     reference_id=rh_adv,
                 )
@@ -164,6 +136,11 @@ def to_advisory(advisory_data):
                 scoring_elements=cvssv3_vector,
             )
         )
+    cwe_list = []
+    # cwe_string : CWE-409","CWE-121->CWE-787","(CWE-401|CWE-404)","(CWE-190|CWE-911)->CWE-416"
+    cwe_string = advisory_data.get("CWE")
+    if cwe_string:
+        cwe_list = list(map(get_cwe_id, re.findall("CWE-[0-9]+", cwe_string)))
 
     aliases = []
     alias = advisory_data.get("CVE")
@@ -177,4 +154,5 @@ def to_advisory(advisory_data):
         summary=advisory_data.get("bugzilla_description") or "",
         affected_packages=affected_packages,
         references=references,
+        weaknesses=cwe_list,
     )
diff --git a/vulnerabilities/importers/retiredotnet.py b/vulnerabilities/importers/retiredotnet.py
index 213a21369..04bd0582c 100644
--- a/vulnerabilities/importers/retiredotnet.py
+++ b/vulnerabilities/importers/retiredotnet.py
@@ -30,7 +30,7 @@ class RetireDotnetImporter(Importer):
 
     def advisory_data(self) -> Iterable[AdvisoryData]:
         try:
-            self.clone(self.repo_url)
+            self.clone(repo_url=self.repo_url)
             path = Path(self.vcs_response.dest_dir)
 
             vuln = path / "Content"
diff --git a/vulnerabilities/importers/ruby.py b/vulnerabilities/importers/ruby.py
index 1e116e3ff..556e39140 100644
--- a/vulnerabilities/importers/ruby.py
+++ b/vulnerabilities/importers/ruby.py
@@ -18,14 +18,14 @@
 from univers.versions import SemverVersion
 
 from vulnerabilities.importer import AdvisoryData
-from vulnerabilities.importer import GitImporter
+from vulnerabilities.importer import Importer
 from vulnerabilities.importer import Reference
 from vulnerabilities.package_managers import RubyVersionAPI
 from vulnerabilities.utils import load_yaml
 from vulnerabilities.utils import nearest_patched_package
 
 
-class RubyImporter(GitImporter):
+class RubyImporter(Importer):
     def __enter__(self):
         super(RubyImporter, self).__enter__()
 
diff --git a/vulnerabilities/importers/rust.py b/vulnerabilities/importers/rust.py
index 701405128..a1e97c277 100644
--- a/vulnerabilities/importers/rust.py
+++ b/vulnerabilities/importers/rust.py
@@ -22,13 +22,13 @@
 from univers.versions import SemverVersion
 
 from vulnerabilities.importer import AdvisoryData
-from vulnerabilities.importer import GitImporter
+from vulnerabilities.importer import Importer
 from vulnerabilities.importer import Reference
 from vulnerabilities.package_managers import CratesVersionAPI
 from vulnerabilities.utils import nearest_patched_package
 
 
-class RustImporter(GitImporter):
+class RustImporter(Importer):
     def __enter__(self):
         super(RustImporter, self).__enter__()
 
diff --git a/vulnerabilities/improve_runner.py b/vulnerabilities/improve_runner.py
index b6658d9ea..37c0b6c35 100644
--- a/vulnerabilities/improve_runner.py
+++ b/vulnerabilities/improve_runner.py
@@ -10,6 +10,7 @@
 import logging
 from datetime import datetime
 from datetime import timezone
+from traceback import format_exc as traceback_format_exc
 from typing import List
 
 from django.core.exceptions import ValidationError
@@ -43,40 +44,48 @@ def run(self) -> None:
         improver = self.improver_class()
         logger.info(f"Running improver: {improver.qualified_name}")
         for advisory in improver.interesting_advisories:
-            inferences = improver.get_inferences(advisory_data=advisory.to_advisory_data())
-            process_inferences(
-                inferences=inferences, advisory=advisory, improver_name=improver.qualified_name
-            )
+            logger.info(f"Processing advisory: {advisory!r}")
+            try:
+                inferences = improver.get_inferences(advisory_data=advisory.to_advisory_data())
+                process_inferences(
+                    inferences=inferences,
+                    advisory=advisory,
+                    improver_name=improver.qualified_name,
+                )
+            except Exception as e:
+                logger.info(f"Failed to process advisory: {advisory!r} with error {e!r}")
         logger.info("Finished improving using %s.", self.improver_class.qualified_name)
 
 
 @transaction.atomic
 def process_inferences(inferences: List[Inference], advisory: Advisory, improver_name: str):
     """
-    An atomic transaction that updates both the Advisory (e.g. date_improved)
+    Return number of inferences processed.
+    An atomic transaction that updates both the Advisory (e.g. date_imported)
     and processes the given inferences to create or update corresponding
     database fields.
 
     This avoids failing the entire improver when only a single inference is
     erroneous. Also, the atomic transaction for every advisory and its
-    inferences makes sure that date_improved of advisory is consistent.
+    inferences makes sure that date_imported of advisory is consistent.
     """
+    inferences_processed_count = 0
 
     if not inferences:
-        logger.warn(f"Nothing to improve. Source: {improver_name} Advisory id: {advisory.id}")
-        return
+        logger.warning(f"Nothing to improve. Source: {improver_name} Advisory id: {advisory.id}")
+        return inferences_processed_count
 
     logger.info(f"Improving advisory id: {advisory.id}")
 
     for inference in inferences:
         vulnerability = get_or_create_vulnerability_and_aliases(
             vulnerability_id=inference.vulnerability_id,
-            alias_names=inference.aliases,
+            aliases=inference.aliases,
             summary=inference.summary,
         )
 
         if not vulnerability:
-            logger.warn(f"Unable to get vulnerability for inference: {inference!r}")
+            logger.warning(f"Unable to get vulnerability for inference: {inference!r}")
             continue
 
         for ref in inference.references:
@@ -139,8 +148,9 @@ def process_inferences(inferences: List[Inference], advisory: Advisory, improver
                 cwe_obj, created = Weakness.objects.get_or_create(cwe_id=cwe_id)
                 cwe_obj.vulnerabilities.add(vulnerability)
                 cwe_obj.save()
-    advisory.date_improved = datetime.now(timezone.utc)
-    advisory.save()
+
+        inferences_processed_count += 1
+    return inferences_processed_count
 
 
 def create_valid_vulnerability_reference(url, reference_id=None):
@@ -164,69 +174,97 @@ def create_valid_vulnerability_reference(url, reference_id=None):
     return reference
 
 
-def get_or_create_vulnerability_and_aliases(vulnerability_id, alias_names, summary):
+def get_or_create_vulnerability_and_aliases(
+    aliases: List[str], vulnerability_id=None, summary=None
+):
     """
     Get or create vulnerabilitiy and aliases such that all existing and new
     aliases point to the same vulnerability
     """
-    existing_vulns = set()
-    alias_names = set(alias_names)
-    new_alias_names = set()
-    for alias_name in alias_names:
-        try:
-            alias = Alias.objects.get(alias=alias_name)
-            existing_vulns.add(alias.vulnerability)
-        except Alias.DoesNotExist:
-            new_alias_names.add(alias_name)
-
-    # If given set of aliases point to different vulnerabilities in the
-    # database, request is malformed
-    # TODO: It is possible that all those vulnerabilities are actually
-    # the same at data level, figure out a way to merge them
-    if len(existing_vulns) > 1:
-        logger.warn(
-            f"Given aliases {alias_names} already exist and do not point "
-            f"to a single vulnerability. Cannot improve. Skipped."
-        )
-        return
-
-    existing_alias_vuln = existing_vulns.pop() if existing_vulns else None
-
-    if (
-        existing_alias_vuln
-        and vulnerability_id
-        and existing_alias_vuln.vulnerability_id != vulnerability_id
-    ):
-        logger.warn(
-            f"Given aliases {alias_names!r} already exist and point to existing"
-            f"vulnerability {existing_alias_vuln}. Unable to create Vulnerability "
-            f"with vulnerability_id {vulnerability_id}. Skipped"
-        )
-        return
+    aliases = set(alias.strip() for alias in aliases if alias and alias.strip())
+    new_alias_names, existing_vulns = get_vulns_for_aliases_and_get_new_aliases(aliases)
+
+    # All aliases must point to the same vulnerability
+    vulnerability = None
+    if existing_vulns:
+        if len(existing_vulns) != 1:
+            vcids = ", ".join(v.vulnerability_id for v in existing_vulns)
+            logger.error(
+                f"Cannot create vulnerability. "
+                f"Aliases {aliases} already exist and point "
+                f"to multiple vulnerabilities {vcids}."
+            )
+            return
+        else:
+            vulnerability = existing_vulns.pop()
+
+            if vulnerability_id and vulnerability.vulnerability_id != vulnerability_id:
+                logger.error(
+                    f"Cannot create vulnerability. "
+                    f"Aliases {aliases} already exist and point to a different "
+                    f"vulnerability {vulnerability} than the requested "
+                    f"vulnerability {vulnerability_id}."
+                )
+                return
 
-    if existing_alias_vuln:
-        vulnerability = existing_alias_vuln
-    elif vulnerability_id:
+    if vulnerability_id and not vulnerability:
         try:
             vulnerability = Vulnerability.objects.get(vulnerability_id=vulnerability_id)
         except Vulnerability.DoesNotExist:
-            logger.warn(
-                f"Given vulnerability_id: {vulnerability_id} does not exist in the database"
-            )
+            logger.error(f"Cannot get requested vulnerability {vulnerability_id}.")
             return
+    if vulnerability:
+        # TODO: We should keep multiple summaries, one for each advisory
+        # if summary and summary != vulnerability.summary:
+        #     logger.warning(
+        #         f"Inconsistent summary for {vulnerability.vulnerability_id}. "
+        #         f"Existing: {vulnerability.summary!r}, provided: {summary!r}"
+        #     )
+        associate_vulnerability_with_aliases(vulnerability=vulnerability, aliases=new_alias_names)
     else:
-        vulnerability = Vulnerability(summary=summary)
-        vulnerability.save()
+        try:
+            vulnerability = create_vulnerability_and_add_aliases(
+                aliases=new_alias_names, summary=summary
+            )
+        except Exception as e:
+            logger.error(
+                f"Cannot create vulnerability with summary {summary!r} and {new_alias_names!r} {e!r}.\n{traceback_format_exc()}."
+            )
+            return
+
+    return vulnerability
+
+
+def get_vulns_for_aliases_and_get_new_aliases(aliases):
+    """
+    Return ``new_aliases`` that are not in the database and
+    ``existing_vulns`` that point to the given ``aliases``.
+    """
+    new_aliases = set(aliases)
+    existing_vulns = set()
+    for alias in Alias.objects.filter(alias__in=aliases):
+        existing_vulns.add(alias.vulnerability)
+        new_aliases.remove(alias.alias)
+    return new_aliases, existing_vulns
 
-    if summary and summary != vulnerability.summary:
-        logger.warn(
-            f"Inconsistent summary for {vulnerability!r}. "
-            f"Existing: {vulnerability.summary}, provided: {summary}"
-        )
 
-    for alias_name in new_alias_names:
+@transaction.atomic
+def create_vulnerability_and_add_aliases(aliases, summary):
+    """
+    Return a new ``vulnerability`` created with ``summary``
+    and associate the ``vulnerability`` with ``aliases``.
+    Raise exception if no alias is associated with the ``vulnerability``.
+    """
+    vulnerability = Vulnerability(summary=summary)
+    vulnerability.save()
+    associate_vulnerability_with_aliases(aliases, vulnerability)
+    if not vulnerability.aliases.count():
+        raise Exception(f"Vulnerability {vulnerability.vcid} must have one or more aliases")
+    return vulnerability
+
+
+def associate_vulnerability_with_aliases(aliases, vulnerability):
+    for alias_name in aliases:
         alias = Alias(alias=alias_name, vulnerability=vulnerability)
         alias.save()
         logger.info(f"New alias for {vulnerability!r}: {alias_name}")
-
-    return vulnerability
diff --git a/vulnerabilities/improver.py b/vulnerabilities/improver.py
index 9b46cce0a..a7554001f 100644
--- a/vulnerabilities/improver.py
+++ b/vulnerabilities/improver.py
@@ -78,7 +78,7 @@ def to_dict(self):
         """
         return {
             "vulnerability_id": self.vulnerability_id,
-            "aliases": [alias for alias in self.aliases],
+            "aliases": self.aliases,
             "confidence": self.confidence,
             "summary": self.summary,
             "affected_purls": [affected_purl.to_dict() for affected_purl in self.affected_purls],
@@ -91,7 +91,7 @@ def to_dict(self):
     def from_advisory_data(cls, advisory_data, confidence, fixed_purl, affected_purls=None):
         """
         Return an Inference object while keeping the same values as of advisory_data
-        for vulnerability_id, summary and references
+        for aliases, summary and references
         """
         return cls(
             aliases=advisory_data.aliases,
diff --git a/vulnerabilities/improvers/__init__.py b/vulnerabilities/improvers/__init__.py
index 50e8ead0a..35aef82b4 100644
--- a/vulnerabilities/improvers/__init__.py
+++ b/vulnerabilities/improvers/__init__.py
@@ -7,20 +7,25 @@
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
-from vulnerabilities import importers
-from vulnerabilities.improvers import default
-from vulnerabilities.improvers import oval
+from vulnerabilities.improvers import valid_versions
+
+# from vulnerabilities.improvers import vulnerability_status
 
 IMPROVERS_REGISTRY = [
-    default.DefaultImprover,
-    importers.nginx.NginxBasicImprover,
-    importers.github.GitHubBasicImprover,
-    importers.debian.DebianBasicImprover,
-    importers.gitlab.GitLabBasicImprover,
-    importers.istio.IstioImprover,
-    oval.DebianOvalBasicImprover,
-    oval.UbuntuOvalBasicImprover,
-    importers.apache_httpd.ApacheHTTPDImprover,
+    valid_versions.GitHubBasicImprover,
+    valid_versions.GitLabBasicImprover,
+    valid_versions.NginxBasicImprover,
+    valid_versions.ApacheHTTPDImprover,
+    valid_versions.DebianBasicImprover,
+    valid_versions.NpmImprover,
+    valid_versions.ElixirImprover,
+    valid_versions.ApacheTomcatImprover,
+    valid_versions.ApacheKafkaImprover,
+    valid_versions.IstioImprover,
+    valid_versions.DebianOvalImprover,
+    valid_versions.UbuntuOvalImprover,
+    valid_versions.OSSFuzzImprover,
+    # vulnerability_status.VulnerabilityStatusImprover,
 ]
 
 IMPROVERS_REGISTRY = {x.qualified_name: x for x in IMPROVERS_REGISTRY}
diff --git a/vulnerabilities/improvers/default.py b/vulnerabilities/improvers/default.py
index 5c00a28c5..1b67eee5c 100644
--- a/vulnerabilities/improvers/default.py
+++ b/vulnerabilities/improvers/default.py
@@ -12,11 +12,13 @@
 from typing import List
 from typing import Tuple
 
+from django.db.models import Q
 from django.db.models.query import QuerySet
 from packageurl import PackageURL
 
 from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importer import AffectedPackage
+from vulnerabilities.importer import Importer
 from vulnerabilities.improver import MAX_CONFIDENCE
 from vulnerabilities.improver import Improver
 from vulnerabilities.improver import Inference
@@ -34,9 +36,17 @@ class DefaultImprover(Improver):
     information source.
     """
 
+    importer: Importer
+
     @property
     def interesting_advisories(self) -> QuerySet:
-        return Advisory.objects.all()
+        if hasattr(self, "importer"):
+            return (
+                Advisory.objects.filter(Q(created_by=self.importer.qualified_name))
+                .order_by("-date_collected")
+                .paginated()
+            )
+        return Advisory.objects.all().order_by("-date_collected").paginated()
 
     def get_inferences(self, advisory_data: AdvisoryData) -> Iterable[Inference]:
         if not advisory_data:
@@ -54,6 +64,7 @@ def get_inferences(self, advisory_data: AdvisoryData) -> Iterable[Inference]:
                         affected_purls=affected_purls,
                         fixed_purl=None,
                         references=advisory_data.references,
+                        weaknesses=advisory_data.weaknesses,
                     )
                 else:
                     for fixed_purl in fixed_purls or []:
@@ -64,6 +75,7 @@ def get_inferences(self, advisory_data: AdvisoryData) -> Iterable[Inference]:
                             affected_purls=affected_purls,
                             fixed_purl=fixed_purl,
                             references=advisory_data.references,
+                            weaknesses=advisory_data.weaknesses,
                         )
 
         else:
@@ -94,11 +106,11 @@ def get_exact_purls(affected_package: AffectedPackage) -> Tuple[List[PackageURL]
     >>> assert expected == got
     """
 
-    vr = affected_package.affected_version_range
-    # We need ``if c`` below because univers returns None as version
-    # in case of vers:nginx/*
-    # TODO: Revisit after https://github.com/nexB/univers/issues/33
     try:
+        vr = affected_package.affected_version_range
+        # We need ``if c`` below because univers returns None as version
+        # in case of vers:nginx/*
+        # TODO: Revisit after https://github.com/nexB/univers/issues/33
         affected_purls = []
         fixed_versions = []
         if vr:
@@ -120,5 +132,14 @@ def get_exact_purls(affected_package: AffectedPackage) -> Tuple[List[PackageURL]
         ]
         return affected_purls, fixed_purls
     except Exception as e:
-        logger.error(f"Failed to get exact purls for {affected_package} {e}")
+        logger.error(f"Failed to get exact purls for: {affected_package!r} with error: {e!r}")
         return [], []
+
+
+class DefaultImporter(DefaultImprover):
+    def __init__(self, advisories) -> None:
+        self.advisories = advisories
+
+    @property
+    def interesting_advisories(self) -> QuerySet:
+        return self.advisories
diff --git a/vulnerabilities/improvers/oval.py b/vulnerabilities/improvers/oval.py
deleted file mode 100644
index f489dab8a..000000000
--- a/vulnerabilities/improvers/oval.py
+++ /dev/null
@@ -1,177 +0,0 @@
-import logging
-from datetime import datetime
-from typing import Iterable
-from typing import List
-from typing import Mapping
-from typing import Optional
-
-from django.db.models import Q
-from django.db.models.query import QuerySet
-from packageurl import PackageURL
-
-from vulnerabilities.importer import AdvisoryData
-from vulnerabilities.importer import AffectedPackage
-from vulnerabilities.importer import UnMergeablePackageError
-from vulnerabilities.importers.debian_oval import DebianOvalImporter
-from vulnerabilities.importers.github import get_api_package_name
-from vulnerabilities.importers.github import resolve_version_range
-from vulnerabilities.importers.ubuntu import UbuntuImporter
-from vulnerabilities.improver import Improver
-from vulnerabilities.improver import Inference
-from vulnerabilities.models import Advisory
-from vulnerabilities.package_managers import DebianVersionAPI
-from vulnerabilities.package_managers import LaunchpadVersionAPI
-from vulnerabilities.package_managers import VersionAPI
-from vulnerabilities.utils import AffectedPackage as LegacyAffectedPackage
-from vulnerabilities.utils import get_affected_packages_by_patched_package
-from vulnerabilities.utils import nearest_patched_package
-
-logger = logging.getLogger(__name__)
-
-
-VERSION_API_CLASS_BY_NAMESPACE = {
-    "debian": DebianVersionAPI,
-    "ubuntu": LaunchpadVersionAPI,
-}
-
-
-def get_package_versions(
-    package_url: PackageURL,
-    until: Optional[datetime] = None,
-    versions_fetcher_by_purl: Mapping[PackageURL, VersionAPI] = {},
-) -> List[str]:
-    """
-    Return a list of `valid_versions` for the `package_url`
-    """
-    api_name = get_api_package_name(package_url)
-    if not api_name:
-        logger.error(f"Could not get versions for {package_url!r}")
-        return []
-    versions_fetcher = versions_fetcher_by_purl.get(package_url)
-    if not versions_fetcher:
-        versions_fetcher: VersionAPI = VERSION_API_CLASS_BY_NAMESPACE[package_url.namespace]
-        versions_fetcher_by_purl[package_url] = versions_fetcher()
-
-    versions_fetcher = versions_fetcher_by_purl[package_url]
-
-    versions_fetcher_by_purl[package_url] = versions_fetcher
-    return versions_fetcher.get_until(package_name=api_name, until=until).valid_versions
-
-
-class DebianOvalBasicImprover(Improver):
-    def __init__(self) -> None:
-        self.versions_fetcher_by_purl: Mapping[str, VersionAPI] = {}
-
-    @property
-    def interesting_advisories(self) -> QuerySet:
-        return Advisory.objects.filter(Q(created_by=DebianOvalImporter.qualified_name))
-
-    def get_inferences(self, advisory_data: AdvisoryData) -> Iterable[Inference]:
-        """
-        Yield Inferences for the given advisory data
-        """
-        if not advisory_data.affected_packages:
-            return
-        try:
-            purl, affected_version_ranges, _ = AffectedPackage.merge(
-                advisory_data.affected_packages
-            )
-        except UnMergeablePackageError:
-            logger.error(f"Cannot merge with different purls {advisory_data.affected_packages!r}")
-            return iter([])
-
-        pkg_type = purl.type
-        pkg_namespace = purl.namespace
-        pkg_name = purl.name
-        valid_versions = get_package_versions(
-            package_url=purl,
-            until=advisory_data.date_published,
-            versions_fetcher_by_purl=self.versions_fetcher_by_purl,
-        )
-
-        for affected_version_range in affected_version_ranges:
-            aff_vers, unaff_vers = resolve_version_range(
-                affected_version_range=affected_version_range,
-                package_versions=valid_versions,
-            )
-            affected_purls = [
-                PackageURL(type=pkg_type, namespace=pkg_namespace, name=pkg_name, version=version)
-                for version in aff_vers
-            ]
-
-            unaffected_purls = [
-                PackageURL(type=pkg_type, namespace=pkg_namespace, name=pkg_name, version=version)
-                for version in unaff_vers
-            ]
-
-            affected_packages: List[LegacyAffectedPackage] = nearest_patched_package(
-                vulnerable_packages=affected_purls, resolved_packages=unaffected_purls
-            )
-
-            for (
-                fixed_package,
-                affected_packages,
-            ) in get_affected_packages_by_patched_package(affected_packages).items():
-                yield Inference.from_advisory_data(
-                    advisory_data,
-                    confidence=100,  # We are getting all valid versions to get this inference
-                    affected_purls=affected_packages,
-                    fixed_purl=fixed_package,
-                )
-
-
-class UbuntuOvalBasicImprover(Improver):
-    def __init__(self) -> None:
-        self.versions_fetcher_by_purl: Mapping[str, VersionAPI] = {}
-
-    @property
-    def interesting_advisories(self) -> QuerySet:
-        return Advisory.objects.filter(Q(created_by=UbuntuImporter.qualified_name))
-
-    def get_inferences(self, advisory_data: AdvisoryData) -> Iterable[Inference]:
-        """
-        Yield Inferences for the given advisory data
-        """
-        if not advisory_data.affected_packages:
-            return
-
-        for affected_package in advisory_data.affected_packages:
-            purl = affected_package.package
-            affected_version_range = affected_package.affected_version_range
-            pkg_type = purl.type
-            pkg_namespace = purl.namespace
-            pkg_name = purl.name
-            valid_versions = get_package_versions(
-                package_url=purl,
-                until=advisory_data.date_published,
-                versions_fetcher_by_purl=self.versions_fetcher_by_purl,
-            )
-
-            aff_vers, unaff_vers = resolve_version_range(
-                affected_version_range=affected_version_range,
-                package_versions=valid_versions,
-            )
-            affected_purls = [
-                PackageURL(type=pkg_type, namespace=pkg_namespace, name=pkg_name, version=version)
-                for version in aff_vers
-            ]
-
-            unaffected_purls = [
-                PackageURL(type=pkg_type, namespace=pkg_namespace, name=pkg_name, version=version)
-                for version in unaff_vers
-            ]
-
-            affected_packages: List[LegacyAffectedPackage] = nearest_patched_package(
-                vulnerable_packages=affected_purls, resolved_packages=unaffected_purls
-            )
-
-            for (
-                fixed_package,
-                affected_packages,
-            ) in get_affected_packages_by_patched_package(affected_packages).items():
-                yield Inference.from_advisory_data(
-                    advisory_data,
-                    confidence=100,  # We are getting all valid versions to get this inference
-                    affected_purls=affected_packages,
-                    fixed_purl=fixed_package,
-                )
diff --git a/vulnerabilities/improvers/valid_versions.py b/vulnerabilities/improvers/valid_versions.py
new file mode 100644
index 000000000..61f62d5a7
--- /dev/null
+++ b/vulnerabilities/improvers/valid_versions.py
@@ -0,0 +1,485 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+import dataclasses
+import logging
+from datetime import datetime
+from typing import Iterable
+from typing import List
+from typing import Mapping
+from typing import Optional
+
+from django.db.models import Q
+from django.db.models.query import QuerySet
+from packageurl import PackageURL
+from univers.versions import NginxVersion
+
+from vulnerabilities.importer import AdvisoryData
+from vulnerabilities.importer import AffectedPackage
+from vulnerabilities.importer import Importer
+from vulnerabilities.importer import UnMergeablePackageError
+from vulnerabilities.importers.apache_httpd import ApacheHTTPDImporter
+from vulnerabilities.importers.apache_kafka import ApacheKafkaImporter
+from vulnerabilities.importers.apache_tomcat import ApacheTomcatImporter
+from vulnerabilities.importers.debian import DebianImporter
+from vulnerabilities.importers.debian_oval import DebianOvalImporter
+from vulnerabilities.importers.elixir_security import ElixirSecurityImporter
+from vulnerabilities.importers.github import GitHubAPIImporter
+from vulnerabilities.importers.gitlab import GitLabAPIImporter
+from vulnerabilities.importers.istio import IstioImporter
+from vulnerabilities.importers.nginx import NginxImporter
+from vulnerabilities.importers.npm import NpmImporter
+from vulnerabilities.importers.oss_fuzz import OSSFuzzImporter
+from vulnerabilities.importers.ubuntu import UbuntuImporter
+from vulnerabilities.improver import MAX_CONFIDENCE
+from vulnerabilities.improver import Improver
+from vulnerabilities.improver import Inference
+from vulnerabilities.models import Advisory
+from vulnerabilities.package_managers import GitHubTagsAPI
+from vulnerabilities.package_managers import GoproxyVersionAPI
+from vulnerabilities.package_managers import PackageVersion
+from vulnerabilities.package_managers import VersionAPI
+from vulnerabilities.package_managers import get_api_package_name
+from vulnerabilities.package_managers import get_version_fetcher
+from vulnerabilities.utils import AffectedPackage as LegacyAffectedPackage
+from vulnerabilities.utils import clean_nginx_git_tag
+from vulnerabilities.utils import evolve_purl
+from vulnerabilities.utils import get_affected_packages_by_patched_package
+from vulnerabilities.utils import is_vulnerable_nginx_version
+from vulnerabilities.utils import nearest_patched_package
+from vulnerabilities.utils import resolve_version_range
+
+logger = logging.getLogger(__name__)
+
+
+@dataclasses.dataclass(order=True)
+class ValidVersionImprover(Improver):
+    importer: Importer
+    ignorable_versions: List[str] = dataclasses.field(default_factory=list)
+
+    def __init__(self) -> None:
+        self.versions_fetcher_by_purl: Mapping[str, VersionAPI] = {}
+
+    @property
+    def interesting_advisories(self) -> QuerySet:
+        return Advisory.objects.filter(Q(created_by=self.importer.qualified_name)).paginated()
+
+    def get_package_versions(
+        self, package_url: PackageURL, until: Optional[datetime] = None
+    ) -> List[str]:
+        """
+        Return a list of `valid_versions` for the `package_url`
+        """
+        api_name = get_api_package_name(package_url)
+        if not api_name:
+            logger.error(f"Could not get versions for {package_url!r}")
+            return []
+        versions_fetcher = self.versions_fetcher_by_purl.get(package_url)
+        if not versions_fetcher:
+            versions_fetcher = get_version_fetcher(package_url)
+            self.versions_fetcher_by_purl[package_url] = versions_fetcher()
+
+        versions_fetcher = self.versions_fetcher_by_purl[package_url]
+
+        self.versions_fetcher_by_purl[package_url] = versions_fetcher
+        return versions_fetcher.get_until(package_name=api_name, until=until).valid_versions
+
+    def get_inferences(self, advisory_data: AdvisoryData) -> Iterable[Inference]:
+        """
+        Yield Inferences for the given advisory data
+        """
+        mergable = True
+        if not advisory_data.affected_packages:
+            return
+
+        try:
+            purl, affected_version_ranges, fixed_versions = AffectedPackage.merge(
+                advisory_data.affected_packages
+            )
+        except UnMergeablePackageError:
+            logger.error(f"Cannot merge with different purls {advisory_data.affected_packages!r}")
+            mergable = False
+
+        if not mergable:
+            for affected_package in advisory_data.affected_packages:
+                purl = affected_package.package
+                affected_version_range = affected_package.affected_version_range
+                fixed_version = affected_package.fixed_version
+                pkg_type = purl.type
+                pkg_namespace = purl.namespace
+                pkg_name = purl.name
+                if not affected_version_range and fixed_version:
+                    yield Inference.from_advisory_data(
+                        advisory_data,  # We are getting all valid versions to get this inference
+                        confidence=MAX_CONFIDENCE,
+                        affected_purls=[],
+                        fixed_purl=PackageURL(
+                            type=pkg_type,
+                            namespace=pkg_namespace,
+                            name=pkg_name,
+                            version=str(fixed_version),
+                        ),
+                    )
+                else:
+                    valid_versions = self.get_package_versions(
+                        package_url=purl, until=advisory_data.date_published
+                    )
+                    yield from self.generate_inferences(
+                        affected_version_range=affected_version_range,
+                        pkg_type=pkg_type,
+                        pkg_namespace=pkg_namespace,
+                        pkg_name=pkg_name,
+                        valid_versions=valid_versions,
+                        advisory_data=advisory_data,
+                    )
+
+        else:
+            pkg_type = purl.type
+            pkg_namespace = purl.namespace
+            pkg_name = purl.name
+            pkg_qualifiers = purl.qualifiers
+            fixed_purls = [
+                PackageURL(
+                    type=pkg_type,
+                    namespace=pkg_namespace,
+                    name=pkg_name,
+                    version=str(version),
+                    qualifiers=pkg_qualifiers,
+                )
+                for version in fixed_versions
+            ]
+            if not affected_version_ranges:
+                for fixed_purl in fixed_purls or []:
+                    yield Inference.from_advisory_data(
+                        advisory_data,  # We are getting all valid versions to get this inference
+                        confidence=MAX_CONFIDENCE,
+                        affected_purls=[],
+                        fixed_purl=fixed_purl,
+                    )
+            else:
+                if purl.type == "golang":
+                    # Problem with the Golang and Go that they provide full path
+                    # FIXME: We need to get the PURL subpath for Go module
+                    versions_fetcher = self.versions_fetcher_by_purl.get(purl)
+                    if not versions_fetcher:
+                        versions_fetcher = GoproxyVersionAPI()
+                        self.versions_fetcher_by_purl[purl] = versions_fetcher
+                    pkg_name = versions_fetcher.module_name_by_package_name.get(pkg_name, pkg_name)
+
+                valid_versions = self.get_package_versions(
+                    package_url=purl, until=advisory_data.date_published
+                )
+                for affected_version_range in affected_version_ranges:
+                    yield from self.generate_inferences(
+                        affected_version_range=affected_version_range,
+                        pkg_type=pkg_type,
+                        pkg_namespace=pkg_namespace,
+                        pkg_name=pkg_name,
+                        valid_versions=valid_versions,
+                        advisory_data=advisory_data,
+                    )
+
+    def generate_inferences(
+        self,
+        affected_version_range,
+        pkg_type,
+        pkg_namespace,
+        pkg_name,
+        valid_versions,
+        advisory_data,
+    ):
+        """
+        Generate Inferences for the given `affected_version_range` and `valid_versions`
+        """
+        aff_vers, unaff_vers = resolve_version_range(
+            affected_version_range=affected_version_range,
+            ignorable_versions=self.ignorable_versions,
+            package_versions=valid_versions,
+        )
+
+        affected_purls = list(
+            self.expand_verion_range_to_purls(pkg_type, pkg_namespace, pkg_name, aff_vers)
+        )
+
+        unaffected_purls = list(
+            self.expand_verion_range_to_purls(pkg_type, pkg_namespace, pkg_name, unaff_vers)
+        )
+
+        affected_packages: List[LegacyAffectedPackage] = nearest_patched_package(
+            vulnerable_packages=affected_purls, resolved_packages=unaffected_purls
+        )
+
+        for (
+            fixed_package,
+            affected_purls,
+        ) in get_affected_packages_by_patched_package(affected_packages).items():
+            yield Inference.from_advisory_data(
+                advisory_data,
+                confidence=100,  # We are getting all valid versions to get this inference
+                affected_purls=affected_purls,
+                fixed_purl=fixed_package,
+            )
+
+    def expand_verion_range_to_purls(self, pkg_type, pkg_namespace, pkg_name, versions):
+        for version in versions:
+            yield PackageURL(type=pkg_type, namespace=pkg_namespace, name=pkg_name, version=version)
+
+
+class NginxBasicImprover(Improver):
+    """
+    Improve Nginx data by fetching the its GitHub repo versions and resolving
+    the vulnerable ranges.
+    """
+
+    @property
+    def interesting_advisories(self) -> QuerySet:
+        return Advisory.objects.filter(created_by=NginxImporter.qualified_name).paginated()
+
+    def get_inferences(self, advisory_data: AdvisoryData) -> Iterable[Inference]:
+        all_versions = list(self.fetch_nginx_version_from_git_tags())
+        yield from self.get_inferences_from_versions(
+            advisory_data=advisory_data, all_versions=all_versions
+        )
+
+    def get_inferences_from_versions(
+        self, advisory_data: AdvisoryData, all_versions: List[PackageVersion]
+    ) -> Iterable[Inference]:
+        """
+        Yield inferences given an ``advisory_data`` and a ``all_versions`` of
+        PackageVersion.
+        """
+
+        try:
+            purl, affected_version_ranges, fixed_versions = AffectedPackage.merge(
+                advisory_data.affected_packages
+            )
+        except UnMergeablePackageError:
+            logger.error(
+                f"NginxBasicImprover: Cannot merge with different purls: "
+                f"{advisory_data.affected_packages!r}"
+            )
+            return iter([])
+
+        affected_purls = []
+        for affected_version_range in affected_version_ranges:
+            for package_version in all_versions:
+                # FIXME: we should reference an NginxVersion tbd in univers
+                version = NginxVersion(package_version.value)
+                if is_vulnerable_nginx_version(
+                    version=version,
+                    affected_version_range=affected_version_range,
+                    fixed_versions=fixed_versions,
+                ):
+                    new_purl = evolve_purl(purl=purl, version=str(version))
+                    affected_purls.append(new_purl)
+
+        # TODO: This also yields with a lower fixed version, maybe we should
+        # only yield fixes that are upgrades ?
+        for fixed_version in fixed_versions:
+            fixed_purl = evolve_purl(purl=purl, version=str(fixed_version))
+
+            yield Inference.from_advisory_data(
+                advisory_data,
+                # TODO: is 90 a correct confidence??
+                confidence=90,
+                affected_purls=affected_purls,
+                fixed_purl=fixed_purl,
+            )
+
+    def fetch_nginx_version_from_git_tags(self):
+        """
+        Yield all nginx PackageVersion from its git tags.
+        """
+        nginx_versions = GitHubTagsAPI().fetch("nginx/nginx")
+        for version in nginx_versions:
+            cleaned = clean_nginx_git_tag(version.value)
+            yield PackageVersion(value=cleaned, release_date=version.release_date)
+
+
+class ApacheHTTPDImprover(ValidVersionImprover):
+    importer = ApacheHTTPDImporter
+    ignorable_versions = {
+        "AGB_BEFORE_AAA_CHANGES",
+        "APACHE_1_2b1",
+        "APACHE_1_2b10",
+        "APACHE_1_2b11",
+        "APACHE_1_2b2",
+        "APACHE_1_2b3",
+        "APACHE_1_2b4",
+        "APACHE_1_2b5",
+        "APACHE_1_2b6",
+        "APACHE_1_2b7",
+        "APACHE_1_2b8",
+        "APACHE_1_2b9",
+        "APACHE_1_3_PRE_NT",
+        "APACHE_1_3a1",
+        "APACHE_1_3b1",
+        "APACHE_1_3b2",
+        "APACHE_1_3b3",
+        "APACHE_1_3b5",
+        "APACHE_1_3b6",
+        "APACHE_1_3b7",
+        "APACHE_2_0_2001_02_09",
+        "APACHE_2_0_52_WROWE_RC1",
+        "APACHE_2_0_ALPHA",
+        "APACHE_2_0_ALPHA_2",
+        "APACHE_2_0_ALPHA_3",
+        "APACHE_2_0_ALPHA_4",
+        "APACHE_2_0_ALPHA_5",
+        "APACHE_2_0_ALPHA_6",
+        "APACHE_2_0_ALPHA_7",
+        "APACHE_2_0_ALPHA_8",
+        "APACHE_2_0_ALPHA_9",
+        "APACHE_2_0_BETA_CANDIDATE_1",
+        "APACHE_BIG_SYMBOL_RENAME_POST",
+        "APACHE_BIG_SYMBOL_RENAME_PRE",
+        "CHANGES",
+        "HTTPD_LDAP_1_0_0",
+        "INITIAL",
+        "MOD_SSL_2_8_3",
+        "PCRE_3_9",
+        "POST_APR_SPLIT",
+        "PRE_APR_CHANGES",
+        "STRIKER_2_0_51_RC1",
+        "STRIKER_2_0_51_RC2",
+        "STRIKER_2_1_0_RC1",
+        "WROWE_2_0_43_PRE1",
+        "apache-1_3-merge-1-post",
+        "apache-1_3-merge-1-pre",
+        "apache-1_3-merge-2-post",
+        "apache-1_3-merge-2-pre",
+        "apache-apr-merge-3",
+        "apache-doc-split-01",
+        "dg_last_1_2_doc_merge",
+        "djg-apache-nspr-07",
+        "djg_nspr_split",
+        "moving_to_httpd_module",
+        "mpm-3",
+        "mpm-merge-1",
+        "mpm-merge-2",
+        "post_ajp_proxy",
+        "pre_ajp_proxy",
+    }
+
+
+class ApacheTomcatImprover(ValidVersionImprover):
+    importer = ApacheTomcatImporter
+    ignorable_versions = []
+
+
+class ApacheKafkaImprover(ValidVersionImprover):
+    importer = ApacheKafkaImporter
+    ignorable_versions = []
+
+
+class DebianBasicImprover(ValidVersionImprover):
+    importer = DebianImporter
+    ignorable_versions = []
+
+
+class GitLabBasicImprover(ValidVersionImprover):
+    importer = GitLabAPIImporter
+    ignorable_versions = []
+
+
+class GitHubBasicImprover(ValidVersionImprover):
+    importer = GitHubAPIImporter
+    ignorable_versions = frozenset(
+        [
+            "0.1-bulbasaur",
+            "0.1-charmander",
+            "0.3m1",
+            "0.3m2",
+            "0.3m3",
+            "0.3m4",
+            "0.3m5",
+            "0.4m1",
+            "0.4m2",
+            "0.4m3",
+            "0.4m4",
+            "0.4m5",
+            "0.5m1",
+            "0.5m2",
+            "0.5m3",
+            "0.5m4",
+            "0.5m5",
+            "0.6m1",
+            "0.6m2",
+            "0.6m3",
+            "0.6m4",
+            "0.6m5",
+            "0.6m6",
+            "0.7.10p1",
+            "0.7.11p1",
+            "0.7.11p2",
+            "0.7.11p3",
+            "0.8.1p1",
+            "0.8.3p1",
+            "0.8.4p1",
+            "0.8.4p2",
+            "0.8.6p1",
+            "0.8.7p1",
+            "0.9-doduo",
+            "0.9-eevee",
+            "0.9-fearow",
+            "0.9-gyarados",
+            "0.9-horsea",
+            "0.9-ivysaur",
+            "2013-01-21T20:33:09+0100",
+            "2013-01-23T17:11:52+0100",
+            "2013-02-01T20:50:46+0100",
+            "2013-02-02T19:59:03+0100",
+            "2013-02-02T20:23:17+0100",
+            "2013-02-08T17:40:57+0000",
+            "2013-03-27T16:32:26+0100",
+            "2013-05-09T12:47:53+0200",
+            "2013-05-10T17:55:56+0200",
+            "2013-05-14T20:16:05+0200",
+            "2013-06-01T10:32:51+0200",
+            "2013-07-19T09:11:08+0000",
+            "2013-08-12T21:48:56+0200",
+            "2013-09-11T19-27-10",
+            "2013-12-23T17-51-15",
+            "2014-01-12T15-52-10",
+            "2.0.1rc2-git",
+            "3.0.0b3-",
+            "3.0b6dev-r41684",
+            "-class.-jw.util.version.Version-",
+        ]
+    )
+
+
+class NpmImprover(ValidVersionImprover):
+    importer = NpmImporter
+    ignorable_versions = []
+
+
+class ElixirImprover(ValidVersionImprover):
+    importer = ElixirSecurityImporter
+    ignorable_versions = []
+
+
+class IstioImprover(ValidVersionImprover):
+    importer = IstioImporter
+    ignorable_versions = []
+
+
+class DebianOvalImprover(ValidVersionImprover):
+    importer = DebianOvalImporter
+    ignorable_versions = []
+
+
+class UbuntuOvalImprover(ValidVersionImprover):
+    importer = UbuntuImporter
+    ignorable_versions = []
+
+
+class OSSFuzzImprover(ValidVersionImprover):
+    importer = OSSFuzzImporter
+    ignorable_versions = []
diff --git a/vulnerabilities/improvers/vulnerability_status.py b/vulnerabilities/improvers/vulnerability_status.py
new file mode 100644
index 000000000..b6db7d0d2
--- /dev/null
+++ b/vulnerabilities/improvers/vulnerability_status.py
@@ -0,0 +1,87 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+
+from typing import Iterable
+from urllib.parse import urljoin
+
+from django.db.models import Q
+from django.db.models.query import QuerySet
+
+from vulnerabilities.importer import AdvisoryData
+from vulnerabilities.importers.nvd import NVDImporter
+from vulnerabilities.improver import Improver
+from vulnerabilities.improver import Inference
+from vulnerabilities.models import Advisory
+from vulnerabilities.models import Alias
+from vulnerabilities.models import Vulnerability
+from vulnerabilities.models import VulnerabilityStatusType
+from vulnerabilities.utils import fetch_response
+from vulnerabilities.utils import get_item
+
+MITRE_API_URL = "https://cveawg.mitre.org/api/cve/"
+
+
+class VulnerabilityStatusImprover(Improver):
+    """
+    Update vulnerability with NVD statues
+    """
+
+    @property
+    def interesting_advisories(self) -> QuerySet:
+        return (
+            Advisory.objects.filter(Q(created_by=NVDImporter.qualified_name))
+            .distinct("aliases")
+            .paginated()
+        )
+
+    def get_inferences(self, advisory_data: AdvisoryData) -> Iterable[Inference]:
+        """
+        This is a work-around until we have new style importer and improver
+        and this get_inferences function updates the vulnerability status directly
+        # TODO: Replace this with new style improvers
+        """
+        if not advisory_data:
+            return []
+        aliases = advisory_data.aliases
+        # NVD Importer only has one alias in it and this a CVE
+        assert len(aliases) == 1
+        cve_id = aliases[0]
+        if not cve_id.startswith("CVE"):
+            return []
+
+        alias = Alias.objects.get(alias=cve_id)
+        vulnerabilities = Vulnerability.objects.filter(aliases__alias=alias).distinct()
+
+        for vuln in vulnerabilities:
+            status = get_status_from_api(cve_id=cve_id)
+            if not status:
+                status = VulnerabilityStatusType.PUBLISHED
+            vuln.status = status
+            vuln.save()
+        return []
+
+
+def get_status_from_api(cve_id):
+    """
+    Return the CVE status from the MITRE API
+    """
+    url = urljoin(MITRE_API_URL, cve_id)
+    try:
+        response = fetch_response(url=url)
+    except Exception as e:
+        return
+    response = response.json()
+    cve_state = get_item(response, "cveMetadata", "state") or None
+    tags = get_item(response, "containers", "cna", "tags") or []
+    if "disputed" in tags:
+        return VulnerabilityStatusType.DISPUTED
+    if cve_state and cve_state == "REJECTED":
+        return VulnerabilityStatusType.INVALID
+    return VulnerabilityStatusType.PUBLISHED
diff --git a/vulnerabilities/management/commands/import.py b/vulnerabilities/management/commands/import.py
index 77ae5b6a6..5ae885299 100644
--- a/vulnerabilities/management/commands/import.py
+++ b/vulnerabilities/management/commands/import.py
@@ -29,19 +29,20 @@ def add_arguments(self, parser):
         parser.add_argument("sources", nargs="*", help="Fully qualified importer name to run")
 
     def handle(self, *args, **options):
-        if options["list"]:
-            self.list_sources()
-            return
-
-        if options["all"]:
-            self.import_data(importers=IMPORTERS_REGISTRY.values())
-            return
-
-        sources = options["sources"]
-        if not sources:
-            raise CommandError('Please provide at least one importer to run or use "--all".')
-
-        self.import_data(validate_importers(sources))
+        try:
+            if options["list"]:
+                self.list_sources()
+            elif options["all"]:
+                self.import_data(importers=IMPORTERS_REGISTRY.values())
+            else:
+                sources = options["sources"]
+                if not sources:
+                    raise CommandError(
+                        'Please provide at least one importer to run or use "--all".'
+                    )
+                self.import_data(validate_importers(sources))
+        except KeyboardInterrupt:
+            raise CommandError("Keyboard interrupt received. Stopping...")
 
     def list_sources(self):
         self.stdout.write("Vulnerability data can be imported from the following importers:")
diff --git a/vulnerabilities/management/commands/improve.py b/vulnerabilities/management/commands/improve.py
index 6055798f8..e14c2bacc 100644
--- a/vulnerabilities/management/commands/improve.py
+++ b/vulnerabilities/management/commands/improve.py
@@ -31,19 +31,20 @@ def add_arguments(self, parser):
         parser.add_argument("sources", nargs="*", help="Fully qualified improver name to run")
 
     def handle(self, *args, **options):
-        if options["list"]:
-            self.list_sources()
-            return
-
-        if options["all"]:
-            self.improve_data(IMPROVERS_REGISTRY.values())
-            return
-
-        sources = options["sources"]
-        if not sources:
-            raise CommandError('Please provide at least one improver to run or use "--all".')
-
-        self.improve_data(validate_improvers(sources))
+        try:
+            if options["list"]:
+                self.list_sources()
+            elif options["all"]:
+                self.improve_data(IMPROVERS_REGISTRY.values())
+            else:
+                sources = options["sources"]
+                if not sources:
+                    raise CommandError(
+                        'Please provide at least one improver to run or use "--all".'
+                    )
+                self.improve_data(validate_improvers(sources))
+        except KeyboardInterrupt:
+            raise CommandError("Keyboard interrupt received. Stopping...")
 
     def list_sources(self):
         improvers = list(IMPROVERS_REGISTRY)
@@ -56,7 +57,7 @@ def improve_data(self, improvers):
         for improver in improvers:
             self.stdout.write(f"Improving data using {improver.qualified_name}")
             try:
-                ImproveRunner(improver).run()
+                ImproveRunner(improver_class=improver).run()
                 self.stdout.write(
                     self.style.SUCCESS(
                         f"Successfully improved data using {improver.qualified_name}"
diff --git a/vulnerabilities/middleware/ban_user_agent.py b/vulnerabilities/middleware/ban_user_agent.py
new file mode 100644
index 000000000..6aafc490c
--- /dev/null
+++ b/vulnerabilities/middleware/ban_user_agent.py
@@ -0,0 +1,18 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+from django.http import HttpResponseNotFound
+from django.utils.deprecation import MiddlewareMixin
+
+
+class BanUserAgent(MiddlewareMixin):
+    def process_request(self, request):
+        user_agent = request.META.get("HTTP_USER_AGENT", None)
+        if user_agent and "bytedance" in user_agent:
+            return HttpResponseNotFound(404)
diff --git a/vulnerabilities/migrations/0040_remove_advisory_date_improved_advisory_date_imported.py b/vulnerabilities/migrations/0040_remove_advisory_date_improved_advisory_date_imported.py
new file mode 100644
index 000000000..c609f20f8
--- /dev/null
+++ b/vulnerabilities/migrations/0040_remove_advisory_date_improved_advisory_date_imported.py
@@ -0,0 +1,24 @@
+# Generated by Django 4.1.7 on 2023-09-05 09:44
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0039_alter_vulnerabilityseverity_scoring_system"),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name="advisory",
+            name="date_improved",
+        ),
+        migrations.AddField(
+            model_name="advisory",
+            name="date_imported",
+            field=models.DateTimeField(
+                blank=True, help_text="UTC Date on which the advisory was imported", null=True
+            ),
+        ),
+    ]
diff --git a/vulnerabilities/migrations/0041_remove_vulns_with_empty_aliases.py b/vulnerabilities/migrations/0041_remove_vulns_with_empty_aliases.py
new file mode 100644
index 000000000..d2c44c280
--- /dev/null
+++ b/vulnerabilities/migrations/0041_remove_vulns_with_empty_aliases.py
@@ -0,0 +1,37 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0040_remove_advisory_date_improved_advisory_date_imported"),
+    ]
+
+    def remove_vulns_with_empty_aliases(apps, _):
+        Vulnerability = apps.get_model("vulnerabilities", "Vulnerability")
+        Package = apps.get_model("vulnerabilities", "Package")
+        packages = []
+        vulnerabilities = []
+        for vuln in Vulnerability.objects.filter(aliases=None).prefetch_related(
+                "packages"
+        ):
+            # Delete packages associated with that vulnerability
+            for package in vuln.packages.all():
+                packages.append(package.id)
+            vulnerabilities.append(vuln.id)
+
+        Vulnerability.objects.filter(id__in=vulnerabilities).delete()
+        Package.objects.filter(id__in=packages).delete()
+
+    operations = [
+        migrations.RunPython(remove_vulns_with_empty_aliases, reverse_code=migrations.RunPython.noop),
+    ]
diff --git a/vulnerabilities/migrations/0042_advisory_status_vulnerability_status.py b/vulnerabilities/migrations/0042_advisory_status_vulnerability_status.py
new file mode 100644
index 000000000..6fbae367e
--- /dev/null
+++ b/vulnerabilities/migrations/0042_advisory_status_vulnerability_status.py
@@ -0,0 +1,21 @@
+# Generated by Django 4.1.7 on 2023-09-29 05:26
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0041_remove_vulns_with_empty_aliases"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="vulnerability",
+            name="status",
+            field=models.IntegerField(
+                choices=[(1, "published"), (2, "disputed"), (3, "invalid")],
+                default=1,
+            ),
+        ),
+    ]
diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py
index 7b6c9fcc6..0a724031f 100644
--- a/vulnerabilities/models.py
+++ b/vulnerabilities/models.py
@@ -11,16 +11,19 @@
 import json
 import logging
 from contextlib import suppress
+from typing import Any
 
 from cwe2.database import Database
 from django.contrib.auth import get_user_model
 from django.contrib.auth.models import UserManager
 from django.core import exceptions
 from django.core.exceptions import ValidationError
+from django.core.paginator import Paginator
 from django.core.validators import MaxValueValidator
 from django.core.validators import MinValueValidator
 from django.db import models
 from django.db.models import Count
+from django.db.models import Prefetch
 from django.db.models import Q
 from django.db.models.functions import Length
 from django.db.models.functions import Trim
@@ -30,11 +33,9 @@
 from packageurl.contrib.django.models import PackageURLQuerySet
 from packageurl.contrib.django.models import without_empty_values
 from rest_framework.authtoken.models import Token
+from univers import versions
+from univers.version_range import RANGE_CLASS_BY_SCHEMES
 
-from vulnerabilities.importer import AdvisoryData
-from vulnerabilities.importer import AffectedPackage
-from vulnerabilities.importer import Reference
-from vulnerabilities.improver import MAX_CONFIDENCE
 from vulnerabilities.severity_systems import SCORING_SYSTEMS
 from vulnerabilities.utils import build_vcid
 from vulnerabilities.utils import remove_qualifiers_and_subpath
@@ -53,8 +54,28 @@ def get_or_none(self, *args, **kwargs):
         with suppress(self.model.DoesNotExist, ValidationError):
             return self.get(*args, **kwargs)
 
+    def paginated(self, per_page=5000):
+        """
+        Iterate over a (large) QuerySet by chunks of ``per_page`` items.
+        This technique is essential for preventing memory issues when iterating
+        See these links for inspiration:
+        https://nextlinklabs.com/resources/insights/django-big-data-iteration
+        https://stackoverflow.com/questions/4222176/why-is-iterating-through-a-large-django-queryset-consuming-massive-amounts-of-me/
+        """
+        paginator = Paginator(self, per_page=per_page)
+        for page_number in paginator.page_range:
+            page = paginator.page(page_number)
+            for object in page.object_list:
+                yield object
+
 
 class VulnerabilityQuerySet(BaseQuerySet):
+    def affecting_vulnerabilities(self):
+        """
+        Return a queryset of Vulnerability that affect a package.
+        """
+        return self.filter(packagerelatedvulnerability__fix=False)
+
     def with_cpes(self):
         """
         Return a queryset of Vulnerability that have one or more NVD CPE references.
@@ -137,6 +158,14 @@ def with_package_counts(self):
         )
 
 
+class VulnerabilityStatusType(models.IntegerChoices):
+    """List of vulnerability statuses."""
+
+    PUBLISHED = 1, "Published"
+    DISPUTED = 2, "Disputed"
+    INVALID = 3, "Invalid"
+
+
 class Vulnerability(models.Model):
     """
     A software vulnerability with a unique identifier and alternate ``aliases``.
@@ -165,6 +194,10 @@ class Vulnerability(models.Model):
         through="PackageRelatedVulnerability",
     )
 
+    status = models.IntegerField(
+        choices=VulnerabilityStatusType.choices, default=VulnerabilityStatusType.PUBLISHED
+    )
+
     objects = VulnerabilityQuerySet.as_manager()
 
     class Meta:
@@ -214,6 +247,11 @@ def get_aliases(self):
 
     alias = get_aliases
 
+    @property
+    def get_status_label(self):
+        label_by_status = {choice[0]: choice[1] for choice in VulnerabilityStatusType.choices}
+        return label_by_status.get(self.status) or VulnerabilityStatusType.PUBLISHED.label
+
     def get_absolute_url(self):
         """
         Return this Vulnerability details absolute URL.
@@ -260,17 +298,26 @@ class Weakness(models.Model):
     vulnerabilities = models.ManyToManyField(Vulnerability, related_name="weaknesses")
     db = Database()
 
+    @property
+    def weakness(self):
+        """
+        Return a queryset of Weakness for this vulnerability.
+        """
+        try:
+            weakness = self.db.get(self.cwe_id)
+            return weakness
+        except Exception as e:
+            logger.warning(f"Could not find CWE {self.cwe_id}: {e}")
+
     @property
     def name(self):
         """Return the weakness's name."""
-        weakness = self.db.get(self.cwe_id)
-        return weakness.name
+        return self.weakness.name if self.weakness else ""
 
     @property
     def description(self):
         """Return the weakness's description."""
-        weakness = self.db.get(self.cwe_id)
-        return weakness.description
+        return self.weakness.description if self.weakness else ""
 
 
 class VulnerabilityReferenceQuerySet(BaseQuerySet):
@@ -366,6 +413,24 @@ def purl_to_dict(purl: PackageURL):
 
 
 class PackageQuerySet(BaseQuerySet, PackageURLQuerySet):
+    def get_fixed_by_package_versions(self, purl: PackageURL, fix=True):
+        """
+        Return a queryset of all the package versions of this `package` that fix any vulnerability.
+        If `fix` is False, return all package versions whether or not they fix a vulnerability.
+        """
+        filter_dict = {
+            "name": purl.name,
+            "namespace": purl.namespace,
+            "type": purl.type,
+            "qualifiers": purl.qualifiers,
+            "subpath": purl.subpath,
+        }
+
+        if fix:
+            filter_dict["packagerelatedvulnerability__fix"] = True
+
+        return Package.objects.filter(**filter_dict).distinct()
+
     def get_or_create_from_purl(self, purl: PackageURL):
         """
         Return an existing or new Package (created if neeed) given a
@@ -563,7 +628,6 @@ def __str__(self):
         return self.package_url
 
     @property
-    # TODO: consider renaming to "affected_by"
     def affected_by(self):
         """
         Return a queryset of vulnerabilities affecting this package.
@@ -604,6 +668,144 @@ def get_absolute_url(self):
         """
         return reverse("package_details", args=[self.purl])
 
+    def sort_by_version(self, packages):
+        """
+        Return a list of `packages` sorted by version.
+        """
+        if not packages:
+            return []
+
+        return sorted(
+            packages,
+            key=lambda x: self.version_class(x.version),
+        )
+
+    @property
+    def version_class(self):
+        return RANGE_CLASS_BY_SCHEMES[self.type].version_class
+
+    @property
+    def current_version(self):
+        return self.version_class(self.version)
+
+    @property
+    def fixed_package_details(self):
+        """
+        Return a mapping of vulnerabilities that affect this package and the next and
+        latest non-vulnerable versions.
+        """
+        package_details = {}
+        package_details["purl"] = PackageURL.from_string(self.purl)
+
+        next_non_vulnerable, latest_non_vulnerable = self.get_non_vulnerable_versions()
+        package_details["next_non_vulnerable"] = next_non_vulnerable
+        package_details["latest_non_vulnerable"] = latest_non_vulnerable
+
+        package_details["vulnerabilities"] = self.get_affecting_vulnerabilities()
+
+        return package_details
+
+    def get_non_vulnerable_versions(self):
+        """
+        Return a tuple of the next and latest non-vulnerable versions as PackageURLs.  Return a tuple of
+        (None, None) if there is no non-vulnerable version.
+        """
+        package_versions = Package.objects.get_fixed_by_package_versions(self, fix=False)
+
+        non_vulnerable_versions = []
+        for version in package_versions:
+            if not version.is_vulnerable:
+                non_vulnerable_versions.append(version)
+
+        later_non_vulnerable_versions = []
+        for non_vuln_ver in non_vulnerable_versions:
+            if self.version_class(non_vuln_ver.version) > self.current_version:
+                later_non_vulnerable_versions.append(non_vuln_ver)
+
+        if later_non_vulnerable_versions:
+            sorted_versions = self.sort_by_version(later_non_vulnerable_versions)
+            next_non_vulnerable_version = sorted_versions[0]
+            latest_non_vulnerable_version = sorted_versions[-1]
+
+            next_non_vulnerable = PackageURL.from_string(next_non_vulnerable_version.purl)
+            latest_non_vulnerable = PackageURL.from_string(latest_non_vulnerable_version.purl)
+
+            return next_non_vulnerable, latest_non_vulnerable
+
+        return None, None
+
+    def get_affecting_vulnerabilities(self):
+        """
+        Return a list of vulnerabilities that affect this package together with information regarding
+        the versions that fix the vulnerabilities.
+        """
+        package_details_vulns = []
+
+        fixed_by_packages = Package.objects.get_fixed_by_package_versions(self, fix=True)
+
+        package_vulnerabilities = self.vulnerabilities.affecting_vulnerabilities().prefetch_related(
+            Prefetch(
+                "packages",
+                queryset=fixed_by_packages,
+                to_attr="fixed_packages",
+            )
+        )
+
+        for vuln in package_vulnerabilities:
+            package_details_vulns.append({"vulnerability": vuln})
+            later_fixed_packages = []
+
+            for fixed_pkg in vuln.fixed_packages:
+                if fixed_pkg not in fixed_by_packages:
+                    continue
+                fixed_version = self.version_class(fixed_pkg.version)
+                if fixed_version > self.current_version:
+                    later_fixed_packages.append(fixed_pkg)
+
+            next_fixed_package = None
+            next_fixed_package_vulns = []
+
+            sort_fixed_by_packages_by_version = []
+            if later_fixed_packages:
+                sort_fixed_by_packages_by_version = self.sort_by_version(later_fixed_packages)
+
+            fixed_by_pkgs = []
+
+            for vuln_details in package_details_vulns:
+                if vuln_details["vulnerability"] != vuln:
+                    continue
+                vuln_details["fixed_by_purl"] = []
+                vuln_details["fixed_by_purl_vulnerabilities"] = []
+
+                for fixed_by_pkg in sort_fixed_by_packages_by_version:
+                    fixed_by_package_details = {}
+                    fixed_by_purl = PackageURL.from_string(fixed_by_pkg.purl)
+                    next_fixed_package_vulns = list(fixed_by_pkg.affected_by)
+
+                    fixed_by_package_details["fixed_by_purl"] = fixed_by_purl
+                    fixed_by_package_details[
+                        "fixed_by_purl_vulnerabilities"
+                    ] = next_fixed_package_vulns
+                    fixed_by_pkgs.append(fixed_by_package_details)
+
+                    vuln_details["fixed_by_package_details"] = fixed_by_pkgs
+
+        return package_details_vulns
+
+    @property
+    def fixing_vulnerabilities(self):
+        """
+        Return a queryset of Vulnerabilities that are fixed by this `package`.
+        """
+        return self.vulnerabilities.filter(packagerelatedvulnerability__fix=True)
+
+    @property
+    def affecting_vulnerabilities(self):
+        """
+        Return a queryset of Vulnerabilities that affect this `package`.
+        """
+        return self.vulnerabilities.filter(packagerelatedvulnerability__fix=False)
+
 
 class PackageRelatedVulnerability(models.Model):
     """
@@ -628,6 +830,7 @@ class PackageRelatedVulnerability(models.Model):
         "module name responsible for creating this relation. Eg:"
         "vulnerabilities.importers.nginx.NginxBasicImprover",
     )
+    from vulnerabilities.improver import MAX_CONFIDENCE
 
     confidence = models.PositiveIntegerField(
         default=MAX_CONFIDENCE,
@@ -735,6 +938,8 @@ class Alias(models.Model):
     alias = models.CharField(
         max_length=50,
         unique=True,
+        blank=False,
+        null=False,
         help_text="An alias is a unique vulnerability identifier in some database, "
         "such as CVE-2020-2233",
     )
@@ -770,6 +975,10 @@ def url(self):
             return f"https://github.com/nodejs/security-wg/blob/main/vuln/npm/{id}.json"
 
 
+class AdvisoryQuerySet(BaseQuerySet):
+    pass
+
+
 class Advisory(models.Model):
     """
     An advisory represents data directly obtained from upstream transformed
@@ -798,10 +1007,8 @@ class Advisory(models.Model):
     )
     weaknesses = models.JSONField(blank=True, default=list, help_text="A list of CWE ids")
     date_collected = models.DateTimeField(help_text="UTC Date on which the advisory was collected")
-    date_improved = models.DateTimeField(
-        blank=True,
-        null=True,
-        help_text="Latest date on which the advisory was improved by an improver",
+    date_imported = models.DateTimeField(
+        blank=True, null=True, help_text="UTC Date on which the advisory was imported"
     )
     created_by = models.CharField(
         max_length=100,
@@ -809,6 +1016,7 @@ class Advisory(models.Model):
         "module name importing the advisory. Eg:"
         "vulnerabilities.importers.nginx.NginxImporter",
     )
+    objects = AdvisoryQuerySet.as_manager()
 
     class Meta:
         unique_together = ["aliases", "unique_content_id", "date_published"]
@@ -816,13 +1024,17 @@ class Meta:
 
     def save(self, *args, **kwargs):
         checksum = hashlib.md5()
-        for field in (self.summary, self.affected_packages, self.references):
+        for field in (self.summary, self.affected_packages, self.references, self.weaknesses):
             value = json.dumps(field, separators=(",", ":")).encode("utf-8")
             checksum.update(value)
         self.unique_content_id = checksum.hexdigest()
         super().save(*args, **kwargs)
 
-    def to_advisory_data(self) -> AdvisoryData:
+    def to_advisory_data(self) -> "AdvisoryData":
+        from vulnerabilities.importer import AdvisoryData
+        from vulnerabilities.importer import AffectedPackage
+        from vulnerabilities.importer import Reference
+
         return AdvisoryData(
             aliases=self.aliases,
             summary=self.summary,
diff --git a/vulnerabilities/package_managers.py b/vulnerabilities/package_managers.py
index f210f0f98..efce7ec1b 100644
--- a/vulnerabilities/package_managers.py
+++ b/vulnerabilities/package_managers.py
@@ -556,6 +556,22 @@ def fetch(self, pkg: str) -> Iterable[PackageVersion]:
             )
 
 
+class ConanVersionAPI(VersionAPI):
+    """
+    Fetch versions of ``conan`` packages from the Conan API
+    """
+
+    package_type = "conan"
+
+    def fetch(self, pkg: str) -> Iterable[PackageVersion]:
+        response = get_response(
+            url=f"https://conan.io/center/api/ui/details?name={pkg}&user=_&channel=_",
+            content_type="json",
+        )
+        for release in response["versions"]:
+            yield PackageVersion(value=release["version"])
+
+
 class GoproxyVersionAPI(VersionAPI):
     """
     Fetch versions of Go "golang" packages from the Go proxy API
@@ -688,10 +704,18 @@ def fetch(self, pkg: str) -> Iterable[PackageVersion]:
     CratesVersionAPI,
     DebianVersionAPI,
     GitHubTagsAPI,
+    ConanVersionAPI,
 }
 
 VERSION_API_CLASSES_BY_PACKAGE_TYPE = {cls.package_type: cls for cls in VERSION_API_CLASSES}
 
+VERSION_API_CLASSES_BY_PACKAGE_TYPE["apache"] = GitHubTagsAPI
+
+VERSION_API_CLASS_BY_PACKAGE_NAMESPACE = {
+    "debian": DebianVersionAPI,
+    "ubuntu": LaunchpadVersionAPI,
+}
+
 
 def get_api_package_name(purl: PackageURL) -> str:
     """
@@ -703,11 +727,21 @@ def get_api_package_name(purl: PackageURL) -> str:
     """
     if not purl.name:
         return None
+    if purl.type == "apache":
+        return f"{purl.type}/{purl.name}"
     if purl.type in ("nuget", "pypi", "gem", "deb") or not purl.namespace:
         return purl.name
     if purl.type == "maven":
         return f"{purl.namespace}:{purl.name}"
-    if purl.type in ("composer", "golang", "npm"):
+    if purl.type in ("composer", "golang", "npm", "github"):
         return f"{purl.namespace}/{purl.name}"
 
     logger.error(f"get_api_package_name: Unknown PURL {purl!r}")
+
+
+def get_version_fetcher(package_url):
+    if package_url.type == "deb":
+        versions_fetcher: VersionAPI = VERSION_API_CLASS_BY_PACKAGE_NAMESPACE[package_url.namespace]
+    else:
+        versions_fetcher: VersionAPI = VERSION_API_CLASSES_BY_PACKAGE_TYPE[package_url.type]
+    return versions_fetcher
diff --git a/vulnerabilities/templates/includes/pagination.html b/vulnerabilities/templates/includes/pagination.html
index 85020e4d6..0d6dad430 100644
--- a/vulnerabilities/templates/includes/pagination.html
+++ b/vulnerabilities/templates/includes/pagination.html
@@ -1,12 +1,12 @@
 <nav class="pagination is-centered is-small" aria-label="pagination">
   {% if page_obj.has_previous %}
-    <a href="?page={{ page_obj.previous_page_number }}&search={{ search }}" class="pagination-previous">Previous</a>
+  <a href="?page={{ page_obj.previous_page_number }}&search={{ search|urlencode }}" class="pagination-previous">Previous</a>
   {% else %}
     <a class="pagination-previous" disabled>Previous</a>
   {% endif %}
 
   {% if page_obj.has_next %}
-    <a href="?page={{ page_obj.next_page_number }}&search={{ search }}" class="pagination-next">Next</a>
+    <a href="?page={{ page_obj.next_page_number }}&search={{ search|urlencode }}" class="pagination-next">Next</a>
   {% else %}
     <a class="pagination-next" disabled>Next</a>
   {% endif %}
@@ -14,7 +14,7 @@
   <ul class="pagination-list">
     {% if page_obj.number != 1%}
       <li>
-        <a href="?page=1&search={{ search }}" class="pagination-link" aria-label="Goto page 1">1</a>
+        <a href="?page=1&search={{ search|urlencode }}" class="pagination-link" aria-label="Goto page 1">1</a>
       </li>
       {% if page_obj.number > 2 %}
         <li>
@@ -32,7 +32,7 @@
         </li>
       {% endif %}
       <li>
-        <a href="?page={{ page_obj.paginator.num_pages }}&search={{ search }}" class="pagination-link" aria-label="Goto page {{ page_obj.paginator.num_pages }}">{{ page_obj.paginator.num_pages }}</a>
+        <a href="?page={{ page_obj.paginator.num_pages }}&search={{ search|urlencode }}" class="pagination-link" aria-label="Goto page {{ page_obj.paginator.num_pages }}">{{ page_obj.paginator.num_pages }}</a>
       </li>
     {% endif %}
   </ul>
diff --git a/vulnerabilities/templates/package_details.html b/vulnerabilities/templates/package_details.html
index 9d30c13f0..c70adaee0 100644
--- a/vulnerabilities/templates/package_details.html
+++ b/vulnerabilities/templates/package_details.html
@@ -20,7 +20,7 @@
                 </div>
             </article>
 
-            <div class="pl-3 pr-3 mb-5">
+            <div class="pl-3 pr-3 mb-5 floating-purl">
                 <table class="table vcio-table width-100-pct mt-2">
                     <tbody>
                         <tr>
@@ -33,24 +33,59 @@
                                 </span>
                             </td>
                             <td class="two-col-right">
-                                {{ package.purl }}
+                                {{ fixed_package_details.purl.to_string }}
                             </td>
                         </tr>
                     </tbody>
                 </table>
             </div>
 
+            {% if affected_by_vulnerabilities|length != 0 %}
+
+                <div class="pl-3 pr-3 mb-5 non-vuln">
+                    <table class="table vcio-table width-100-pct mt-2">
+                        <tbody>
+                            <tr>
+                                <td class="two-col-left">
+                                    Next non-vulnerable version
+                                </td>
+                                <td class="two-col-right">
+                                    {% if fixed_package_details.next_non_vulnerable.version %}
+                                        <a href="/packages/{{ fixed_package_details.next_non_vulnerable }}?search={{ fixed_package_details.next_non_vulnerable }}" target="_self">{{ fixed_package_details.next_non_vulnerable.version }}</a>
+                                    {% else %}
+                                        <span class="emphasis-vulnerable">None.</span>
+                                    {% endif %}
+                                </td>
+                            </tr>
+                            <tr>
+                                <td class="two-col-left">
+                                    Latest non-vulnerable version
+                                </td>
+                                <td class="two-col-right">
+                                    {% if fixed_package_details.latest_non_vulnerable.version %}
+                                        <a href="/packages/{{ fixed_package_details.latest_non_vulnerable }}?search={{ fixed_package_details.latest_non_vulnerable }}" target="_self">{{ fixed_package_details.latest_non_vulnerable.version }}</a>
+                                    {% else %}
+                                        <span class="emphasis-vulnerable">None.</span>
+                                    {% endif %}
+                                </td>
+                            </tr>
+                        </tbody>
+                    </table>
+                </div>
+
+            {% endif %}
+
             <div class="content ml-3 mr-3">
                 <div class="has-text-weight-bold ml-1 mb-0">
-                    Affected by vulnerabilities ({{ affected_by_vulnerabilities|length }})
+                    <span class="affected-fixed">Vulnerabilities affecting</span> this package ({{ affected_by_vulnerabilities|length }})
                 </div>
 
                 <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth">
                     <thead>
                         <tr>
-                            <th style="width: 175px;">Vulnerability</th>
+                            <th style="width: 200px;">Vulnerability</th>
                             <th>Summary</th>
-                            <th style="width: 225px;">Aliases</th>
+                            <th style="width: 310px;"><span class="affected-fixed">Fixed by</span></th>
                         </tr>
                     </thead>
 
@@ -59,14 +94,12 @@
                             <tr>
                                 <td>
                                     <a href="{{ vulnerability.get_absolute_url }}" target="_self">{{ vulnerability.vulnerability_id }}</a>
-                                </td>
-                                <td>
-                                    {{ vulnerability.summary }}
-                                </td>
-                                <td>
+                                    <br />
+                                    Aliases:
+                                    <br />
                                     {% for alias in vulnerability.alias %}
                                         {% if alias.url %}
-                                            <a href={{ alias.url }} target="_blank">{{ alias }}<i class="fa fa-external-link fa_link_custom"></i></a>
+                                            <a href="{{ alias.url }}" target="_blank">{{ alias }}<i class="fa fa-external-link fa_link_custom"></i></a>
                                             <br />
                                         {% else %}
                                             {{ alias }}
@@ -74,33 +107,90 @@
                                         {% endif %}
                                     {% endfor %}
                                 </td>
+                                <td style="word-wrap: break-word; word-break: break-word;">
+                                    {{ vulnerability.summary }}
+                                </td>
+                                <td style="word-wrap: break-word; word-break: break-all;">
+                                    {% if package.purl == fixed_package_details.purl.to_string %}
+                                        {% for key, value in fixed_package_details.items %}
+                                            {% if key == "vulnerabilities" %}
+                                                {% for vuln in value %}
+                                                    {% if vuln.vulnerability.vulnerability_id == vulnerability.vulnerability_id %}
+                                                        {% if vuln.fixed_by_package_details is None %}
+                                                            <span class="emphasis-vulnerable">There are no reported <span class="affected-fixed">fixed by</span> versions.</span>
+                                                        {% else %}
+                                                            {% for fixed_pkg in vuln.fixed_by_package_details %}
+                                                                <div>
+                                                                    {% if fixed_pkg.fixed_by_purl_vulnerabilities|length == 0 %}
+                                                                        <a href="/packages/{{ fixed_pkg.fixed_by_purl }}?search={{ fixed_pkg.fixed_by_purl }}" target="_self">{{ fixed_pkg.fixed_by_purl.version }}</a>
+                                                                        <br />
+                                                                        <span class="emphasis-not-vulnerable"><span class="affected-fixed">Affected by</span> 0 other vulnerabilities.</span>
+                                                                    {% else %}
+                                                                        <a href="/packages/{{ fixed_pkg.fixed_by_purl }}?search={{ fixed_pkg.fixed_by_purl }}" target="_self">{{ fixed_pkg.fixed_by_purl.version }}</a>
+                                                                            {% if fixed_pkg.fixed_by_purl_vulnerabilities|length != 1 %}
+                                                                                <br />
+                                                                                <span class="emphasis-vulnerable"><span class="affected-fixed">Affected by</span> {{ fixed_pkg.fixed_by_purl_vulnerabilities|length }} other vulnerabilities.</span>
+                                                                            {% else %}
+                                                                                <br />
+                                                                                <span class="emphasis-vulnerable"><span class="affected-fixed">Affected by</span> {{ fixed_pkg.fixed_by_purl_vulnerabilities|length }} other vulnerability.</span>
+                                                                            {% endif %}
+
+                                                                        <div class="dropdown is-hoverable has-text-weight-normal is-right">
+                                                                            <div class="dropdown-trigger">
+                                                                                <i class="fa fa-question-circle ml-0 fa-sm has-background-white has-text-link"></i>
+                                                                            </div>
+                                                                            <div class="dropdown-menu dropdown-vuln-list-width" id="dropdown-menu4" role="menu">
+                                                                                <div class="dropdown-content dropdown-instructions-box-shadow">
+                                                                                    <div class="dropdown-item">
+                                                                                        <div style="max-height: 200px; overflow-y: auto;">
+                                                                                            This version is <span class="affected-fixed">affected by</span> these other vulnerabilities:
+                                                                                            <div style="padding-top: 5px;">
+                                                                                                {% for fixed_by_vuln in fixed_pkg.fixed_by_purl_vulnerabilities %}
+                                                                                                <div>
+                                                                                                    <a href="/vulnerabilities/{{ fixed_by_vuln.vulnerability_id }}" target="_self">{{ fixed_by_vuln.vulnerability_id }}</a>
+                                                                                                </div>
+                                                                                                {% endfor %}
+                                                                                            </div>
+                                                                                        </div>
+                                                                                    </div>
+                                                                                </div>
+                                                                            </div>
+                                                                        </div>
+                                                                    {% endif %}
+                                                                </div>
+                                                            {% endfor %}
+                                                        {% endif %}
+                                                    {% endif %}
+                                                {% endfor %}
+                                            {% endif %}
+                                        {% endfor %}
+                                    {% endif %}
+                                </td>
                             </tr>
                         {% empty %}
                             <tr>
                                 <td colspan="3">
-                                    This package is not known to be affected by vulnerabilities.
+                                    <span class="emphasis-not-vulnerable">This package is not known to be <span class="affected-fixed">affected by</span> vulnerabilities.</span>
                                 </td>
                             </tr>
                         {% endfor %}
                     </tbody>
-
                 </table>
             </div>
 
             <div class="content ml-3 mr-3">
                 <div class="has-text-weight-bold ml-1 mb-0">
-                    Fixing vulnerabilities ({{ fixing_vulnerabilities|length }})
+                    <span class="affected-fixed">Vulnerabilities fixed by</span> this package ({{ fixing_vulnerabilities|length }})
                 </div>
 
                 <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth">
                     <thead>
                         <tr>
-                            <th style="width: 175px;">Vulnerability</th>
+                            <th style="width: 200px;">Vulnerability</th>
                             <th>Summary</th>
                             <th style="width: 225px;">Aliases</th>
                         </tr>
                     </thead>
-
                     <tbody>
                         {% for vulnerability in fixing_vulnerabilities %}
                             <tr>
@@ -113,7 +203,7 @@
                                 <td>
                                     {% for alias in vulnerability.alias %}
                                         {% if alias.url %}
-                                            <a href={{ alias.url }} target="_blank">{{ alias }}<i class="fa fa-external-link fa_link_custom"></i></a>
+                                            <a href="{{ alias.url }}" target="_blank">{{ alias }}<i class="fa fa-external-link fa_link_custom"></i></a>
                                             <br />
                                         {% else %}
                                             {{ alias }}
@@ -125,7 +215,7 @@
                         {% empty %}
                             <tr>
                                 <td colspan="3">
-                                    This package is not known to fix vulnerabilities.
+                                    This package is not known to <span class="affected-fixed">fix</span> vulnerabilities.
                                 </td>
                             </tr>
                         {% endfor %}
@@ -137,5 +227,4 @@
         </div>
     </section>
 {% endif %}
-
 {% endblock %}
diff --git a/vulnerabilities/templates/packages.html b/vulnerabilities/templates/packages.html
index 000fe45be..357d60ce7 100644
--- a/vulnerabilities/templates/packages.html
+++ b/vulnerabilities/templates/packages.html
@@ -24,7 +24,7 @@
             </div>
         </section>
     </div>
-   
+
     <section class="section pt-0">
         <div class="content">
             <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth">
@@ -41,14 +41,14 @@
                             <span
                                 class="has-tooltip-multiline has-tooltip-black has-tooltip-arrow has-tooltip-text-left"
                                 data-tooltip="This is the number of vulnerabilities that affect the package.">
-                                Affected by vulnerabilities
+                                <span class="affected-fixed">Affected by</span> vulnerabilities
                             </span>
                         </th>
                         <th style="width: 225px;">
                             <span
                                 class="has-tooltip-multiline has-tooltip-black has-tooltip-arrow has-tooltip-text-left"
                                 data-tooltip="This is the number of vulnerabilities fixed by the package.">
-                                Fixing vulnerabilities
+                                <span class="affected-fixed">Fixed by</span> vulnerabilities
                             </span>
                         </th>
                     </tr>
diff --git a/vulnerabilities/templates/vulnerabilities.html b/vulnerabilities/templates/vulnerabilities.html
index dcca5213d..bdada6ee1 100644
--- a/vulnerabilities/templates/vulnerabilities.html
+++ b/vulnerabilities/templates/vulnerabilities.html
@@ -32,8 +32,8 @@
                     <tr>
                         <th>Vulnerability id</th>
                         <th style="width: 225px;">Aliases</th>
-                        <th style="width: 225px;">Affected packages</th>
-                        <th style="width: 225px;">Fixed by packages</th>
+                        <th style="width: 225px;"><span class="affected-fixed">Affected</span> packages</th>
+                        <th style="width: 225px;"><span class="affected-fixed">Fixed by</span> packages</th>
                     </tr>
                 </thead>
                 <tbody>
@@ -48,7 +48,7 @@
                             <td>
                                 {% for alias in vulnerability.alias %}
                                     {% if alias.url %}
-                                        <a href={{ alias.url }} target="_blank">{{ alias }}
+                                        <a href="{{ alias.url }}" target="_blank">{{ alias }}
                                             <i class="fa fa-external-link fa_link_custom"></i>
                                         </a>
                                     {% else %}
diff --git a/vulnerabilities/templates/vulnerability_details.html b/vulnerabilities/templates/vulnerability_details.html
index d7ee67bd4..aca4429ed 100644
--- a/vulnerabilities/templates/vulnerability_details.html
+++ b/vulnerabilities/templates/vulnerability_details.html
@@ -34,14 +34,14 @@
                     <li data-tab="fixed-by">
                         <a>
                             <span>
-                                Fixed by packages ({{ fixed_by_packages|length }})
+                                <span class="affected-fixed">Fixed by</span> packages ({{ fixed_by_packages|length }})
                             </span>
                         </a>
                     </li>
                     <li data-tab="affected-packages">
                         <a>
                             <span>
-                                Affected packages ({{ affected_packages|length }})
+                                <span class="affected-fixed">Affected</span> packages ({{ affected_packages|length }})
                             </span>
                         </a>
                     </li>
@@ -57,7 +57,7 @@
             <div id="tab-content">
                 <div class="tab-div is-active" data-content="essentials">
                     <div class="tab-nested-div">
-                        <table class="table vcio-table width-100-pct width-100-pct mt-2">
+                        <table class="table vcio-table width-100-pct mt-2">
                             <tbody>
                                 <tr>
                                     <td class="two-col-left">Vulnerability ID</td>
@@ -68,7 +68,7 @@
                                     <td class="two-col-right">
                                         {% for alias in aliases %}
                                             {% if alias.url %}
-                                                <a href={{ alias.url }} target="_blank">{{ alias }}<i class="fa fa-external-link fa_link_custom"></i></a>
+                                                <a href="{{ alias.url }}" target="_blank">{{ alias }}<i class="fa fa-external-link fa_link_custom"></i></a>
                                             {% else %}
                                                 {{ alias }}
                                             {% endif %}
@@ -78,9 +78,20 @@
                                 </tr>
                                 <tr>
                                     <td class="two-col-left">Summary</td>
-                                    <td class="two-col-right">{{ vulnerability.summary }}
+                                    <td class="two-col-right wrap-strings">{{ vulnerability.summary }}
                                     </td>
                                 </tr>
+                                {% if severity_score_range %}
+                                <tr>
+                                    <td class="two-col-left">Severity score range</td>
+                                    <td class="two-col-right">{{ severity_score_range }}
+                                    </td>
+                                {% endif %}
+                                </tr>
+                                <tr>
+                                    <td class="two-col-left">Status</td>
+                                    <td class="two-col-right">{{ status }}</td>
+                                </tr>
                             </tbody>
                         </table>
                     </div>
@@ -92,7 +103,7 @@
                         <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
                             <tr>
                                 <th style="width: 160px;"> System </th>
-                                <th> Score </th>
+                                <th style="width: 100px;"> Score </th>
                                 <th> Found at </th>
                             </tr>
                             {% for severity in severities %}
@@ -117,7 +128,7 @@
                     </div>
 
                     <div class="has-text-weight-bold tab-nested-div ml-1 mb-1 mt-6">
-                        Fixed by packages ({{ fixed_by_packages|length }})
+                        <span class="affected-fixed">Fixed by</span> packages ({{ fixed_by_packages|length }})
                     </div>
                     <div class="tab-nested-div">
                         <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
@@ -131,14 +142,14 @@
                             {% empty %}
                                 <tr>
                                     <td>
-                                    There are no known fixed packages.
+                                    There are no known <span class="affected-fixed">fixed by</span> packages.
                                     </td>
                                 </tr>
                             {% endfor %}
                             {% if fixed_by_packages|length > 3 %}
                                 <tr>
                                     <td>
-                                    ... see <i>Fixed by packages</i> tab for more
+                                    See <a href="#" onclick="goToTab('fixed-by')"><i><span class="affected-fixed">Fixed by</span> packages</i></a> tab for more
                                     </td>
                                 </tr>
                             {% endif %}
@@ -146,7 +157,7 @@
                     </div>
 
                     <div class="has-text-weight-bold tab-nested-div ml-1 mb-1 mt-6">
-                        Affected packages ({{ affected_packages|length }})
+                        <span class="affected-fixed">Affected</span> packages ({{ affected_packages|length }})
                     </div>
                     <div class="tab-nested-div">
                         <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
@@ -160,14 +171,14 @@
                             {% empty %}
                                 <tr>
                                     <td>
-                                There are no known affected packages.
+                                There are no known <span class="affected-fixed">affected</span> packages.
                                     </td>
                                 </tr>
                             {% endfor %}
                             {% if affected_packages|length > 3 %}
                                 <tr>
                                     <td>
-                                ... see <i>Affected packages</i> tab for more
+                                See <a href="#" onclick="goToTab('affected-packages')"><i><span class="affected-fixed">Affected</span> packages</i></a> tab for more
                                     </td>
                                 </tr>
                             {% endif %}
@@ -293,4 +304,21 @@
 
 <script src="{% static 'js/main.js' %}" crossorigin="anonymous"></script>
 
+<script>
+    function goToTab(tabName) {
+        const activeLink = document.querySelector('div.tabs.is-boxed li.is-active');
+        const activeTabContent = document.querySelector('div.tab-div.is-active');
+
+        activeLink.classList.remove('is-active');
+        activeTabContent.classList.remove('is-active');
+
+        const target_id = document.querySelector(`[data-tab='${tabName}']`);
+        const targetTabContent = document.querySelector(`[data-content='${tabName}']`);
+
+        target_id.classList.add('is-active');
+        targetTabContent.classList.add('is-active');
+    }
+</script>
+
+
 {% endblock %}
diff --git a/vulnerabilities/tests/conftest.py b/vulnerabilities/tests/conftest.py
index de7bb560a..bfd59e045 100644
--- a/vulnerabilities/tests/conftest.py
+++ b/vulnerabilities/tests/conftest.py
@@ -25,7 +25,6 @@ def no_rmtree(monkeypatch):
 # Step 2: Run test for importer only if it is activated (pytestmark = pytest.mark.skipif(...))
 # Step 3: Migrate all the tests
 collect_ignore = [
-    "test_models.py",
     "test_package_managers.py",
     "test_ruby.py",
     "test_rust.py",
diff --git a/vulnerabilities/tests/test_affected_package.py b/vulnerabilities/tests/test_affected_package.py
index 7e7173d8d..2ebbcbddb 100644
--- a/vulnerabilities/tests/test_affected_package.py
+++ b/vulnerabilities/tests/test_affected_package.py
@@ -57,6 +57,19 @@ def test_affected_package_merge():
                 ),
             ),
             AffectedPackage(package=PackageURL(type="npm", name="foo"), fixed_version="2.0.0"),
+            AffectedPackage(
+                package=PackageURL(type="npm", name="foo"),
+                affected_version_range=GemVersionRange(
+                    constraints=(
+                        VersionConstraint(
+                            comparator=">=", version=RubygemsVersion(string="10.2.0")
+                        ),
+                        VersionConstraint(
+                            comparator="<=", version=RubygemsVersion(string="10.5.0")
+                        ),
+                    )
+                ),
+            ),
         ]
     )
     expected = (
@@ -69,7 +82,13 @@ def test_affected_package_merge():
                     VersionConstraint(comparator=">=", version=RubygemsVersion(string="5.2.0")),
                     VersionConstraint(comparator="<=", version=RubygemsVersion(string="5.2.6.2")),
                 )
-            )
+            ),
+            GemVersionRange(
+                constraints=(
+                    VersionConstraint(comparator=">=", version=RubygemsVersion(string="10.2.0")),
+                    VersionConstraint(comparator="<=", version=RubygemsVersion(string="10.5.0")),
+                )
+            ),
         ],
         ["1.0.0", "2.0.0"],
     )
diff --git a/vulnerabilities/tests/test_apache_httpd.py b/vulnerabilities/tests/test_apache_httpd.py
index 48d0a028e..a57437d01 100644
--- a/vulnerabilities/tests/test_apache_httpd.py
+++ b/vulnerabilities/tests/test_apache_httpd.py
@@ -18,8 +18,8 @@
 
 from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importers.apache_httpd import ApacheHTTPDImporter
-from vulnerabilities.importers.apache_httpd import ApacheHTTPDImprover
 from vulnerabilities.improvers.default import DefaultImprover
+from vulnerabilities.improvers.valid_versions import ApacheHTTPDImprover
 from vulnerabilities.tests import util_tests
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
@@ -122,7 +122,7 @@ def test_to_advisory_CVE_2022_28614():
     util_tests.check_results_against_json(result, expected_file)
 
 
-@mock.patch("vulnerabilities.importers.apache_httpd.ApacheHTTPDImprover.get_package_versions")
+@mock.patch("vulnerabilities.improvers.valid_versions.ApacheHTTPDImprover.get_package_versions")
 def test_apache_httpd_improver(mock_response):
     advisory_file = os.path.join(TEST_DATA, f"CVE-2021-44224-apache-httpd-expected.json")
     expected_file = os.path.join(TEST_DATA, f"apache-httpd-improver-expected.json")
diff --git a/vulnerabilities/tests/test_apache_kafka.py b/vulnerabilities/tests/test_apache_kafka.py
index 5646b5554..720196381 100644
--- a/vulnerabilities/tests/test_apache_kafka.py
+++ b/vulnerabilities/tests/test_apache_kafka.py
@@ -7,11 +7,16 @@
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
+import json
 import os
+from unittest.mock import patch
 
 import pytest
 
+from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importers.apache_kafka import ApacheKafkaImporter
+from vulnerabilities.improvers.default import DefaultImprover
+from vulnerabilities.improvers.valid_versions import ApacheKafkaImprover
 from vulnerabilities.tests import util_tests
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
@@ -32,40 +37,45 @@ def test_to_advisory():
     util_tests.check_results_against_json(result, expected_file)
 
 
+@patch("vulnerabilities.improvers.valid_versions.ApacheKafkaImprover.get_package_versions")
+def test_apache_tomcat_improver(mock_response):
+    advisory_file = os.path.join(TEST_DATA, f"to-advisory-apache_kafka-expected.json")
+    with open(advisory_file) as exp:
+        advisories = [AdvisoryData.from_dict(adv) for adv in (json.load(exp))]
+    mock_response.return_value = [
+        "1.1.0",
+        "1.1.1",
+        "1.1.2",
+        "1.1.3",
+        "1.1.4",
+        "1.1.5",
+        "1.1.6",
+        "1.1.7",
+        "1.1.8",
+    ]
+    improvers = [ApacheKafkaImprover(), DefaultImprover()]
+    result = []
+    for improver in improvers:
+        for advisory in advisories:
+            inference = [data.to_dict() for data in improver.get_inferences(advisory)]
+            result.extend(inference)
+    expected_file = os.path.join(TEST_DATA, f"apache-kafka-improver-expected.json")
+    util_tests.check_results_against_json(result, expected_file)
+
+
 def to_advisory_changed_cve():
     with open(os.path.join(TEST_DATA, "cve-list-changed-cve.html")) as f:
         raw_data = f.read()
     advisories = ApacheKafkaImporter().to_advisory(raw_data)
 
 
-def test_to_advisory_changed_cve_exception():
-    with pytest.raises(KeyError) as excinfo:
-        to_advisory_changed_cve()
-
-    assert "CVE-2022-34918" in str(excinfo.value)
-
-
 def to_advisory_changed_versions_affected():
     with open(os.path.join(TEST_DATA, "cve-list-changed-versions-affected.html")) as f:
         raw_data = f.read()
     advisories = ApacheKafkaImporter().to_advisory(raw_data)
 
 
-def test_to_advisory_changed_versions_affected_exception():
-    with pytest.raises(KeyError) as excinfo:
-        to_advisory_changed_versions_affected()
-
-    assert "2.8.0 - 2.8.1, 3.0.0 - 3.0.1, 3.1.0 - 3.1.1, 3.2.0 - 3.2.2" in str(excinfo.value)
-
-
 def to_advisory_changed_fixed_versions():
     with open(os.path.join(TEST_DATA, "cve-list-changed-fixed-versions.html")) as f:
         raw_data = f.read()
     advisories = ApacheKafkaImporter().to_advisory(raw_data)
-
-
-def test_to_advisory_changed_fixed_versions_exception():
-    with pytest.raises(KeyError) as excinfo:
-        to_advisory_changed_fixed_versions()
-
-    assert "2.8.2, 3.0.2, 3.1.2, 3.2.4" in str(excinfo.value)
diff --git a/vulnerabilities/tests/test_apache_tomcat.py b/vulnerabilities/tests/test_apache_tomcat.py
index 4c5033e14..7005e7d26 100644
--- a/vulnerabilities/tests/test_apache_tomcat.py
+++ b/vulnerabilities/tests/test_apache_tomcat.py
@@ -7,8 +7,9 @@
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
+import json
 import os
-from unittest import TestCase
+from unittest.mock import patch
 
 from univers.version_constraint import VersionConstraint
 from univers.version_range import ApacheVersionRange
@@ -16,10 +17,13 @@
 from univers.versions import MavenVersion
 from univers.versions import SemverVersion
 
+from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importers.apache_tomcat import ApacheTomcatImporter
 from vulnerabilities.importers.apache_tomcat import extract_tomcat_advisory_data_from_page
 from vulnerabilities.importers.apache_tomcat import to_version_ranges_apache
 from vulnerabilities.importers.apache_tomcat import to_version_ranges_maven
+from vulnerabilities.improvers.default import DefaultImprover
+from vulnerabilities.improvers.valid_versions import ApacheTomcatImprover
 from vulnerabilities.tests import util_tests
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
@@ -39,6 +43,34 @@ def test_method_extract_advisories_from_page():
     util_tests.check_results_against_json(results, expected_file)
 
 
+@patch("vulnerabilities.improvers.valid_versions.ApacheTomcatImprover.get_package_versions")
+def test_apache_tomcat_improver(mock_response):
+    advisory_file = os.path.join(
+        TEST_DATA, f"parse-apache_tomcat-selected-advisories-expected.json"
+    )
+    with open(advisory_file) as exp:
+        advisories = [AdvisoryData.from_dict(adv) for adv in (json.load(exp))]
+    mock_response.return_value = [
+        "1.1.0",
+        "1.1.1",
+        "1.1.2",
+        "1.1.3",
+        "1.1.4",
+        "1.1.5",
+        "1.1.6",
+        "1.1.7",
+        "1.1.8",
+    ]
+    improvers = [ApacheTomcatImprover(), DefaultImprover()]
+    result = []
+    for improver in improvers:
+        for advisory in advisories:
+            inference = [data.to_dict() for data in improver.get_inferences(advisory)]
+            result.extend(inference)
+    expected_file = os.path.join(TEST_DATA, f"apache-tomcat-improver-expected.json")
+    util_tests.check_results_against_json(result, expected_file)
+
+
 def test_extract_advisories_from_page():
     page = """
     <h3 id="Fixed_in_Apache_Tomcat_10.0.5"><span class="pull-right">6 April 2021</span> Fixed in Apache Tomcat 10.0.5</h3><div class="text">
diff --git a/vulnerabilities/tests/test_api.py b/vulnerabilities/tests/test_api.py
index d02808e16..57c0ce2da 100644
--- a/vulnerabilities/tests/test_api.py
+++ b/vulnerabilities/tests/test_api.py
@@ -18,6 +18,7 @@
 from rest_framework import status
 from rest_framework.test import APIClient
 
+from vulnerabilities.api import MinimalPackageSerializer
 from vulnerabilities.api import PackageSerializer
 from vulnerabilities.models import Alias
 from vulnerabilities.models import ApiUser
@@ -88,7 +89,6 @@ def setUp(self):
         self.client.credentials(HTTP_AUTHORIZATION=self.auth)
 
     def test_query_qualifier_filtering(self):
-
         # packages to check filtering with single/multiple and unordered qualifier filtering
         pk_multi_qf = Package.objects.create(
             name="vlc", version="1.50-1.1", type="deb", qualifiers={"foo": "bar", "tar": "ball"}
@@ -192,7 +192,7 @@ def setUp(self):
             )
         self.vulnerability = Vulnerability.objects.create(summary="test")
         self.pkg1 = Package.objects.create(name="flask", type="pypi", version="0.1.2")
-        self.pkg2 = Package.objects.create(name="flask", type="debian", version="0.1.2")
+        self.pkg2 = Package.objects.create(name="flask", type="deb", version="0.1.2")
         for pkg in [self.pkg1, self.pkg2]:
             PackageRelatedVulnerability.objects.create(
                 package=pkg, vulnerability=self.vulnerability, fix=True
@@ -210,6 +210,7 @@ def test_api_with_single_vulnerability(self):
         response = self.csrf_client.get(
             f"/api/vulnerabilities/{self.vulnerability.id}", format="json"
         ).data
+
         assert response == {
             "url": f"http://testserver/api/vulnerabilities/{self.vulnerability.id}",
             "vulnerability_id": self.vulnerability.vulnerability_id,
@@ -218,13 +219,15 @@ def test_api_with_single_vulnerability(self):
             "fixed_packages": [
                 {
                     "url": f"http://testserver/api/packages/{self.pkg2.id}",
-                    "purl": "pkg:debian/flask@0.1.2",
+                    "purl": "pkg:deb/flask@0.1.2",
                     "is_vulnerable": False,
+                    "affected_by_vulnerabilities": [],
                 },
                 {
                     "url": f"http://testserver/api/packages/{self.pkg1.id}",
                     "purl": "pkg:pypi/flask@0.1.2",
                     "is_vulnerable": False,
+                    "affected_by_vulnerabilities": [],
                 },
             ],
             "affected_packages": [],
@@ -245,6 +248,7 @@ def test_api_with_single_vulnerability_with_filters(self):
                     "url": f"http://testserver/api/packages/{self.pkg1.id}",
                     "purl": "pkg:pypi/flask@0.1.2",
                     "is_vulnerable": False,
+                    "affected_by_vulnerabilities": [],
                 },
             ],
             "affected_packages": [],
@@ -258,168 +262,234 @@ def setUp(self):
         self.auth = f"Token {self.user.auth_token.key}"
         self.csrf_client = APIClient(enforce_csrf_checks=True)
         self.csrf_client.credentials(HTTP_AUTHORIZATION=self.auth)
-        vuln = Vulnerability.objects.create(
-            summary="test-vuln",
+
+        # searched-for pkg
+        self.package_maven_jackson_databind_2_13_1 = Package.objects.create(
+            type="maven",
+            namespace="com.fasterxml.jackson.core",
+            name="jackson-databind",
+            version="2.13.1",
+            qualifiers={},
+            subpath="",
         )
-        self.vuln = vuln
-        self.vulnerable_packages = []
-        for i in range(0, 10):
-            query_kwargs = dict(
-                type="generic",
-                namespace="nginx",
-                name="test",
-                version=str(i),
-                qualifiers={},
-                subpath="",
-            )
-            vuln_package = Package.objects.create(**query_kwargs)
-            PackageRelatedVulnerability.objects.create(
-                package=vuln_package,
-                vulnerability=vuln,
-                fix=False,
-            )
-        self.vuln_package = vuln_package
-        query_kwargs = dict(
-            type="generic",
-            namespace="nginx",
-            name="test",
-            version="11",
+
+        # searched-for pkg's vuln
+        self.vuln_VCID_2nyb_8rwu_aaag = Vulnerability.objects.create(
+            summary="This is VCID-2nyb-8rwu-aaag",
+            vulnerability_id="VCID-2nyb-8rwu-aaag",
+        )
+
+        # pkg-vuln affect relationship
+        PackageRelatedVulnerability.objects.create(
+            package=self.package_maven_jackson_databind_2_13_1,
+            vulnerability=self.vuln_VCID_2nyb_8rwu_aaag,
+            fix=False,
+        )
+
+        # vuln aliases
+        Alias.objects.create(alias="CVE-2020-36518", vulnerability=self.vuln_VCID_2nyb_8rwu_aaag)
+        Alias.objects.create(
+            alias="GHSA-57j2-w4cx-62h2", vulnerability=self.vuln_VCID_2nyb_8rwu_aaag
+        )
+
+        # pkg (1 of 2 -- this is a lesser version and will be omitted from the API) that fixes searched-for pkg's vuln
+        self.package_maven_jackson_databind_2_12_6_1 = Package.objects.create(
+            type="maven",
+            namespace="com.fasterxml.jackson.core",
+            name="jackson-databind",
+            version="2.12.6.1",
             qualifiers={},
             subpath="",
         )
-        self.package = Package.objects.create(**query_kwargs)
+
+        # pkg-vuln fix relationship
         PackageRelatedVulnerability.objects.create(
-            package=self.package,
-            vulnerability=vuln,
+            package=self.package_maven_jackson_databind_2_12_6_1,
+            vulnerability=self.vuln_VCID_2nyb_8rwu_aaag,
             fix=True,
         )
-        vuln1 = Vulnerability.objects.create(
-            summary="test-vuln1",
+
+        # fixed by pkg own vuln
+        self.vuln_VCID_gqhw_ngh8_aaap = Vulnerability.objects.create(
+            summary="This is VCID-gqhw-ngh8-aaap",
+            vulnerability_id="VCID-gqhw-ngh8-aaap",
         )
-        Alias.objects.create(alias="CVE-2019-1234", vulnerability=vuln1)
-        Alias.objects.create(alias="GMS-1234-4321", vulnerability=vuln1)
-        Alias.objects.create(alias="CVE-2029-1234", vulnerability=vuln)
-        self.vuln1 = vuln1
+
+        # pkg-vuln affect relationship
         PackageRelatedVulnerability.objects.create(
-            package=self.package,
-            vulnerability=vuln1,
+            package=self.package_maven_jackson_databind_2_12_6_1,
+            vulnerability=self.vuln_VCID_gqhw_ngh8_aaap,
             fix=False,
         )
 
-    def test_is_vulnerable_attribute(self):
-        self.assertTrue(self.package.is_vulnerable)
+        # pkg (2 of 2 -- this is a greater version) that fixes searched-for pkg's vuln
+        self.package_maven_jackson_databind_2_13_2 = Package.objects.create(
+            type="maven",
+            namespace="com.fasterxml.jackson.core",
+            name="jackson-databind",
+            version="2.13.2",
+            qualifiers={},
+            subpath="",
+        )
 
-    def test_api_status(self):
-        response = self.csrf_client.get("/api/packages/", format="json")
-        self.assertEqual(status.HTTP_200_OK, response.status_code)
+        # pkg-vuln fix relationship
+        PackageRelatedVulnerability.objects.create(
+            package=self.package_maven_jackson_databind_2_13_2,
+            vulnerability=self.vuln_VCID_2nyb_8rwu_aaag,
+            fix=True,
+        )
 
-    def test_api_response(self):
-        response = self.csrf_client.get("/api/packages/", format="json").data
-        self.assertEqual(response["count"], 11)
+        # pkg-vuln affect relationship
+        PackageRelatedVulnerability.objects.create(
+            package=self.package_maven_jackson_databind_2_13_2,
+            vulnerability=self.vuln_VCID_gqhw_ngh8_aaap,
+            fix=False,
+        )
 
-    def test_api_with_namespace_filter(self):
-        response = self.csrf_client.get("/api/packages/?namespace=nginx", format="json").data
-        self.assertEqual(response["count"], 11)
+        # This is the vuln fixed by the searched-for pkg -- and by a lesser version (created below), which WILL be included in the API
+        self.vuln_VCID_ftmk_wbwx_aaar = Vulnerability.objects.create(
+            summary="This is VCID-ftmk-wbwx-aaar",
+            vulnerability_id="VCID-ftmk-wbwx-aaar",
+        )
 
-    def test_api_with_wrong_namespace_filter(self):
-        response = self.csrf_client.get("/api/packages/?namespace=foo-bar", format="json").data
-        self.assertEqual(response["count"], 0)
+        # searched-for pkg-vuln fix relationship
+        PackageRelatedVulnerability.objects.create(
+            package=self.package_maven_jackson_databind_2_13_1,
+            vulnerability=self.vuln_VCID_ftmk_wbwx_aaar,
+            fix=True,
+        )
 
-    def test_api_with_single_vulnerability_and_fixed_package(self):
-        response = self.csrf_client.get(f"/api/packages/{self.package.id}", format="json").data
-        assert response == {
-            "url": f"http://testserver/api/packages/{self.package.id}",
-            "purl": "pkg:generic/nginx/test@11",
-            "type": "generic",
-            "namespace": "nginx",
-            "name": "test",
-            "version": "11",
-            "qualifiers": {},
-            "subpath": "",
-            "affected_by_vulnerabilities": [
-                {
-                    "url": f"http://testserver/api/vulnerabilities/{self.vuln1.id}",
-                    "vulnerability_id": self.vuln1.vulnerability_id,
-                    "summary": "test-vuln1",
-                    "references": [],
-                    "fixed_packages": [],
-                    "aliases": ["CVE-2019-1234", "GMS-1234-4321"],
-                }
-            ],
-            "fixing_vulnerabilities": [
-                {
-                    "url": f"http://testserver/api/vulnerabilities/{self.vuln.id}",
-                    "vulnerability_id": self.vuln.vulnerability_id,
-                    "summary": "test-vuln",
-                    "references": [],
-                    "fixed_packages": [
-                        {
-                            "url": f"http://testserver/api/packages/{self.package.id}",
-                            "purl": "pkg:generic/nginx/test@11",
-                            "is_vulnerable": True,
-                        }
-                    ],
-                    "aliases": ["CVE-2029-1234"],
-                },
-            ],
-            "unresolved_vulnerabilities": [
-                {
-                    "url": f"http://testserver/api/vulnerabilities/{self.vuln1.id}",
-                    "vulnerability_id": self.vuln1.vulnerability_id,
-                    "summary": "test-vuln1",
-                    "references": [],
-                    "fixed_packages": [],
-                    "aliases": ["CVE-2019-1234", "GMS-1234-4321"],
-                }
-            ],
+        # lesser-version pkg that also fixes the vuln fixed by the searched-for pkg
+        self.package_maven_jackson_databind_2_12_6 = Package.objects.create(
+            type="maven",
+            namespace="com.fasterxml.jackson.core",
+            name="jackson-databind",
+            version="2.12.6",
+            qualifiers={},
+            subpath="",
+        )
+
+        # lesser-version pkg-vuln fix relationship
+        PackageRelatedVulnerability.objects.create(
+            package=self.package_maven_jackson_databind_2_12_6,
+            vulnerability=self.vuln_VCID_ftmk_wbwx_aaar,
+            fix=True,
+        )
+
+        # aliases for vuln fixed by searched-for pkg
+        Alias.objects.create(alias="CVE-2021-46877", vulnerability=self.vuln_VCID_ftmk_wbwx_aaar)
+        Alias.objects.create(
+            alias="GHSA-3x8x-79m2-3w2w", vulnerability=self.vuln_VCID_ftmk_wbwx_aaar
+        )
+
+        # This addresses both next and latest non-vulnerable pkg
+        self.package_maven_jackson_databind_2_14_0_rc1 = Package.objects.create(
+            type="maven",
+            namespace="com.fasterxml.jackson.core",
+            name="jackson-databind",
+            version="2.14.0-rc1",
+            qualifiers={},
+            subpath="",
+        )
+
+    def test_api_with_package_with_no_vulnerabilities(self):
+        affected_vulnerabilities = []
+        vuln = {
+            "foo": "bar",
         }
 
-    def test_api_with_single_vulnerability_and_vulnerable_package(self):
-        response = self.csrf_client.get(f"/api/packages/{self.vuln_package.id}", format="json").data
-        assert response == {
-            "url": f"http://testserver/api/packages/{self.vuln_package.id}",
-            "purl": "pkg:generic/nginx/test@9",
-            "type": "generic",
-            "namespace": "nginx",
-            "name": "test",
-            "version": "9",
+        package_with_no_vulnerabilities = MinimalPackageSerializer.get_vulnerability(
+            self,
+            vuln,
+        )
+
+        assert package_with_no_vulnerabilities is None
+
+    def test_api_with_lesser_and_greater_fixed_by_packages(self):
+        response = self.csrf_client.get(
+            f"/api/packages/{self.package_maven_jackson_databind_2_13_1.id}", format="json"
+        ).data
+
+        expected_response = {
+            "url": f"http://testserver/api/packages/{self.package_maven_jackson_databind_2_13_1.id}",
+            "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1",
+            "type": "maven",
+            "namespace": "com.fasterxml.jackson.core",
+            "name": "jackson-databind",
+            "version": "2.13.1",
             "qualifiers": {},
             "subpath": "",
+            "next_non_vulnerable_version": "2.14.0-rc1",
+            "latest_non_vulnerable_version": "2.14.0-rc1",
             "affected_by_vulnerabilities": [
                 {
-                    "url": f"http://testserver/api/vulnerabilities/{self.vuln.id}",
-                    "vulnerability_id": self.vuln.vulnerability_id,
-                    "summary": "test-vuln",
+                    "url": f"http://testserver/api/vulnerabilities/{self.vuln_VCID_2nyb_8rwu_aaag.id}",
+                    "vulnerability_id": "VCID-2nyb-8rwu-aaag",
+                    "summary": "This is VCID-2nyb-8rwu-aaag",
                     "references": [],
                     "fixed_packages": [
                         {
-                            "url": f"http://testserver/api/packages/{self.package.id}",
-                            "purl": "pkg:generic/nginx/test@11",
+                            "url": f"http://testserver/api/packages/{self.package_maven_jackson_databind_2_13_2.id}",
+                            "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2",
                             "is_vulnerable": True,
+                            "affected_by_vulnerabilities": [
+                                {"vulnerability": "VCID-gqhw-ngh8-aaap"}
+                            ],
                         }
                     ],
-                    "aliases": ["CVE-2029-1234"],
+                    "aliases": ["CVE-2020-36518", "GHSA-57j2-w4cx-62h2"],
                 }
             ],
-            "fixing_vulnerabilities": [],
-            "unresolved_vulnerabilities": [
+            "fixing_vulnerabilities": [
                 {
-                    "url": f"http://testserver/api/vulnerabilities/{self.vuln.id}",
-                    "vulnerability_id": self.vuln.vulnerability_id,
-                    "summary": "test-vuln",
+                    "url": f"http://testserver/api/vulnerabilities/{self.vuln_VCID_ftmk_wbwx_aaar.id}",
+                    "vulnerability_id": "VCID-ftmk-wbwx-aaar",
+                    "summary": "This is VCID-ftmk-wbwx-aaar",
                     "references": [],
                     "fixed_packages": [
                         {
-                            "url": f"http://testserver/api/packages/{self.package.id}",
-                            "purl": "pkg:generic/nginx/test@11",
+                            "url": f"http://testserver/api/packages/{self.package_maven_jackson_databind_2_12_6.id}",
+                            "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6",
+                            "is_vulnerable": False,
+                            "affected_by_vulnerabilities": [],
+                        },
+                        {
+                            "url": f"http://testserver/api/packages/{self.package_maven_jackson_databind_2_13_1.id}",
+                            "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1",
                             "is_vulnerable": True,
-                        }
+                            "affected_by_vulnerabilities": [
+                                {"vulnerability": "VCID-2nyb-8rwu-aaag"}
+                            ],
+                        },
                     ],
-                    "aliases": ["CVE-2029-1234"],
-                }
+                    "aliases": ["CVE-2021-46877", "GHSA-3x8x-79m2-3w2w"],
+                },
             ],
         }
 
+        assert response == expected_response
+
+    def test_is_vulnerable_attribute(self):
+        self.assertTrue(self.package_maven_jackson_databind_2_13_1.is_vulnerable)
+
+    def test_api_status(self):
+        response = self.csrf_client.get("/api/packages/", format="json")
+        self.assertEqual(status.HTTP_200_OK, response.status_code)
+
+    def test_api_response(self):
+        response = self.csrf_client.get("/api/packages/", format="json").data
+        self.assertEqual(response["count"], 5)
+
+    def test_api_with_namespace_filter(self):
+        response = self.csrf_client.get(
+            "/api/packages/?namespace=com.fasterxml.jackson.core", format="json"
+        ).data
+        self.assertEqual(response["count"], 5)
+
+    def test_api_with_wrong_namespace_filter(self):
+        response = self.csrf_client.get("/api/packages/?namespace=foo-bar", format="json").data
+        self.assertEqual(response["count"], 0)
+
     def test_api_with_all_vulnerable_packages(self):
         with self.assertNumQueries(4):
             # There are 4 queries:
@@ -428,27 +498,24 @@ def test_api_with_all_vulnerable_packages(self):
             # 3. Get all vulnerable packages
             # 4. RELEASE SAVEPOINT
             response = self.csrf_client.get(f"/api/packages/all", format="json").data
-            assert len(response) == 11
+
+            assert len(response) == 3
             assert response == [
-                "pkg:generic/nginx/test@0",
-                "pkg:generic/nginx/test@1",
-                "pkg:generic/nginx/test@11",
-                "pkg:generic/nginx/test@2",
-                "pkg:generic/nginx/test@3",
-                "pkg:generic/nginx/test@4",
-                "pkg:generic/nginx/test@5",
-                "pkg:generic/nginx/test@6",
-                "pkg:generic/nginx/test@7",
-                "pkg:generic/nginx/test@8",
-                "pkg:generic/nginx/test@9",
+                "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1",
+                "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1",
+                "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2",
             ]
 
     def test_api_with_ignorning_qualifiers(self):
         response = self.csrf_client.get(
-            f"/api/packages/?purl=pkg:generic/nginx/test@9?foo=bar", format="json"
+            f"/api/packages/?purl=pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.14.0-rc1?foo=bar",
+            format="json",
         ).data
         assert response["count"] == 1
-        assert response["results"][0]["purl"] == "pkg:generic/nginx/test@9"
+        assert (
+            response["results"][0]["purl"]
+            == "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.14.0-rc1"
+        )
 
 
 class CPEApi(TestCase):
@@ -676,3 +743,9 @@ def test_with_invalid_cpes(self):
             content_type="application/json",
         ).json()
         assert response == {"Error": "Invalid CPE: CVE-2022-2022"}
+
+
+class TesBanUserAgent(TestCase):
+    def test_ban_request_with_bytedance_user_agent(self):
+        response = self.client.get(f"/api/packages", format="json", HTTP_USER_AGENT="bytedance")
+        assert 404 == response.status_code
diff --git a/vulnerabilities/tests/test_auth.py b/vulnerabilities/tests/test_auth.py
deleted file mode 100644
index 131bafd39..000000000
--- a/vulnerabilities/tests/test_auth.py
+++ /dev/null
@@ -1,33 +0,0 @@
-#
-# Copyright (c) nexB Inc. and others. All rights reserved.
-# VulnerableCode is a trademark of nexB Inc.
-# SPDX-License-Identifier: Apache-2.0
-# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
-# See https://github.com/nexB/vulnerablecode for support or download.
-# See https://aboutcode.org for more information about nexB OSS projects.
-# This is copied from https://github.com/nexB/scancode.io/commit/eab8eeb13989c26a1600cc64e8b054f171341063
-#
-
-
-from django.conf import settings
-from django.contrib.auth.models import AnonymousUser
-from django.test import TestCase
-
-from vulnerabilities.models import ApiUser
-
-TEST_PASSWORD = "secret"
-
-
-api_package_url = "/api/packages/"
-login_redirect_url = settings.LOGIN_REDIRECT_URL
-
-
-class VulnerableCodeAuthTest(TestCase):
-    def setUp(self):
-        self.basic_user = ApiUser.objects.create_api_user(username="basic_user@foo.com")
-
-    def test_vulnerablecode_auth_api_required_authentication(self):
-        response = self.client.get(api_package_url)
-        expected = {"detail": "Authentication credentials were not provided."}
-        self.assertEqual(expected, response.json())
-        self.assertEqual(401, response.status_code)
diff --git a/vulnerabilities/tests/test_data/apache_kafka/apache-kafka-improver-expected.json b/vulnerabilities/tests/test_data/apache_kafka/apache-kafka-improver-expected.json
new file mode 100644
index 000000000..451421759
--- /dev/null
+++ b/vulnerabilities/tests/test_data/apache_kafka/apache-kafka-improver-expected.json
@@ -0,0 +1,1768 @@
+[
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2018-17196"
+    ],
+    "confidence": 100,
+    "summary": "In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed.",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "1.1.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "1.1.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "1.1.2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "1.1.3",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "1.1.4",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "1.1.5",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "1.1.6",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "1.1.7",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "1.1.8",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": null,
+    "references": [
+      {
+        "reference_id": "CVE-2018-17196",
+        "url": "https://kafka.apache.org/cve-list",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2018-17196",
+        "url": "https://kafka.apache.org/cve-list#CVE-2018-17196",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2018-17196",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17196",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2022-34917"
+    ],
+    "confidence": 100,
+    "summary": "This CVE identified a flaw where it allows the malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service.",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.8.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.8.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.0.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.0.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.1.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.1.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.2.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.2.1",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "kafka",
+      "version": "2.8.2",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2022-34917",
+        "url": "https://kafka.apache.org/cve-list",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2022-34917",
+        "url": "https://kafka.apache.org/cve-list#CVE-2022-34917",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2022-34917",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34917",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2022-34917"
+    ],
+    "confidence": 100,
+    "summary": "This CVE identified a flaw where it allows the malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service.",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.8.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.8.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.0.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.0.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.1.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.1.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.2.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.2.1",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "kafka",
+      "version": "3.0.2",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2022-34917",
+        "url": "https://kafka.apache.org/cve-list",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2022-34917",
+        "url": "https://kafka.apache.org/cve-list#CVE-2022-34917",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2022-34917",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34917",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2022-34917"
+    ],
+    "confidence": 100,
+    "summary": "This CVE identified a flaw where it allows the malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service.",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.8.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.8.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.0.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.0.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.1.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.1.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.2.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.2.1",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "kafka",
+      "version": "3.1.2",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2022-34917",
+        "url": "https://kafka.apache.org/cve-list",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2022-34917",
+        "url": "https://kafka.apache.org/cve-list#CVE-2022-34917",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2022-34917",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34917",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2022-34917"
+    ],
+    "confidence": 100,
+    "summary": "This CVE identified a flaw where it allows the malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service.",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.8.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.8.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.0.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.0.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.1.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.1.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.2.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "3.2.1",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "kafka",
+      "version": "3.2.3",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2022-34917",
+        "url": "https://kafka.apache.org/cve-list",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2022-34917",
+        "url": "https://kafka.apache.org/cve-list#CVE-2022-34917",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2022-34917",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34917",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2021-38153"
+    ],
+    "confidence": 100,
+    "summary": "Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed.",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.0.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.0.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.1.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.1.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.2.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.2.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.2.2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.3.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.3.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.4.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.4.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.5.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.5.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.6.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.6.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.6.2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.7.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.7.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.8.0",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "kafka",
+      "version": "2.6.3",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2021-38153",
+        "url": "https://kafka.apache.org/cve-list",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2021-38153",
+        "url": "https://kafka.apache.org/cve-list#CVE-2021-38153",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2021-38153",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38153",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2021-38153"
+    ],
+    "confidence": 100,
+    "summary": "Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed.",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.0.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.0.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.1.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.1.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.2.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.2.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.2.2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.3.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.3.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.4.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.4.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.5.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.5.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.6.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.6.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.6.2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.7.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.7.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.8.0",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "kafka",
+      "version": "2.7.2",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2021-38153",
+        "url": "https://kafka.apache.org/cve-list",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2021-38153",
+        "url": "https://kafka.apache.org/cve-list#CVE-2021-38153",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2021-38153",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38153",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2021-38153"
+    ],
+    "confidence": 100,
+    "summary": "Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed.",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.0.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.0.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.1.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.1.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.2.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.2.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.2.2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.3.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.3.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.4.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.4.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.5.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.5.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.6.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.6.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.6.2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.7.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.7.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.8.0",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "kafka",
+      "version": "2.8.1",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2021-38153",
+        "url": "https://kafka.apache.org/cve-list",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2021-38153",
+        "url": "https://kafka.apache.org/cve-list#CVE-2021-38153",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2021-38153",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38153",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2019-12399"
+    ],
+    "confidence": 100,
+    "summary": "When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value (the externalized secret variable is not the whole configuration property value), then any client can issue a request to the same Connect cluster to obtain the connector's task configurations and the response will contain the plaintext secret rather than the externalized secrets variable. Users should upgrade to 2.2.2 or higher, or 2.3.1 or higher where this vulnerability has been fixed.",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.0.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.0.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.1.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.1.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.2.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.2.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "2.3.0",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "kafka",
+      "version": "2.2.2",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2019-12399",
+        "url": "https://kafka.apache.org/cve-list",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2019-12399",
+        "url": "https://kafka.apache.org/cve-list#CVE-2019-12399",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2019-12399",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12399",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2018-17196"
+    ],
+    "confidence": 100,
+    "summary": "In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users should upgrade to 2.1.1 or later where this vulnerability has been fixed.",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.11.0+0",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": null,
+    "references": [
+      {
+        "reference_id": "CVE-2018-17196",
+        "url": "https://kafka.apache.org/cve-list",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2018-17196",
+        "url": "https://kafka.apache.org/cve-list#CVE-2018-17196",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2018-17196",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17196",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2018-1288"
+    ],
+    "confidence": 100,
+    "summary": "Authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.9.0+0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.9.0+1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.10.0+0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.10.2+1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.11.0+0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.11.0+2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "1.0.0",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "kafka",
+      "version": "0.10.2+2",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2018-1288",
+        "url": "https://kafka.apache.org/cve-list",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2018-1288",
+        "url": "https://kafka.apache.org/cve-list#CVE-2018-1288",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2018-1288",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1288",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2018-1288"
+    ],
+    "confidence": 100,
+    "summary": "Authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.9.0+0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.9.0+1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.10.0+0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.10.2+1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.11.0+0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.11.0+2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "1.0.0",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "kafka",
+      "version": "0.11.0+3",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2018-1288",
+        "url": "https://kafka.apache.org/cve-list",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2018-1288",
+        "url": "https://kafka.apache.org/cve-list#CVE-2018-1288",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2018-1288",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1288",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2018-1288"
+    ],
+    "confidence": 100,
+    "summary": "Authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.9.0+0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.9.0+1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.10.0+0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.10.2+1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.11.0+0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.11.0+2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "1.0.0",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "kafka",
+      "version": "1.0.1",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2018-1288",
+        "url": "https://kafka.apache.org/cve-list",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2018-1288",
+        "url": "https://kafka.apache.org/cve-list#CVE-2018-1288",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2018-1288",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1288",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2018-1288"
+    ],
+    "confidence": 100,
+    "summary": "Authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.9.0+0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.9.0+1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.10.0+0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.10.2+1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.11.0+0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.11.0+2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "1.0.0",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "kafka",
+      "version": "1.1.0",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2018-1288",
+        "url": "https://kafka.apache.org/cve-list",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2018-1288",
+        "url": "https://kafka.apache.org/cve-list#CVE-2018-1288",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2018-1288",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1288",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2017-12610"
+    ],
+    "confidence": 100,
+    "summary": "Authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.10.0+0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.10.2+1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.11.0+0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.11.0+1",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "kafka",
+      "version": "0.10.2+2",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2017-12610",
+        "url": "https://kafka.apache.org/cve-list",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2017-12610",
+        "url": "https://kafka.apache.org/cve-list#CVE-2017-12610",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2017-12610",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12610",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2017-12610"
+    ],
+    "confidence": 100,
+    "summary": "Authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.10.0+0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.10.2+1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.11.0+0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.11.0+1",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "kafka",
+      "version": "0.11.0+2",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2017-12610",
+        "url": "https://kafka.apache.org/cve-list",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2017-12610",
+        "url": "https://kafka.apache.org/cve-list#CVE-2017-12610",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2017-12610",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12610",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2017-12610"
+    ],
+    "confidence": 100,
+    "summary": "Authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka.",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.10.0+0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.10.2+1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.11.0+0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "kafka",
+        "version": "0.11.0+1",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "kafka",
+      "version": "1.0.0",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2017-12610",
+        "url": "https://kafka.apache.org/cve-list",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2017-12610",
+        "url": "https://kafka.apache.org/cve-list#CVE-2017-12610",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2017-12610",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12610",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  }
+]
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/apache_tomcat/apache-tomcat-improver-expected.json b/vulnerabilities/tests/test_data/apache_tomcat/apache-tomcat-improver-expected.json
new file mode 100644
index 000000000..41f28b3c9
--- /dev/null
+++ b/vulnerabilities/tests/test_data/apache_tomcat/apache-tomcat-improver-expected.json
@@ -0,0 +1,2278 @@
+[
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2005-4836"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "1.1.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "1.1.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "1.1.2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "1.1.3",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "1.1.4",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "1.1.5",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "1.1.6",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "1.1.7",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "1.1.8",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": null,
+    "references": [
+      {
+        "reference_id": "CVE-2005-4836",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4836",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Moderate",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2005-4836"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "1.1.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "1.1.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "1.1.2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "1.1.3",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "1.1.4",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "1.1.5",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "1.1.6",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "1.1.7",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "1.1.8",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": null,
+    "references": [
+      {
+        "reference_id": "CVE-2005-4836",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4836",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Moderate",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2020-9484"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "9.0.0+M1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "9.0.41",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "tomcat",
+      "version": "9.0.43",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2020-9484",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2020-9484"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "9.0.0.M1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "9.0.41",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "maven",
+      "namespace": "org.apache.tomcat",
+      "name": "tomcat",
+      "version": "9.0.43",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2020-9484",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2021-25329"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "9.0.0+M1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "9.0.41",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "tomcat",
+      "version": "9.0.43",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2021-25329",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25329",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2021-25329"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "9.0.0.M1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "9.0.41",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "maven",
+      "namespace": "org.apache.tomcat",
+      "name": "tomcat",
+      "version": "9.0.43",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2021-25329",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25329",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2021-25122"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "9.0.0+M1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "9.0.41",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "tomcat",
+      "version": "9.0.43",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2021-25122",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Important",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://github.com/apache/tomcat/commit/d47c20a776e8919eaca8da9390a32bc8bf8210b1",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2021-25122"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "9.0.0.M1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "9.0.41",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "maven",
+      "namespace": "org.apache.tomcat",
+      "name": "tomcat",
+      "version": "9.0.43",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2021-25122",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Important",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://github.com/apache/tomcat/commit/d47c20a776e8919eaca8da9390a32bc8bf8210b1",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2020-9484"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "9.0.0+M1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "9.0.34",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "tomcat",
+      "version": "9.0.35",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2020-9484",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Important",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2020-9484"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "9.0.0.M1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "9.0.34",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "maven",
+      "namespace": "org.apache.tomcat",
+      "name": "tomcat",
+      "version": "9.0.35",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2020-9484",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Important",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2018-8014"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "9.0.0+M1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "9.0.8",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "tomcat",
+      "version": "9.0.9",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2018-8014",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8014",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=1831726",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2018-8014"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "9.0.0.M1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "9.0.8",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "maven",
+      "namespace": "org.apache.tomcat",
+      "name": "tomcat",
+      "version": "9.0.9",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2018-8014",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8014",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=1831726",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2016-3092"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "8.0.0+RC1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "8.0.35",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "8.5.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "8.5.2",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "tomcat",
+      "version": "8.0.36",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2016-3092",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Moderate",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=1743722",
+        "severities": []
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=1743738",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2016-3092"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "8.0.0+RC1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "8.0.35",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "8.5.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "8.5.2",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "tomcat",
+      "version": "8.5.3",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2016-3092",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Moderate",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=1743722",
+        "severities": []
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=1743738",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2016-3092"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "8.0.0.RC1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "8.0.35",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "8.5.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "8.5.2",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "maven",
+      "namespace": "org.apache.tomcat",
+      "name": "tomcat",
+      "version": "8.0.36",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2016-3092",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Moderate",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=1743722",
+        "severities": []
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=1743738",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2016-3092"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "8.0.0.RC1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "8.0.35",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "8.5.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "8.5.2",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "maven",
+      "namespace": "org.apache.tomcat",
+      "name": "tomcat",
+      "version": "8.5.3",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2016-3092",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Moderate",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=1743722",
+        "severities": []
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=1743738",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2008-5515"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "5.5.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "5.5.27",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "tomcat",
+      "version": "5.5.28",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2008-5515",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Important",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=782757",
+        "severities": []
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=783291",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2008-5515"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "5.5.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "5.5.27",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "maven",
+      "namespace": "org.apache.tomcat",
+      "name": "tomcat",
+      "version": "5.5.28",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2008-5515",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Important",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=782757",
+        "severities": []
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=783291",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2009-0033"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "5.5.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "5.5.27",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "tomcat",
+      "version": "5.5.28",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2009-0033",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Important",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=781362",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2009-0033"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "5.5.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "5.5.27",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "maven",
+      "namespace": "org.apache.tomcat",
+      "name": "tomcat",
+      "version": "5.5.28",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2009-0033",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Important",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=781362",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2009-0580"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "5.5.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "5.5.27",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "tomcat",
+      "version": "5.5.28",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2009-0580",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=781379",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2009-0580"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "5.5.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "5.5.27",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "maven",
+      "namespace": "org.apache.tomcat",
+      "name": "tomcat",
+      "version": "5.5.28",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2009-0580",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=781379",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2009-0781"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "5.5.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "5.5.27",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "tomcat",
+      "version": "5.5.28",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2009-0781",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=750928",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2009-0781"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "5.5.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "5.5.27",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "maven",
+      "namespace": "org.apache.tomcat",
+      "name": "tomcat",
+      "version": "5.5.28",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2009-0781",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=750928",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2009-0783"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "5.5.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "5.5.27",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "tomcat",
+      "version": "5.5.28",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2009-0783",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=681156",
+        "severities": []
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=781542",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2009-0783"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "5.5.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "5.5.27",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "maven",
+      "namespace": "org.apache.tomcat",
+      "name": "tomcat",
+      "version": "5.5.28",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2009-0783",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=681156",
+        "severities": []
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=781542",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2005-4836"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "4.1.0+SVN",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "4.1.15",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": null,
+    "references": [
+      {
+        "reference_id": "CVE-2005-4836",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4836",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Moderate",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2005-4836"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "4.1.SVN",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "4.1.15",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": null,
+    "references": [
+      {
+        "reference_id": "CVE-2005-4836",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4836",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Moderate",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2008-4308"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "4.1.32",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "4.1.34",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "tomcat",
+      "version": "4.1.35",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2008-4308",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2008-4308"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "4.1.32",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "4.1.34",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "maven",
+      "namespace": "org.apache.tomcat",
+      "name": "tomcat",
+      "version": "4.1.35",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2008-4308",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2002-0935"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "4.0.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "4.0.2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "4.0.3",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "4.0.4",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "4.0.6",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "4.1.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "4.1.2",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "tomcat",
+      "version": "4.1.3",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2002-0935",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0935",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Important",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2002-0935"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "4.0.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "4.0.2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "4.0.3",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "4.0.4",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "4.0.6",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "4.1.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "4.1.2",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "maven",
+      "namespace": "org.apache.tomcat",
+      "name": "tomcat",
+      "version": "4.1.3",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2002-0935",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0935",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Important",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2002-2007"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "3.2.3",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "3.2.4",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "tomcat",
+      "version": "3.3.0-a",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2002-2007",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2007",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Moderate",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2002-2007"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "3.2.3",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "3.2.4",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "maven",
+      "namespace": "org.apache.tomcat",
+      "name": "tomcat",
+      "version": "3.3a",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2002-2007",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2007",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Moderate",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2002-2006"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "3.1.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "3.1.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "3.2.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "3.2.4",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "tomcat",
+      "version": "3.3.0-a",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2002-2006",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2002-2006"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "3.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "3.1.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "3.2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "3.2.4",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "maven",
+      "namespace": "org.apache.tomcat",
+      "name": "tomcat",
+      "version": "3.3a",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2002-2006",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2000-0760"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "3.1.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "3.1.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "3.2.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "apache",
+        "namespace": null,
+        "name": "tomcat",
+        "version": "3.2.4",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "apache",
+      "namespace": null,
+      "name": "tomcat",
+      "version": "3.3.0-a",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2000-0760",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0760",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2000-0760"
+    ],
+    "confidence": 100,
+    "summary": "",
+    "affected_purls": [
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "3.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "3.1.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "3.2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "maven",
+        "namespace": "org.apache.tomcat",
+        "name": "tomcat",
+        "version": "3.2.4",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "maven",
+      "namespace": "org.apache.tomcat",
+      "name": "tomcat",
+      "version": "3.3a",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "CVE-2000-0760",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0760",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  }
+]
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/apache_tomcat/parse-apache_tomcat-selected-advisories-expected.json b/vulnerabilities/tests/test_data/apache_tomcat/parse-apache_tomcat-selected-advisories-expected.json
index a8da59963..ba023ef4e 100644
--- a/vulnerabilities/tests/test_data/apache_tomcat/parse-apache_tomcat-selected-advisories-expected.json
+++ b/vulnerabilities/tests/test_data/apache_tomcat/parse-apache_tomcat-selected-advisories-expected.json
@@ -1,871 +1,871 @@
 [
-    {
-        "aliases": [
-            "CVE-2020-9484"
-        ],
-        "summary": "",
-        "affected_packages": [
-            {
-                "package": {
-                    "type": "apache",
-                    "namespace": null,
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:apache/>=9.0.0+M1|<=9.0.41|!=9.0.43",
-                "fixed_version": null
-            },
-            {
-                "package": {
-                    "type": "maven",
-                    "namespace": "org.apache.tomcat",
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:maven/>=9.0.0.M1|<=9.0.41|!=9.0.43",
-                "fixed_version": null
-            }
-        ],
-        "references": [
-            {
-                "reference_id": "CVE-2020-9484",
-                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484",
-                "severities": [
-                    {
-                        "system": "apache_tomcat",
-                        "value": "Low",
-                        "scoring_elements": ""
-                    }
-                ]
-            },
-            {
-                "reference_id": "",
-                "url": "https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453",
-                "severities": []
-            }
-        ],
-        "date_published": null,
-        "weaknesses": []
-    },
-    {
-        "aliases": [
-            "CVE-2021-25329"
-        ],
-        "summary": "",
-        "affected_packages": [
-            {
-                "package": {
-                    "type": "apache",
-                    "namespace": null,
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:apache/>=9.0.0+M1|<=9.0.41|!=9.0.43",
-                "fixed_version": null
-            },
-            {
-                "package": {
-                    "type": "maven",
-                    "namespace": "org.apache.tomcat",
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:maven/>=9.0.0.M1|<=9.0.41|!=9.0.43",
-                "fixed_version": null
-            }
-        ],
-        "references": [
-            {
-                "reference_id": "CVE-2021-25329",
-                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25329",
-                "severities": [
-                    {
-                        "system": "apache_tomcat",
-                        "value": "Low",
-                        "scoring_elements": ""
-                    }
-                ]
-            },
-            {
-                "reference_id": "",
-                "url": "https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453",
-                "severities": []
-            }
-        ],
-        "date_published": null,
-        "weaknesses": []
-    },
-    {
-        "aliases": [
-            "CVE-2021-25122"
-        ],
-        "summary": "",
-        "affected_packages": [
-            {
-                "package": {
-                    "type": "apache",
-                    "namespace": null,
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:apache/>=9.0.0+M1|<=9.0.41|!=9.0.43",
-                "fixed_version": null
-            },
-            {
-                "package": {
-                    "type": "maven",
-                    "namespace": "org.apache.tomcat",
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:maven/>=9.0.0.M1|<=9.0.41|!=9.0.43",
-                "fixed_version": null
-            }
-        ],
-        "references": [
-            {
-                "reference_id": "CVE-2021-25122",
-                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122",
-                "severities": [
-                    {
-                        "system": "apache_tomcat",
-                        "value": "Important",
-                        "scoring_elements": ""
-                    }
-                ]
-            },
-            {
-                "reference_id": "",
-                "url": "https://github.com/apache/tomcat/commit/d47c20a776e8919eaca8da9390a32bc8bf8210b1",
-                "severities": []
-            }
-        ],
-        "date_published": null,
-        "weaknesses": []
-    },
-    {
-        "aliases": [
-            "CVE-2020-9484"
-        ],
-        "summary": "",
-        "affected_packages": [
-            {
-                "package": {
-                    "type": "apache",
-                    "namespace": null,
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:apache/>=9.0.0+M1|<=9.0.34|!=9.0.35",
-                "fixed_version": null
-            },
-            {
-                "package": {
-                    "type": "maven",
-                    "namespace": "org.apache.tomcat",
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:maven/>=9.0.0.M1|<=9.0.34|!=9.0.35",
-                "fixed_version": null
-            }
-        ],
-        "references": [
-            {
-                "reference_id": "CVE-2020-9484",
-                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484",
-                "severities": [
-                    {
-                        "system": "apache_tomcat",
-                        "value": "Important",
-                        "scoring_elements": ""
-                    }
-                ]
-            },
-            {
-                "reference_id": "",
-                "url": "https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222",
-                "severities": []
-            }
-        ],
-        "date_published": null,
-        "weaknesses": []
-    },
-    {
-        "aliases": [
-            "CVE-2018-8014"
-        ],
-        "summary": "",
-        "affected_packages": [
-            {
-                "package": {
-                    "type": "apache",
-                    "namespace": null,
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:apache/>=9.0.0+M1|<=9.0.8|!=9.0.9",
-                "fixed_version": null
-            },
-            {
-                "package": {
-                    "type": "maven",
-                    "namespace": "org.apache.tomcat",
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:maven/>=9.0.0.M1|<=9.0.8|!=9.0.9",
-                "fixed_version": null
-            }
-        ],
-        "references": [
-            {
-                "reference_id": "CVE-2018-8014",
-                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8014",
-                "severities": [
-                    {
-                        "system": "apache_tomcat",
-                        "value": "Low",
-                        "scoring_elements": ""
-                    }
-                ]
-            },
-            {
-                "reference_id": "",
-                "url": "https://svn.apache.org/viewvc?view=rev&rev=1831726",
-                "severities": []
-            }
-        ],
-        "date_published": null,
-        "weaknesses": []
-    },
-    {
-        "aliases": [
-            "CVE-2016-3092"
-        ],
-        "summary": "",
-        "affected_packages": [
-            {
-                "package": {
-                    "type": "apache",
-                    "namespace": null,
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:apache/>=8.0.0+RC1|<=8.0.35|!=8.0.36|>=8.5.0|<=8.5.2|!=8.5.3",
-                "fixed_version": null
-            },
-            {
-                "package": {
-                    "type": "maven",
-                    "namespace": "org.apache.tomcat",
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:maven/>=8.0.0.RC1|<=8.0.35|!=8.0.36|>=8.5.0|<=8.5.2|!=8.5.3",
-                "fixed_version": null
-            }
-        ],
-        "references": [
-            {
-                "reference_id": "CVE-2016-3092",
-                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092",
-                "severities": [
-                    {
-                        "system": "apache_tomcat",
-                        "value": "Moderate",
-                        "scoring_elements": ""
-                    }
-                ]
-            },
-            {
-                "reference_id": "",
-                "url": "https://svn.apache.org/viewvc?view=rev&rev=1743722",
-                "severities": []
-            },
-            {
-                "reference_id": "",
-                "url": "https://svn.apache.org/viewvc?view=rev&rev=1743738",
-                "severities": []
-            }
-        ],
-        "date_published": null,
-        "weaknesses": []
-    },
-    {
-        "aliases": [
-            "CVE-2008-5515"
-        ],
-        "summary": "",
-        "affected_packages": [
-            {
-                "package": {
-                    "type": "apache",
-                    "namespace": null,
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:apache/>=5.5.0|<=5.5.27|!=5.5.28",
-                "fixed_version": null
-            },
-            {
-                "package": {
-                    "type": "maven",
-                    "namespace": "org.apache.tomcat",
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:maven/>=5.5.0|<=5.5.27|!=5.5.28",
-                "fixed_version": null
-            }
-        ],
-        "references": [
-            {
-                "reference_id": "CVE-2008-5515",
-                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515",
-                "severities": [
-                    {
-                        "system": "apache_tomcat",
-                        "value": "Important",
-                        "scoring_elements": ""
-                    }
-                ]
-            },
-            {
-                "reference_id": "",
-                "url": "https://svn.apache.org/viewvc?view=rev&rev=782757",
-                "severities": []
-            },
-            {
-                "reference_id": "",
-                "url": "https://svn.apache.org/viewvc?view=rev&rev=783291",
-                "severities": []
-            }
-        ],
-        "date_published": null,
-        "weaknesses": []
-    },
-    {
-        "aliases": [
-            "CVE-2009-0033"
-        ],
-        "summary": "",
-        "affected_packages": [
-            {
-                "package": {
-                    "type": "apache",
-                    "namespace": null,
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:apache/>=5.5.0|<=5.5.27|!=5.5.28",
-                "fixed_version": null
-            },
-            {
-                "package": {
-                    "type": "maven",
-                    "namespace": "org.apache.tomcat",
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:maven/>=5.5.0|<=5.5.27|!=5.5.28",
-                "fixed_version": null
-            }
-        ],
-        "references": [
-            {
-                "reference_id": "CVE-2009-0033",
-                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033",
-                "severities": [
-                    {
-                        "system": "apache_tomcat",
-                        "value": "Important",
-                        "scoring_elements": ""
-                    }
-                ]
-            },
-            {
-                "reference_id": "",
-                "url": "https://svn.apache.org/viewvc?view=rev&rev=781362",
-                "severities": []
-            }
-        ],
-        "date_published": null,
-        "weaknesses": []
-    },
-    {
-        "aliases": [
-            "CVE-2009-0580"
-        ],
-        "summary": "",
-        "affected_packages": [
-            {
-                "package": {
-                    "type": "apache",
-                    "namespace": null,
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:apache/>=5.5.0|<=5.5.27|!=5.5.28",
-                "fixed_version": null
-            },
-            {
-                "package": {
-                    "type": "maven",
-                    "namespace": "org.apache.tomcat",
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:maven/>=5.5.0|<=5.5.27|!=5.5.28",
-                "fixed_version": null
-            }
-        ],
-        "references": [
-            {
-                "reference_id": "CVE-2009-0580",
-                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580",
-                "severities": [
-                    {
-                        "system": "apache_tomcat",
-                        "value": "Low",
-                        "scoring_elements": ""
-                    }
-                ]
-            },
-            {
-                "reference_id": "",
-                "url": "https://svn.apache.org/viewvc?view=rev&rev=781379",
-                "severities": []
-            }
-        ],
-        "date_published": null,
-        "weaknesses": []
-    },
-    {
-        "aliases": [
-            "CVE-2009-0781"
-        ],
-        "summary": "",
-        "affected_packages": [
-            {
-                "package": {
-                    "type": "apache",
-                    "namespace": null,
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:apache/>=5.5.0|<=5.5.27|!=5.5.28",
-                "fixed_version": null
-            },
-            {
-                "package": {
-                    "type": "maven",
-                    "namespace": "org.apache.tomcat",
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:maven/>=5.5.0|<=5.5.27|!=5.5.28",
-                "fixed_version": null
-            }
-        ],
-        "references": [
-            {
-                "reference_id": "CVE-2009-0781",
-                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781",
-                "severities": [
-                    {
-                        "system": "apache_tomcat",
-                        "value": "Low",
-                        "scoring_elements": ""
-                    }
-                ]
-            },
-            {
-                "reference_id": "",
-                "url": "https://svn.apache.org/viewvc?view=rev&rev=750928",
-                "severities": []
-            }
-        ],
-        "date_published": null,
-        "weaknesses": []
-    },
-    {
-        "aliases": [
-            "CVE-2009-0783"
-        ],
-        "summary": "",
-        "affected_packages": [
-            {
-                "package": {
-                    "type": "apache",
-                    "namespace": null,
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:apache/>=5.5.0|<=5.5.27|!=5.5.28",
-                "fixed_version": null
-            },
-            {
-                "package": {
-                    "type": "maven",
-                    "namespace": "org.apache.tomcat",
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:maven/>=5.5.0|<=5.5.27|!=5.5.28",
-                "fixed_version": null
-            }
-        ],
-        "references": [
-            {
-                "reference_id": "CVE-2009-0783",
-                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783",
-                "severities": [
-                    {
-                        "system": "apache_tomcat",
-                        "value": "Low",
-                        "scoring_elements": ""
-                    }
-                ]
-            },
-            {
-                "reference_id": "",
-                "url": "https://svn.apache.org/viewvc?view=rev&rev=681156",
-                "severities": []
-            },
-            {
-                "reference_id": "",
-                "url": "https://svn.apache.org/viewvc?view=rev&rev=781542",
-                "severities": []
-            }
-        ],
-        "date_published": null,
-        "weaknesses": []
-    },
-    {
-        "aliases": [
-            "CVE-2005-4836"
-        ],
-        "summary": "",
-        "affected_packages": [
-            {
-                "package": {
-                    "type": "apache",
-                    "namespace": null,
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:apache/<=4.1.0+SVN|>=4.1.15",
-                "fixed_version": null
-            },
-            {
-                "package": {
-                    "type": "maven",
-                    "namespace": "org.apache.tomcat",
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:maven/<=4.1.SVN|>=4.1.15",
-                "fixed_version": null
-            }
-        ],
-        "references": [
-            {
-                "reference_id": "CVE-2005-4836",
-                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4836",
-                "severities": [
-                    {
-                        "system": "apache_tomcat",
-                        "value": "Moderate",
-                        "scoring_elements": ""
-                    }
-                ]
-            }
-        ],
-        "date_published": null,
-        "weaknesses": []
-    },
-    {
-        "aliases": [
-            "CVE-2008-4308"
-        ],
-        "summary": "",
-        "affected_packages": [
-            {
-                "package": {
-                    "type": "apache",
-                    "namespace": null,
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:apache/>=4.1.32|<=4.1.34|!=4.1.35",
-                "fixed_version": null
-            },
-            {
-                "package": {
-                    "type": "maven",
-                    "namespace": "org.apache.tomcat",
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:maven/>=4.1.32|<=4.1.34|!=4.1.35",
-                "fixed_version": null
-            }
-        ],
-        "references": [
-            {
-                "reference_id": "CVE-2008-4308",
-                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308",
-                "severities": [
-                    {
-                        "system": "apache_tomcat",
-                        "value": "Low",
-                        "scoring_elements": ""
-                    }
-                ]
-            }
-        ],
-        "date_published": null,
-        "weaknesses": []
-    },
-    {
-        "aliases": [
-            "CVE-2002-0935"
-        ],
-        "summary": "",
-        "affected_packages": [
-            {
-                "package": {
-                    "type": "apache",
-                    "namespace": null,
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:apache/>=4.0.0|<=4.0.2|4.0.3|>=4.0.4|<=4.0.6|>=4.1.0|<=4.1.2|!=4.1.3",
-                "fixed_version": null
-            },
-            {
-                "package": {
-                    "type": "maven",
-                    "namespace": "org.apache.tomcat",
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:maven/>=4.0.0|<=4.0.2|4.0.3|>=4.0.4|<=4.0.6|>=4.1.0|<=4.1.2|!=4.1.3",
-                "fixed_version": null
-            }
-        ],
-        "references": [
-            {
-                "reference_id": "CVE-2002-0935",
-                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0935",
-                "severities": [
-                    {
-                        "system": "apache_tomcat",
-                        "value": "Important",
-                        "scoring_elements": ""
-                    }
-                ]
-            }
-        ],
-        "date_published": null,
-        "weaknesses": []
-    },
-    {
-        "aliases": [
-            "CVE-2002-2007"
-        ],
-        "summary": "",
-        "affected_packages": [
-            {
-                "package": {
-                    "type": "apache",
-                    "namespace": null,
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:apache/>=3.2.3|<=3.2.4|!=3.3.0-a",
-                "fixed_version": null
-            },
-            {
-                "package": {
-                    "type": "maven",
-                    "namespace": "org.apache.tomcat",
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:maven/>=3.2.3|<=3.2.4|!=3.3a",
-                "fixed_version": null
-            }
-        ],
-        "references": [
-            {
-                "reference_id": "CVE-2002-2007",
-                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2007",
-                "severities": [
-                    {
-                        "system": "apache_tomcat",
-                        "value": "Moderate",
-                        "scoring_elements": ""
-                    }
-                ]
-            }
-        ],
-        "date_published": null,
-        "weaknesses": []
-    },
-    {
-        "aliases": [
-            "CVE-2002-2006"
-        ],
-        "summary": "",
-        "affected_packages": [
-            {
-                "package": {
-                    "type": "apache",
-                    "namespace": null,
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:apache/>=3.1.0|<=3.1.1|>=3.2.0|<=3.2.4|!=3.3.0-a",
-                "fixed_version": null
-            },
-            {
-                "package": {
-                    "type": "maven",
-                    "namespace": "org.apache.tomcat",
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:maven/>=3.1|<=3.1.1|>=3.2|<=3.2.4|!=3.3a",
-                "fixed_version": null
-            }
-        ],
-        "references": [
-            {
-                "reference_id": "CVE-2002-2006",
-                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006",
-                "severities": [
-                    {
-                        "system": "apache_tomcat",
-                        "value": "Low",
-                        "scoring_elements": ""
-                    }
-                ]
-            }
-        ],
-        "date_published": null,
-        "weaknesses": []
-    },
-    {
-        "aliases": [
-            "CVE-2000-0760"
-        ],
-        "summary": "",
-        "affected_packages": [
-            {
-                "package": {
-                    "type": "apache",
-                    "namespace": null,
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:apache/>=3.1.0|<=3.1.1|>=3.2.0|<=3.2.4|!=3.3.0-a",
-                "fixed_version": null
-            },
-            {
-                "package": {
-                    "type": "maven",
-                    "namespace": "org.apache.tomcat",
-                    "name": "tomcat",
-                    "version": null,
-                    "qualifiers": null,
-                    "subpath": null
-                },
-                "affected_version_range": "vers:maven/>=3.1|<=3.1.1|>=3.2|<=3.2.4|!=3.3a",
-                "fixed_version": null
-            }
-        ],
-        "references": [
-            {
-                "reference_id": "CVE-2000-0760",
-                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0760",
-                "severities": [
-                    {
-                        "system": "apache_tomcat",
-                        "value": "Low",
-                        "scoring_elements": ""
-                    }
-                ]
-            }
-        ],
-        "date_published": null,
-        "weaknesses": []
-    }
-]
+  {
+    "aliases": [
+      "CVE-2020-9484"
+    ],
+    "summary": "",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "apache",
+          "namespace": null,
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:apache/>=9.0.0+M1|<=9.0.41|!=9.0.43",
+        "fixed_version": null
+      },
+      {
+        "package": {
+          "type": "maven",
+          "namespace": "org.apache.tomcat",
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:maven/>=9.0.0.M1|<=9.0.41|!=9.0.43",
+        "fixed_version": null
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "CVE-2020-9484",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453",
+        "severities": []
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "aliases": [
+      "CVE-2021-25329"
+    ],
+    "summary": "",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "apache",
+          "namespace": null,
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:apache/>=9.0.0+M1|<=9.0.41|!=9.0.43",
+        "fixed_version": null
+      },
+      {
+        "package": {
+          "type": "maven",
+          "namespace": "org.apache.tomcat",
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:maven/>=9.0.0.M1|<=9.0.41|!=9.0.43",
+        "fixed_version": null
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "CVE-2021-25329",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25329",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453",
+        "severities": []
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "aliases": [
+      "CVE-2021-25122"
+    ],
+    "summary": "",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "apache",
+          "namespace": null,
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:apache/>=9.0.0+M1|<=9.0.41|!=9.0.43",
+        "fixed_version": null
+      },
+      {
+        "package": {
+          "type": "maven",
+          "namespace": "org.apache.tomcat",
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:maven/>=9.0.0.M1|<=9.0.41|!=9.0.43",
+        "fixed_version": null
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "CVE-2021-25122",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25122",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Important",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://github.com/apache/tomcat/commit/d47c20a776e8919eaca8da9390a32bc8bf8210b1",
+        "severities": []
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "aliases": [
+      "CVE-2020-9484"
+    ],
+    "summary": "",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "apache",
+          "namespace": null,
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:apache/>=9.0.0+M1|<=9.0.34|!=9.0.35",
+        "fixed_version": null
+      },
+      {
+        "package": {
+          "type": "maven",
+          "namespace": "org.apache.tomcat",
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:maven/>=9.0.0.M1|<=9.0.34|!=9.0.35",
+        "fixed_version": null
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "CVE-2020-9484",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9484",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Important",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222",
+        "severities": []
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "aliases": [
+      "CVE-2018-8014"
+    ],
+    "summary": "",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "apache",
+          "namespace": null,
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:apache/>=9.0.0+M1|<=9.0.8|!=9.0.9",
+        "fixed_version": null
+      },
+      {
+        "package": {
+          "type": "maven",
+          "namespace": "org.apache.tomcat",
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:maven/>=9.0.0.M1|<=9.0.8|!=9.0.9",
+        "fixed_version": null
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "CVE-2018-8014",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8014",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=1831726",
+        "severities": []
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "aliases": [
+      "CVE-2016-3092"
+    ],
+    "summary": "",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "apache",
+          "namespace": null,
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:apache/>=8.0.0+RC1|<=8.0.35|!=8.0.36|>=8.5.0|<=8.5.2|!=8.5.3",
+        "fixed_version": null
+      },
+      {
+        "package": {
+          "type": "maven",
+          "namespace": "org.apache.tomcat",
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:maven/>=8.0.0.RC1|<=8.0.35|!=8.0.36|>=8.5.0|<=8.5.2|!=8.5.3",
+        "fixed_version": null
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "CVE-2016-3092",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Moderate",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=1743722",
+        "severities": []
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=1743738",
+        "severities": []
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "aliases": [
+      "CVE-2008-5515"
+    ],
+    "summary": "",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "apache",
+          "namespace": null,
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:apache/>=5.5.0|<=5.5.27|!=5.5.28",
+        "fixed_version": null
+      },
+      {
+        "package": {
+          "type": "maven",
+          "namespace": "org.apache.tomcat",
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:maven/>=5.5.0|<=5.5.27|!=5.5.28",
+        "fixed_version": null
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "CVE-2008-5515",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Important",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=782757",
+        "severities": []
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=783291",
+        "severities": []
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "aliases": [
+      "CVE-2009-0033"
+    ],
+    "summary": "",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "apache",
+          "namespace": null,
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:apache/>=5.5.0|<=5.5.27|!=5.5.28",
+        "fixed_version": null
+      },
+      {
+        "package": {
+          "type": "maven",
+          "namespace": "org.apache.tomcat",
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:maven/>=5.5.0|<=5.5.27|!=5.5.28",
+        "fixed_version": null
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "CVE-2009-0033",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Important",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=781362",
+        "severities": []
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "aliases": [
+      "CVE-2009-0580"
+    ],
+    "summary": "",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "apache",
+          "namespace": null,
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:apache/>=5.5.0|<=5.5.27|!=5.5.28",
+        "fixed_version": null
+      },
+      {
+        "package": {
+          "type": "maven",
+          "namespace": "org.apache.tomcat",
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:maven/>=5.5.0|<=5.5.27|!=5.5.28",
+        "fixed_version": null
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "CVE-2009-0580",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=781379",
+        "severities": []
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "aliases": [
+      "CVE-2009-0781"
+    ],
+    "summary": "",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "apache",
+          "namespace": null,
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:apache/>=5.5.0|<=5.5.27|!=5.5.28",
+        "fixed_version": null
+      },
+      {
+        "package": {
+          "type": "maven",
+          "namespace": "org.apache.tomcat",
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:maven/>=5.5.0|<=5.5.27|!=5.5.28",
+        "fixed_version": null
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "CVE-2009-0781",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=750928",
+        "severities": []
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "aliases": [
+      "CVE-2009-0783"
+    ],
+    "summary": "",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "apache",
+          "namespace": null,
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:apache/>=5.5.0|<=5.5.27|!=5.5.28",
+        "fixed_version": null
+      },
+      {
+        "package": {
+          "type": "maven",
+          "namespace": "org.apache.tomcat",
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:maven/>=5.5.0|<=5.5.27|!=5.5.28",
+        "fixed_version": null
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "CVE-2009-0783",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=681156",
+        "severities": []
+      },
+      {
+        "reference_id": "",
+        "url": "https://svn.apache.org/viewvc?view=rev&rev=781542",
+        "severities": []
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "aliases": [
+      "CVE-2005-4836"
+    ],
+    "summary": "",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "apache",
+          "namespace": null,
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:apache/<=4.1.0+SVN|>=4.1.15",
+        "fixed_version": null
+      },
+      {
+        "package": {
+          "type": "maven",
+          "namespace": "org.apache.tomcat",
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:maven/<=4.1.SVN|>=4.1.15",
+        "fixed_version": null
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "CVE-2005-4836",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4836",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Moderate",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "aliases": [
+      "CVE-2008-4308"
+    ],
+    "summary": "",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "apache",
+          "namespace": null,
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:apache/>=4.1.32|<=4.1.34|!=4.1.35",
+        "fixed_version": null
+      },
+      {
+        "package": {
+          "type": "maven",
+          "namespace": "org.apache.tomcat",
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:maven/>=4.1.32|<=4.1.34|!=4.1.35",
+        "fixed_version": null
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "CVE-2008-4308",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "aliases": [
+      "CVE-2002-0935"
+    ],
+    "summary": "",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "apache",
+          "namespace": null,
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:apache/>=4.0.0|<=4.0.2|4.0.3|>=4.0.4|<=4.0.6|>=4.1.0|<=4.1.2|!=4.1.3",
+        "fixed_version": null
+      },
+      {
+        "package": {
+          "type": "maven",
+          "namespace": "org.apache.tomcat",
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:maven/>=4.0.0|<=4.0.2|4.0.3|>=4.0.4|<=4.0.6|>=4.1.0|<=4.1.2|!=4.1.3",
+        "fixed_version": null
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "CVE-2002-0935",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0935",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Important",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "aliases": [
+      "CVE-2002-2007"
+    ],
+    "summary": "",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "apache",
+          "namespace": null,
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:apache/>=3.2.3|<=3.2.4|!=3.3.0-a",
+        "fixed_version": null
+      },
+      {
+        "package": {
+          "type": "maven",
+          "namespace": "org.apache.tomcat",
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:maven/>=3.2.3|<=3.2.4|!=3.3a",
+        "fixed_version": null
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "CVE-2002-2007",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2007",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Moderate",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "aliases": [
+      "CVE-2002-2006"
+    ],
+    "summary": "",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "apache",
+          "namespace": null,
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:apache/>=3.1.0|<=3.1.1|>=3.2.0|<=3.2.4|!=3.3.0-a",
+        "fixed_version": null
+      },
+      {
+        "package": {
+          "type": "maven",
+          "namespace": "org.apache.tomcat",
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:maven/>=3.1|<=3.1.1|>=3.2|<=3.2.4|!=3.3a",
+        "fixed_version": null
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "CVE-2002-2006",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2006",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "aliases": [
+      "CVE-2000-0760"
+    ],
+    "summary": "",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "apache",
+          "namespace": null,
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:apache/>=3.1.0|<=3.1.1|>=3.2.0|<=3.2.4|!=3.3.0-a",
+        "fixed_version": null
+      },
+      {
+        "package": {
+          "type": "maven",
+          "namespace": "org.apache.tomcat",
+          "name": "tomcat",
+          "version": null,
+          "qualifiers": null,
+          "subpath": null
+        },
+        "affected_version_range": "vers:maven/>=3.1|<=3.1.1|>=3.2|<=3.2.4|!=3.3a",
+        "fixed_version": null
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "CVE-2000-0760",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0760",
+        "severities": [
+          {
+            "system": "apache_tomcat",
+            "value": "Low",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  }
+]
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/debian-improver-expected.json b/vulnerabilities/tests/test_data/debian-improver-expected.json
index b065c349b..428564017 100644
--- a/vulnerabilities/tests/test_data/debian-improver-expected.json
+++ b/vulnerabilities/tests/test_data/debian-improver-expected.json
@@ -161,102 +161,6 @@
     ],
     "weaknesses": []
   },
-  {
-    "vulnerability_id": null,
-    "aliases": [
-      "CVE-2021-37231"
-    ],
-    "confidence": 100,
-    "summary": "A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/util.cpp while parsing a crafted mp4 file because of the missing boundary check.",
-    "affected_purls": [
-      {
-        "type": "deb",
-        "namespace": "debian",
-        "name": "atomicparsley",
-        "version": "0.9.6-1",
-        "qualifiers": {
-          "distro": "stretch"
-        },
-        "subpath": null
-      },
-      {
-        "type": "deb",
-        "namespace": "debian",
-        "name": "atomicparsley",
-        "version": "0.9.6-2",
-        "qualifiers": {
-          "distro": "stretch"
-        },
-        "subpath": null
-      }
-    ],
-    "fixed_purl": {
-      "type": "deb",
-      "namespace": "debian",
-      "name": "atomicparsley",
-      "version": "20210715.151551.e7ad03a-1",
-      "qualifiers": {
-        "distro": "stretch"
-      },
-      "subpath": null
-    },
-    "references": [
-      {
-        "reference_id": "993372",
-        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993372",
-        "severities": []
-      }
-    ],
-    "weaknesses": []
-  },
-  {
-    "vulnerability_id": null,
-    "aliases": [
-      "CVE-2021-37232"
-    ],
-    "confidence": 100,
-    "summary": "A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in APar_read64.",
-    "affected_purls": [
-      {
-        "type": "deb",
-        "namespace": "debian",
-        "name": "atomicparsley",
-        "version": "0.9.6-1",
-        "qualifiers": {
-          "distro": "stretch"
-        },
-        "subpath": null
-      },
-      {
-        "type": "deb",
-        "namespace": "debian",
-        "name": "atomicparsley",
-        "version": "0.9.6-2",
-        "qualifiers": {
-          "distro": "stretch"
-        },
-        "subpath": null
-      }
-    ],
-    "fixed_purl": {
-      "type": "deb",
-      "namespace": "debian",
-      "name": "atomicparsley",
-      "version": "20210715.151551.e7ad03a-1",
-      "qualifiers": {
-        "distro": "stretch"
-      },
-      "subpath": null
-    },
-    "references": [
-      {
-        "reference_id": "993366",
-        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993366",
-        "severities": []
-      }
-    ],
-    "weaknesses": []
-  },
   {
     "vulnerability_id": null,
     "aliases": [
diff --git a/vulnerabilities/tests/test_data/debian-oval-improver-expected.json b/vulnerabilities/tests/test_data/debian-oval-improver-expected.json
new file mode 100644
index 000000000..6bbe60285
--- /dev/null
+++ b/vulnerabilities/tests/test_data/debian-oval-improver-expected.json
@@ -0,0 +1,196 @@
+[
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2001-1593"
+    ],
+    "confidence": 100,
+    "summary": "security update",
+    "affected_purls": [
+      {
+        "type": "deb",
+        "namespace": "debian",
+        "name": "a2ps",
+        "version": "1.1.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "debian",
+        "name": "a2ps",
+        "version": "1.1.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "debian",
+        "name": "a2ps",
+        "version": "1.1.2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "debian",
+        "name": "a2ps",
+        "version": "1.1.3",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "debian",
+        "name": "a2ps",
+        "version": "1.1.4",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "debian",
+        "name": "a2ps",
+        "version": "1.1.5",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "debian",
+        "name": "a2ps",
+        "version": "1.1.6",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "debian",
+        "name": "a2ps",
+        "version": "1.1.7",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "debian",
+        "name": "a2ps",
+        "version": "1.1.8",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": null,
+    "references": [],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2002-2443"
+    ],
+    "confidence": 100,
+    "summary": "denial of service",
+    "affected_purls": [
+      {
+        "type": "deb",
+        "namespace": "debian",
+        "name": "krb5",
+        "version": "1.1.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "debian",
+        "name": "krb5",
+        "version": "1.1.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "debian",
+        "name": "krb5",
+        "version": "1.1.2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "debian",
+        "name": "krb5",
+        "version": "1.1.3",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "debian",
+        "name": "krb5",
+        "version": "1.1.4",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "debian",
+        "name": "krb5",
+        "version": "1.1.5",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "debian",
+        "name": "krb5",
+        "version": "1.1.6",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "debian",
+        "name": "krb5",
+        "version": "1.1.7",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "debian",
+        "name": "krb5",
+        "version": "1.1.8",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": null,
+    "references": [],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2001-1593"
+    ],
+    "confidence": 100,
+    "summary": "security update",
+    "affected_purls": [],
+    "fixed_purl": null,
+    "references": [],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2002-2443"
+    ],
+    "confidence": 100,
+    "summary": "denial of service",
+    "affected_purls": [],
+    "fixed_purl": null,
+    "references": [],
+    "weaknesses": []
+  }
+]
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/elixir_security/elixir-expected.json b/vulnerabilities/tests/test_data/elixir_security/elixir-expected.json
index 9f7c500b0..69402de34 100644
--- a/vulnerabilities/tests/test_data/elixir_security/elixir-expected.json
+++ b/vulnerabilities/tests/test_data/elixir_security/elixir-expected.json
@@ -3,7 +3,7 @@
     "aliases": [
       "CVE-2018-20301"
     ],
-    "summary": "The Coherence library has \"Mass Assignment\"-like vulnerabilities.\n",
+    "summary": "The Coherence library has \"Mass Assignment\"-like vulnerabilities.",
     "affected_packages": [
       {
         "package": {
diff --git a/vulnerabilities/tests/test_data/elixir_security/elixir-improver-expected.json b/vulnerabilities/tests/test_data/elixir_security/elixir-improver-expected.json
new file mode 100644
index 000000000..f65ed6074
--- /dev/null
+++ b/vulnerabilities/tests/test_data/elixir_security/elixir-improver-expected.json
@@ -0,0 +1,54 @@
+[
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2018-20301"
+    ],
+    "confidence": 100,
+    "summary": "The Coherence library has \"Mass Assignment\"-like vulnerabilities.",
+    "affected_purls": [
+      {
+        "type": "hex",
+        "namespace": null,
+        "name": "coherence",
+        "version": "0.1.0",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": {
+      "type": "hex",
+      "namespace": null,
+      "name": "coherence",
+      "version": "0.5.2",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "",
+        "url": "https://github.com/smpallen99/coherence/issues/270",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2018-20301"
+    ],
+    "confidence": 100,
+    "summary": "The Coherence library has \"Mass Assignment\"-like vulnerabilities.",
+    "affected_purls": [],
+    "fixed_purl": null,
+    "references": [
+      {
+        "reference_id": "",
+        "url": "https://github.com/smpallen99/coherence/issues/270",
+        "severities": []
+      }
+    ],
+    "weaknesses": []
+  }
+]
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/gentoo/gentoo-expected.json b/vulnerabilities/tests/test_data/gentoo/gentoo-expected.json
index 4609de554..e9ebb4e84 100644
--- a/vulnerabilities/tests/test_data/gentoo/gentoo-expected.json
+++ b/vulnerabilities/tests/test_data/gentoo/gentoo-expected.json
@@ -3,7 +3,7 @@
     "aliases": [
       "CVE-2017-9800"
     ],
-    "summary": "A command injection vulnerability in Subversion may allow remote\n    attackers to execute arbitrary code.\n  ",
+    "summary": "A command injection vulnerability in Subversion may allow remote\n    attackers to execute arbitrary code.",
     "affected_packages": [
       {
         "package": {
diff --git a/vulnerabilities/tests/test_data/github_api/inference-expected.json b/vulnerabilities/tests/test_data/github_api/inference-expected.json
index a5fa58e0e..799f04bf2 100644
--- a/vulnerabilities/tests/test_data/github_api/inference-expected.json
+++ b/vulnerabilities/tests/test_data/github_api/inference-expected.json
@@ -424,5 +424,67 @@
       }
     ],
     "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2022-21831",
+      "GHSA-w749-p3v6-hccq"
+    ],
+    "confidence": 100,
+    "summary": "Possible code injection vulnerability in Rails / Active Storage",
+    "affected_purls": [
+      {
+        "type": "gem",
+        "namespace": null,
+        "name": "activestorage",
+        "version": "10.2.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "gem",
+        "namespace": null,
+        "name": "activestorage",
+        "version": "10.2.8",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": null,
+    "references": [
+      {
+        "reference_id": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21831",
+        "severities": []
+      },
+      {
+        "reference_id": "",
+        "url": "https://github.com/rails/rails/commit/0a72f7d670e9aa77a0bb8584cb1411ddabb7546e",
+        "severities": []
+      },
+      {
+        "reference_id": "",
+        "url": "https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI",
+        "severities": []
+      },
+      {
+        "reference_id": "",
+        "url": "https://rubysec.com/advisories/CVE-2022-21831/",
+        "severities": []
+      },
+      {
+        "reference_id": "GHSA-w749-p3v6-hccq",
+        "url": "https://github.com/advisories/GHSA-w749-p3v6-hccq",
+        "severities": [
+          {
+            "system": "cvssv3.1_qr",
+            "value": "HIGH",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
   }
 ]
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/github_api/npm-expected.json b/vulnerabilities/tests/test_data/github_api/npm-expected.json
index ef115883b..476491f46 100644
--- a/vulnerabilities/tests/test_data/github_api/npm-expected.json
+++ b/vulnerabilities/tests/test_data/github_api/npm-expected.json
@@ -345,7 +345,6 @@
     ],
     "date_published": "2022-11-28T22:06:24+00:00",
     "weaknesses": []
-
   },
   {
     "aliases": [
@@ -584,7 +583,7 @@
       "CVE-2022-41940",
       "GHSA-r7qp-cfhv-p84w"
     ],
-    "summary": "Uncaught exception in engine.io ",
+    "summary": "Uncaught exception in engine.io",
     "affected_packages": [
       {
         "package": {
@@ -646,7 +645,7 @@
       "CVE-2022-41940",
       "GHSA-r7qp-cfhv-p84w"
     ],
-    "summary": "Uncaught exception in engine.io ",
+    "summary": "Uncaught exception in engine.io",
     "affected_packages": [
       {
         "package": {
@@ -708,7 +707,7 @@
       "CVE-2022-41919",
       "GHSA-3fjj-p79j-c9hh"
     ],
-    "summary": "Fastify: Incorrect Content-Type parsing can lead to CSRF attack ",
+    "summary": "Fastify: Incorrect Content-Type parsing can lead to CSRF attack",
     "affected_packages": [
       {
         "package": {
@@ -770,7 +769,7 @@
       "CVE-2022-41919",
       "GHSA-3fjj-p79j-c9hh"
     ],
-    "summary": "Fastify: Incorrect Content-Type parsing can lead to CSRF attack ",
+    "summary": "Fastify: Incorrect Content-Type parsing can lead to CSRF attack",
     "affected_packages": [
       {
         "package": {
@@ -1451,7 +1450,7 @@
     "aliases": [
       "GHSA-3qmc-2r76-4rqp"
     ],
-    "summary": "Redwood is vulnerable to account takeover via dbAuth \"forgot-password\" ",
+    "summary": "Redwood is vulnerable to account takeover via dbAuth \"forgot-password\"",
     "affected_packages": [
       {
         "package": {
@@ -1517,7 +1516,7 @@
     "aliases": [
       "GHSA-3qmc-2r76-4rqp"
     ],
-    "summary": "Redwood is vulnerable to account takeover via dbAuth \"forgot-password\" ",
+    "summary": "Redwood is vulnerable to account takeover via dbAuth \"forgot-password\"",
     "affected_packages": [
       {
         "package": {
@@ -4234,7 +4233,7 @@
       "CVE-2022-25918",
       "GHSA-cr84-xvw4-qx3c"
     ],
-    "summary": "Inefficient Regular Expression Complexity in shescape ",
+    "summary": "Inefficient Regular Expression Complexity in shescape",
     "affected_packages": [
       {
         "package": {
diff --git a/vulnerabilities/tests/test_data/gitlab/composer-expected.json b/vulnerabilities/tests/test_data/gitlab/composer-expected.json
index 7160cc122..8dc515d70 100644
--- a/vulnerabilities/tests/test_data/gitlab/composer-expected.json
+++ b/vulnerabilities/tests/test_data/gitlab/composer-expected.json
@@ -25,5 +25,5 @@
     }
   ],
   "date_published": "2018-03-15T00:00:00+00:00",
-  "weaknesses": []
+  "weaknesses": [1035,937]
 }
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/gitlab/composer-improver-expected.json b/vulnerabilities/tests/test_data/gitlab/composer-improver-expected.json
index 33b26cbef..b5a097cd6 100644
--- a/vulnerabilities/tests/test_data/gitlab/composer-improver-expected.json
+++ b/vulnerabilities/tests/test_data/gitlab/composer-improver-expected.json
@@ -22,6 +22,6 @@
         "severities": []
       }
     ],
-    "weaknesses": []
+    "weaknesses": [1035,937]
   }
 ]
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/gitlab/golang-expected.json b/vulnerabilities/tests/test_data/gitlab/golang-expected.json
index b3994a760..492eb1b9a 100644
--- a/vulnerabilities/tests/test_data/gitlab/golang-expected.json
+++ b/vulnerabilities/tests/test_data/gitlab/golang-expected.json
@@ -31,5 +31,5 @@
     }
   ],
   "date_published": "2021-05-20T00:00:00+00:00",
-  "weaknesses": []
+  "weaknesses": [1035,937]
 }
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/gitlab/golang-improver-expected.json b/vulnerabilities/tests/test_data/gitlab/golang-improver-expected.json
index 20bc6462d..6a5401ca3 100644
--- a/vulnerabilities/tests/test_data/gitlab/golang-improver-expected.json
+++ b/vulnerabilities/tests/test_data/gitlab/golang-improver-expected.json
@@ -37,7 +37,7 @@
         "severities": []
       }
     ],
-    "weaknesses": []
+    "weaknesses": [1035,937]
   },
   {
     "vulnerability_id": null,
@@ -68,6 +68,6 @@
         "severities": []
       }
     ],
-    "weaknesses": []
+    "weaknesses": [1035,937]
   }
 ]
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/gitlab/maven-expected.json b/vulnerabilities/tests/test_data/gitlab/maven-expected.json
index 658f0757f..b42d85d6e 100644
--- a/vulnerabilities/tests/test_data/gitlab/maven-expected.json
+++ b/vulnerabilities/tests/test_data/gitlab/maven-expected.json
@@ -46,5 +46,5 @@
     }
   ],
   "date_published": "2021-11-15T00:00:00+00:00",
-  "weaknesses": []
+  "weaknesses": [1035,937,94]
 }
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/gitlab/maven-improver-expected.json b/vulnerabilities/tests/test_data/gitlab/maven-improver-expected.json
index 206ec5c7b..6d4a4d8e0 100644
--- a/vulnerabilities/tests/test_data/gitlab/maven-improver-expected.json
+++ b/vulnerabilities/tests/test_data/gitlab/maven-improver-expected.json
@@ -100,7 +100,7 @@
         "severities": []
       }
     ],
-    "weaknesses": []
+    "weaknesses": [1035,937,94]
   },
   {
     "vulnerability_id": null,
@@ -146,6 +146,6 @@
         "severities": []
       }
     ],
-    "weaknesses": []
+    "weaknesses": [1035,937,94]
   }
 ]
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/gitlab/npm-expected.json b/vulnerabilities/tests/test_data/gitlab/npm-expected.json
index d6eeac5bc..6612c1172 100644
--- a/vulnerabilities/tests/test_data/gitlab/npm-expected.json
+++ b/vulnerabilities/tests/test_data/gitlab/npm-expected.json
@@ -36,5 +36,5 @@
     }
   ],
   "date_published": "2020-06-05T00:00:00+00:00",
-  "weaknesses": []
+  "weaknesses": [1035,937]
 }
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/gitlab/npm-improver-expected.json b/vulnerabilities/tests/test_data/gitlab/npm-improver-expected.json
index 8f849befd..2ac0cdba8 100644
--- a/vulnerabilities/tests/test_data/gitlab/npm-improver-expected.json
+++ b/vulnerabilities/tests/test_data/gitlab/npm-improver-expected.json
@@ -50,7 +50,7 @@
         "severities": []
       }
     ],
-    "weaknesses": []
+    "weaknesses": [1035,937]
   },
   {
     "vulnerability_id": null,
@@ -86,6 +86,6 @@
         "severities": []
       }
     ],
-    "weaknesses": []
+    "weaknesses": [1035,937]
   }
 ]
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/gitlab/nuget-expected.json b/vulnerabilities/tests/test_data/gitlab/nuget-expected.json
index b226794c9..de76a9289 100644
--- a/vulnerabilities/tests/test_data/gitlab/nuget-expected.json
+++ b/vulnerabilities/tests/test_data/gitlab/nuget-expected.json
@@ -31,5 +31,5 @@
     }
   ],
   "date_published": "2022-01-08T00:00:00+00:00",
-  "weaknesses": []
+  "weaknesses": [1035,770,937]
 }
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/gitlab/nuget-improver-expected.json b/vulnerabilities/tests/test_data/gitlab/nuget-improver-expected.json
index 914df9bcd..40e4850ca 100644
--- a/vulnerabilities/tests/test_data/gitlab/nuget-improver-expected.json
+++ b/vulnerabilities/tests/test_data/gitlab/nuget-improver-expected.json
@@ -37,7 +37,7 @@
         "severities": []
       }
     ],
-    "weaknesses": []
+    "weaknesses": [1035,770,937]
   },
   {
     "vulnerability_id": null,
@@ -68,6 +68,6 @@
         "severities": []
       }
     ],
-    "weaknesses": []
+    "weaknesses": [1035,770,937]
   }
 ]
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/gitlab/pypi-expected.json b/vulnerabilities/tests/test_data/gitlab/pypi-expected.json
index 55f88215f..47b31e8f5 100644
--- a/vulnerabilities/tests/test_data/gitlab/pypi-expected.json
+++ b/vulnerabilities/tests/test_data/gitlab/pypi-expected.json
@@ -30,5 +30,5 @@
     }
   ],
   "date_published": "2019-07-17T00:00:00+00:00",
-  "weaknesses": []
+  "weaknesses": [1035, 937]
 }
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/gitlab/pypi-improver-expected.json b/vulnerabilities/tests/test_data/gitlab/pypi-improver-expected.json
index ee1942f44..aa4f03b33 100644
--- a/vulnerabilities/tests/test_data/gitlab/pypi-improver-expected.json
+++ b/vulnerabilities/tests/test_data/gitlab/pypi-improver-expected.json
@@ -44,7 +44,7 @@
         "severities": []
       }
     ],
-    "weaknesses": []
+    "weaknesses": [1035, 937]
   },
   {
     "vulnerability_id": null,
@@ -74,6 +74,6 @@
         "severities": []
       }
     ],
-    "weaknesses": []
+    "weaknesses": [1035, 937]
   }
 ]
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/mozilla/expected-yml.json b/vulnerabilities/tests/test_data/mozilla/expected-yml.json
index b4d7747df..e52d8a7b8 100644
--- a/vulnerabilities/tests/test_data/mozilla/expected-yml.json
+++ b/vulnerabilities/tests/test_data/mozilla/expected-yml.json
@@ -3,7 +3,7 @@
     "aliases": [
       "CVE-2022-22746"
     ],
-    "summary": "A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*\n",
+    "summary": "A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*",
     "affected_packages": [
       {
         "package": {
@@ -38,7 +38,7 @@
     "aliases": [
       "CVE-2022-22743"
     ],
-    "summary": "When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode.\n",
+    "summary": "When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode.",
     "affected_packages": [],
     "references": [
       {
@@ -60,7 +60,7 @@
     "aliases": [
       "CVE-2022-22742"
     ],
-    "summary": "When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash.\n",
+    "summary": "When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash.",
     "affected_packages": [],
     "references": [
       {
@@ -82,7 +82,7 @@
     "aliases": [
       "CVE-2022-22741"
     ],
-    "summary": "When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode.\n",
+    "summary": "When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode.",
     "affected_packages": [],
     "references": [
       {
@@ -104,7 +104,7 @@
     "aliases": [
       "CVE-2022-22740"
     ],
-    "summary": "Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash.\n",
+    "summary": "Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash.",
     "affected_packages": [],
     "references": [
       {
@@ -126,7 +126,7 @@
     "aliases": [
       "CVE-2022-22738"
     ],
-    "summary": "Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash.\n",
+    "summary": "Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash.",
     "affected_packages": [],
     "references": [
       {
@@ -148,7 +148,7 @@
     "aliases": [
       "CVE-2022-22737"
     ],
-    "summary": "Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash.\n",
+    "summary": "Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash.",
     "affected_packages": [],
     "references": [
       {
@@ -170,7 +170,7 @@
     "aliases": [
       "CVE-2021-4140"
     ],
-    "summary": "It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox.\n",
+    "summary": "It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox.",
     "affected_packages": [],
     "references": [
       {
@@ -192,7 +192,7 @@
     "aliases": [
       "CVE-2022-22750"
     ],
-    "summary": "By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to.*This bug only affects Firefox for Windows and MacOS. Other operating systems are unaffected.*\n",
+    "summary": "By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to.*This bug only affects Firefox for Windows and MacOS. Other operating systems are unaffected.*",
     "affected_packages": [],
     "references": [
       {
@@ -214,7 +214,7 @@
     "aliases": [
       "CVE-2022-22749"
     ],
-    "summary": "When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.*This bug only affects Firefox for Android. Other operating systems are unaffected.*\n",
+    "summary": "When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.*This bug only affects Firefox for Android. Other operating systems are unaffected.*",
     "affected_packages": [],
     "references": [
       {
@@ -236,7 +236,7 @@
     "aliases": [
       "CVE-2022-22748"
     ],
-    "summary": "Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol.\n",
+    "summary": "Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol.",
     "affected_packages": [],
     "references": [
       {
@@ -258,7 +258,7 @@
     "aliases": [
       "CVE-2022-22745"
     ],
-    "summary": "Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations\n",
+    "summary": "Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations",
     "affected_packages": [],
     "references": [
       {
@@ -280,7 +280,7 @@
     "aliases": [
       "CVE-2022-22744"
     ],
-    "summary": "The constructed curl command from the \"Copy as curl\" feature in DevTools was not properly escaped for PowerShell.  This could have lead to command injection if pasted into a Powershell prompt.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*\n",
+    "summary": "The constructed curl command from the \"Copy as curl\" feature in DevTools was not properly escaped for PowerShell.  This could have lead to command injection if pasted into a Powershell prompt.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*",
     "affected_packages": [],
     "references": [
       {
@@ -302,7 +302,7 @@
     "aliases": [
       "CVE-2022-22763"
     ],
-    "summary": "When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible.\n",
+    "summary": "When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible.",
     "affected_packages": [],
     "references": [
       {
@@ -324,7 +324,7 @@
     "aliases": [
       "CVE-2022-22747"
     ],
-    "summary": "After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable.\n",
+    "summary": "After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable.",
     "affected_packages": [],
     "references": [
       {
@@ -346,7 +346,7 @@
     "aliases": [
       "CVE-2022-22736"
     ],
-    "summary": "If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.*This bug only affects Firefox for Windows in a non-default installation. Other operating systems are unaffected.*\n",
+    "summary": "If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.*This bug only affects Firefox for Windows in a non-default installation. Other operating systems are unaffected.*",
     "affected_packages": [],
     "references": [
       {
@@ -368,7 +368,7 @@
     "aliases": [
       "CVE-2022-22739"
     ],
-    "summary": "Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol.\n",
+    "summary": "Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol.",
     "affected_packages": [],
     "references": [
       {
@@ -390,7 +390,7 @@
     "aliases": [
       "CVE-2022-22751"
     ],
-    "summary": "Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.\n",
+    "summary": "Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
     "affected_packages": [],
     "references": [
       {
@@ -412,7 +412,7 @@
     "aliases": [
       "CVE-2022-22752"
     ],
-    "summary": "Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox 95. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.\n",
+    "summary": "Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox 95. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
     "affected_packages": [],
     "references": [
       {
diff --git a/vulnerabilities/tests/test_data/nginx/security_advisories-importer-expected.json b/vulnerabilities/tests/test_data/nginx/security_advisories-importer-expected.json
index 793567130..6c97ee77c 100644
--- a/vulnerabilities/tests/test_data/nginx/security_advisories-importer-expected.json
+++ b/vulnerabilities/tests/test_data/nginx/security_advisories-importer-expected.json
@@ -1,6 +1,6 @@
 [
   {
-    "unique_content_id": "9c968129f10b424807b830f0219b8d4c",
+    "unique_content_id": "dabe133c6355b18f153a511f5829492c",
     "aliases": [
       "CORE-2010-0121"
     ],
@@ -40,7 +40,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "b55c336a480792ece857368101645c0c",
+    "unique_content_id": "c9dcd3bec014b1f9e351d9c7514e5f01",
     "aliases": [
       "CVE-2009-3896"
     ],
@@ -116,7 +116,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "5df3f01df0d85143bc51ddbb453c1581",
+    "unique_content_id": "835e668ec8d9f005b4472e28421c2006",
     "aliases": [
       "CVE-2009-3898"
     ],
@@ -158,7 +158,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "480c77ca27341a47f11299017c7660b7",
+    "unique_content_id": "a0007fe2ea8f6ddf29ea126d21f6956d",
     "aliases": [
       "CVE-2009-4487"
     ],
@@ -188,7 +188,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "20cecfba57d0a66b04e1b4b6fb4efb26",
+    "unique_content_id": "a0928f78826f958a2432126b2a884e83",
     "aliases": [
       "CVE-2010-2263"
     ],
@@ -234,7 +234,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "646911f1d2f21611b0a3720f3523b3b2",
+    "unique_content_id": "6717167491546825b89448925539ffba",
     "aliases": [
       "CVE-2010-2266"
     ],
@@ -280,7 +280,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "56a7ea32d809aa1a3181ab87eea4fe43",
+    "unique_content_id": "73cb4dac8940113bcd2045ae82b8e2a8",
     "aliases": [
       "CVE-2011-4315"
     ],
@@ -322,7 +322,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "2bac8349cb492bcc4990b161b01dc414",
+    "unique_content_id": "602ad465c0476fdbc1254919ae6021e2",
     "aliases": [
       "CVE-2011-4963"
     ],
@@ -379,7 +379,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "aff5af1bcc53f6fa1a49917e044acf79",
+    "unique_content_id": "4d0d128ad68cd0640c62bfa2412269e0",
     "aliases": [
       "CVE-2012-1180"
     ],
@@ -436,7 +436,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "b0a336b612b378d72e93193756b3e376",
+    "unique_content_id": "34fdffdb5803857f20519de081d5aa47",
     "aliases": [
       "CVE-2012-2089"
     ],
@@ -493,7 +493,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "e35afe5b1aadcb66c5ad82c8894dff17",
+    "unique_content_id": "d4bc5fe3ed17d7a6eeebf9a4731ab245",
     "aliases": [
       "CVE-2013-2028"
     ],
@@ -550,7 +550,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "870c7bf846dc50554e9fa2290598b001",
+    "unique_content_id": "014359d8701d1b0220a1d4a53938167e",
     "aliases": [
       "CVE-2013-2070"
     ],
@@ -635,7 +635,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "ce0711c66b7cdd60814c1abfbafdd3b9",
+    "unique_content_id": "a98e3e8cc6c61be3e0bb0c766422000a",
     "aliases": [
       "CVE-2013-4547"
     ],
@@ -698,7 +698,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "55dccce79c4247faa1ed8db0f8fbd44f",
+    "unique_content_id": "ca4a84fef474aa4dc5aec6cdedcb543a",
     "aliases": [
       "CVE-2014-0088"
     ],
@@ -743,7 +743,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "0c5952c29a54fdbc5526988c898e639d",
+    "unique_content_id": "023ec91ead7d7978f99823b1b00fd8d0",
     "aliases": [
       "CVE-2014-0133"
     ],
@@ -800,7 +800,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "3637800165bcb0cf3917364af7654fee",
+    "unique_content_id": "57b7911aa13a1c069fcd3dac8ec79a2f",
     "aliases": [
       "CVE-2014-3556"
     ],
@@ -863,7 +863,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "2024528d103453292ea1f23163cb7ad8",
+    "unique_content_id": "0fb96728d775c491b25b9c5d9e509169",
     "aliases": [
       "CVE-2014-3616"
     ],
@@ -916,7 +916,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "4a748f6cbd00bbafac23faa271396b3a",
+    "unique_content_id": "654bff8d56e5324da4c873438d75470e",
     "aliases": [
       "CVE-2016-0742"
     ],
@@ -969,7 +969,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "964babd1d8158846f348e9fa6df4e27f",
+    "unique_content_id": "48c76ecddb554fe1274ed090b1692081",
     "aliases": [
       "CVE-2016-0746"
     ],
@@ -1022,7 +1022,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "e96daddac5c29ad0b9e157638fbeb3b2",
+    "unique_content_id": "8c61e735eef0a9205cee0bcd64d86c59",
     "aliases": [
       "CVE-2016-0747"
     ],
@@ -1075,7 +1075,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "9cb4dc08fbceda238c4f45b00320ce42",
+    "unique_content_id": "04ebbd42272e64e6fc5a6f8d9f301fef",
     "aliases": [
       "CVE-2016-4450"
     ],
@@ -1148,7 +1148,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "4ebd7508e9aaa3c3c89cac10397f47d4",
+    "unique_content_id": "4e89029cf59ea68756e72973eace4a6b",
     "aliases": [
       "CVE-2017-7529"
     ],
@@ -1211,7 +1211,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "2fc1350472196c63ba9f7031fd456e76",
+    "unique_content_id": "f523c6c72d936bdb79de56b9fd46b1f0",
     "aliases": [
       "CVE-2018-16843"
     ],
@@ -1264,7 +1264,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "1ae05361ffd7ba4b2a466afc6a3de34c",
+    "unique_content_id": "fd888e77e0b3b025f1fa65f761442d8c",
     "aliases": [
       "CVE-2018-16844"
     ],
@@ -1317,7 +1317,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "c78f14d302f37c9241afbc18578c49b3",
+    "unique_content_id": "06084d7ef376d18305484283c2f3da73",
     "aliases": [
       "CVE-2018-16845"
     ],
@@ -1380,7 +1380,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "dbbf831a29a655709b98cb79a5f90fac",
+    "unique_content_id": "ef70ce1787dad53097a6394e92cee831",
     "aliases": [
       "CVE-2019-9511"
     ],
@@ -1433,7 +1433,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "834d4d1067390d7f84ebd3cea8f60fb4",
+    "unique_content_id": "42fe9391f57db8d38624dc2e07b35c33",
     "aliases": [
       "CVE-2019-9513"
     ],
@@ -1486,7 +1486,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "8e94de6ae6386d8e0af0241a0989cdcd",
+    "unique_content_id": "1bf350eb789fa415c4d971caf298be95",
     "aliases": [
       "CVE-2019-9516"
     ],
@@ -1539,7 +1539,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "fa52846658ab31e85334ad4af2fa7529",
+    "unique_content_id": "67435c71e6737dfa1a122184ee431e14",
     "aliases": [
       "CVE-2021-23017"
     ],
@@ -1602,7 +1602,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "34b7ff4154010452c4dd186b7cbbcc5d",
+    "unique_content_id": "56ee126958340832e9b235a38b0c4495",
     "aliases": [
       "VU#120541",
       "CVE-2009-3555"
@@ -1655,7 +1655,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "cef6afb87317112ea248571bd6991994",
+    "unique_content_id": "b6f863030bb4fe1e2d3061bbcbc54d0c",
     "aliases": [
       "VU#180065",
       "CVE-2009-2629"
diff --git a/vulnerabilities/tests/test_data/npm-improver-expected.json b/vulnerabilities/tests/test_data/npm-improver-expected.json
new file mode 100644
index 000000000..391b93c57
--- /dev/null
+++ b/vulnerabilities/tests/test_data/npm-improver-expected.json
@@ -0,0 +1,190 @@
+[
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2013-4116"
+    ],
+    "confidence": 100,
+    "summary": "Predictable temp filenames allow overwrite of arbitrary files\nnpm versions before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.",
+    "affected_purls": [
+      {
+        "type": "npm",
+        "namespace": null,
+        "name": "npm",
+        "version": "0.1.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "npm",
+        "namespace": null,
+        "name": "npm",
+        "version": "0.5.2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "npm",
+        "namespace": null,
+        "name": "npm",
+        "version": "0.5.6",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "npm",
+        "namespace": null,
+        "name": "npm",
+        "version": "1.1.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "npm",
+        "namespace": null,
+        "name": "npm",
+        "version": "1.1.2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "npm",
+        "namespace": null,
+        "name": "npm",
+        "version": "1.1.3",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "npm",
+        "namespace": null,
+        "name": "npm",
+        "version": "1.1.4",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "npm",
+        "namespace": null,
+        "name": "npm",
+        "version": "1.1.5",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "npm",
+        "namespace": null,
+        "name": "npm",
+        "version": "1.1.6",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "npm",
+        "namespace": null,
+        "name": "npm",
+        "version": "1.1.7",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "npm",
+        "namespace": null,
+        "name": "npm",
+        "version": "1.1.8",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": null,
+    "references": [
+      {
+        "reference_id": "",
+        "url": "https://github.com/npm/npm/issues/3635",
+        "severities": [
+          {
+            "system": "cvssv3",
+            "value": 3.2,
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "http://www.openwall.com/lists/oss-security/2013/07/10/17",
+        "severities": [
+          {
+            "system": "cvssv3",
+            "value": 3.2,
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": 152,
+        "url": "https://github.com/nodejs/security-wg/blob/main/vuln/npm/152.json",
+        "severities": [
+          {
+            "system": "cvssv3",
+            "value": 3.2,
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2013-4116"
+    ],
+    "confidence": 100,
+    "summary": "Predictable temp filenames allow overwrite of arbitrary files\nnpm versions before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.",
+    "affected_purls": [],
+    "fixed_purl": {
+      "type": "npm",
+      "namespace": null,
+      "name": "npm",
+      "version": "1.3.3",
+      "qualifiers": null,
+      "subpath": null
+    },
+    "references": [
+      {
+        "reference_id": "",
+        "url": "https://github.com/npm/npm/issues/3635",
+        "severities": [
+          {
+            "system": "cvssv3",
+            "value": 3.2,
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "http://www.openwall.com/lists/oss-security/2013/07/10/17",
+        "severities": [
+          {
+            "system": "cvssv3",
+            "value": 3.2,
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": 152,
+        "url": "https://github.com/nodejs/security-wg/blob/main/vuln/npm/152.json",
+        "severities": [
+          {
+            "system": "cvssv3",
+            "value": 3.2,
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  }
+]
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/nvd/nvd-expected.json b/vulnerabilities/tests/test_data/nvd/nvd-expected.json
index 1ce76c038..1a77da93d 100644
--- a/vulnerabilities/tests/test_data/nvd/nvd-expected.json
+++ b/vulnerabilities/tests/test_data/nvd/nvd-expected.json
@@ -44,7 +44,9 @@
       }
     ],
     "date_published": "2012-07-25T19:55:00+00:00",
-    "weaknesses": [189]
+    "weaknesses": [
+      189
+    ]
   },
   {
     "aliases": [
@@ -326,6 +328,8 @@
       }
     ],
     "date_published": "2003-01-17T05:00:00+00:00",
-    "weaknesses": [200]
+    "weaknesses": [
+      200
+    ]
   }
 ]
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/nvd/nvd-rejected-expected.json b/vulnerabilities/tests/test_data/nvd/nvd-rejected-expected.json
new file mode 100644
index 000000000..a5cde4417
--- /dev/null
+++ b/vulnerabilities/tests/test_data/nvd/nvd-rejected-expected.json
@@ -0,0 +1,18 @@
+[
+  {
+    "aliases": [
+      "CVE-2022-0094"
+    ],
+    "summary": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.",
+    "affected_packages": [],
+    "references": [
+      {
+        "reference_id": "CVE-2022-0094",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0094",
+        "severities": []
+      }
+    ],
+    "date_published": "2023-05-12T05:15:00+00:00",
+    "weaknesses": []
+  }
+]
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/nvd/rejected_nvd.json b/vulnerabilities/tests/test_data/nvd/rejected_nvd.json
new file mode 100644
index 000000000..f9b060877
--- /dev/null
+++ b/vulnerabilities/tests/test_data/nvd/rejected_nvd.json
@@ -0,0 +1,40 @@
+{
+  "CVE_Items": [
+    {
+      "cve": {
+        "data_type": "CVE",
+        "data_format": "MITRE",
+        "data_version": "4.0",
+        "CVE_data_meta": {
+          "ID": "CVE-2022-0094",
+          "ASSIGNER": "cve@mitre.org"
+        },
+        "problemtype": {
+          "problemtype_data": [
+            {
+              "description": []
+            }
+          ]
+        },
+        "references": {
+          "reference_data": []
+        },
+        "description": {
+          "description_data": [
+            {
+              "lang": "en",
+              "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none."
+            }
+          ]
+        }
+      },
+      "configurations": {
+        "CVE_data_version": "4.0",
+        "nodes": []
+      },
+      "impact": {},
+      "publishedDate": "2023-05-12T05:15Z",
+      "lastModifiedDate": "2023-05-12T05:15Z"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/openssl/security_advisories-advisory_data-expected.json b/vulnerabilities/tests/test_data/openssl/security_advisories-advisory_data-expected.json
index e30b6bf95..b3731e45f 100644
--- a/vulnerabilities/tests/test_data/openssl/security_advisories-advisory_data-expected.json
+++ b/vulnerabilities/tests/test_data/openssl/security_advisories-advisory_data-expected.json
@@ -39,7 +39,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/1.0.2|1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2w|1.0.2x|1.0.2y|1.0.2za|1.0.2zb|1.0.2zc",
+        "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2v|1.0.2w|1.0.2x|1.0.2y|1.0.2za|1.0.2zb|1.0.2zc",
         "fixed_version": "1.0.2zd"
       }
     ],
@@ -119,8 +119,8 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/1.0.2|1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2w|1.0.2x|1.0.2y|1.0.2za|1.0.2zb",
-        "fixed_version": "1.0.2zc-de"
+        "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2v|1.0.2w|1.0.2x|1.0.2y|1.0.2za|1.0.2zb",
+        "fixed_version": "1.0.2zc-dev"
       }
     ],
     "references": [
@@ -279,7 +279,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/1.0.2|1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2w|1.0.2x|1.0.2y",
+        "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2v|1.0.2w|1.0.2x|1.0.2y",
         "fixed_version": "1.0.2za"
       }
     ],
@@ -434,7 +434,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/1.0.2|1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2w|1.0.2x",
+        "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2v|1.0.2w|1.0.2x",
         "fixed_version": "1.0.2y"
       }
     ],
@@ -485,7 +485,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/1.0.2|1.0.2s|1.0.2t|1.0.2u|1.0.2w|1.0.2x",
+        "affected_version_range": "vers:openssl/1.0.2s|1.0.2t|1.0.2u|1.0.2v|1.0.2w|1.0.2x",
         "fixed_version": "1.0.2y"
       }
     ],
@@ -543,7 +543,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/1.0.2|1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2w|1.0.2x",
+        "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2v|1.0.2w|1.0.2x",
         "fixed_version": "1.0.2y"
       }
     ],
@@ -606,7 +606,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/1.0.2|1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2w",
+        "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2v|1.0.2w",
         "fixed_version": "1.0.2x"
       }
     ],
@@ -657,7 +657,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/1.0.2|1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u",
+        "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2v",
         "fixed_version": "1.0.2w"
       }
     ],
@@ -3775,7 +3775,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze",
         "fixed_version": "0.9.8zf"
       },
       {
@@ -3852,7 +3852,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze",
         "fixed_version": "0.9.8zf"
       },
       {
@@ -4158,7 +4158,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze|0.9.8zf|0.9.8zg",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze|0.9.8zf|0.9.8zg",
         "fixed_version": "0.9.8zh"
       },
       {
@@ -4430,7 +4430,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze|0.9.8zf",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze|0.9.8zf",
         "fixed_version": "0.9.8zg"
       },
       {
@@ -4507,7 +4507,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze|0.9.8zf",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze|0.9.8zf",
         "fixed_version": "0.9.8zg"
       },
       {
@@ -4584,7 +4584,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze|0.9.8zf",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze|0.9.8zf",
         "fixed_version": "0.9.8zg"
       },
       {
@@ -4661,7 +4661,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze|0.9.8zf",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze|0.9.8zf",
         "fixed_version": "0.9.8zg"
       },
       {
@@ -4738,7 +4738,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y",
         "fixed_version": "0.9.8za"
       },
       {
@@ -5044,7 +5044,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze",
         "fixed_version": "0.9.8zf"
       },
       {
@@ -5121,7 +5121,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze",
         "fixed_version": "0.9.8zf"
       },
       {
@@ -5198,7 +5198,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y",
         "fixed_version": "0.9.8za"
       },
       {
@@ -5263,7 +5263,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze",
         "fixed_version": "0.9.8zf"
       },
       {
@@ -5422,7 +5422,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze",
         "fixed_version": "0.9.8zf"
       },
       {
@@ -5499,7 +5499,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze",
         "fixed_version": "0.9.8zf"
       },
       {
@@ -5694,7 +5694,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc",
         "fixed_version": "0.9.8zd"
       },
       {
@@ -5759,7 +5759,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc",
         "fixed_version": "0.9.8zd"
       },
       {
@@ -5824,7 +5824,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc",
         "fixed_version": "0.9.8zd"
       },
       {
@@ -5942,7 +5942,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc",
         "fixed_version": "0.9.8zd"
       },
       {
@@ -6007,7 +6007,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc",
         "fixed_version": "0.9.8zd"
       },
       {
@@ -6113,7 +6113,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb",
+        "affected_version_range": "vers:openssl/0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb",
         "fixed_version": "0.9.8zc"
       },
       {
@@ -6177,7 +6177,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb",
         "fixed_version": "0.9.8zc"
       },
       {
@@ -6225,7 +6225,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb",
         "fixed_version": "0.9.8zc"
       },
       {
@@ -6290,7 +6290,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za",
         "fixed_version": "0.9.8zb"
       },
       {
@@ -6431,7 +6431,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za",
+        "affected_version_range": "vers:openssl/0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za",
         "fixed_version": "0.9.8zb"
       },
       {
@@ -6490,7 +6490,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za",
         "fixed_version": "0.9.8zb"
       },
       {
@@ -6549,7 +6549,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za",
+        "affected_version_range": "vers:openssl/0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za",
         "fixed_version": "0.9.8zb"
       },
       {
@@ -6608,7 +6608,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za",
         "fixed_version": "0.9.8zb"
       },
       {
@@ -9060,7 +9060,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8",
+        "affected_version_range": "vers:openssl/0.9.8v",
         "fixed_version": "0.9.8w"
       }
     ],
@@ -9096,7 +9096,7 @@
           "subpath": null
         },
         "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u",
-        "fixed_version": "0.9.8"
+        "fixed_version": "0.9.8v"
       },
       {
         "package": {
@@ -9154,7 +9154,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w",
         "fixed_version": "0.9.8x"
       },
       {
@@ -9213,7 +9213,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x",
         "fixed_version": "0.9.8y"
       },
       {
@@ -9307,7 +9307,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x",
         "fixed_version": "0.9.8y"
       },
       {
@@ -9483,7 +9483,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y",
         "fixed_version": "0.9.8za"
       },
       {
@@ -9587,7 +9587,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y",
         "fixed_version": "0.9.8za"
       },
       {
@@ -9646,7 +9646,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y",
         "fixed_version": "0.9.8za"
       },
       {
@@ -9705,7 +9705,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y",
+        "affected_version_range": "vers:openssl/0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y",
         "fixed_version": "0.9.8za"
       },
       {
@@ -9858,7 +9858,7 @@
           "qualifiers": null,
           "subpath": null
         },
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y",
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y",
         "fixed_version": "0.9.8za"
       },
       {
diff --git a/vulnerabilities/tests/test_data/openssl/security_advisories-importer-expected.json b/vulnerabilities/tests/test_data/openssl/security_advisories-importer-expected.json
index 3ca6776d9..154c04848 100644
--- a/vulnerabilities/tests/test_data/openssl/security_advisories-importer-expected.json
+++ b/vulnerabilities/tests/test_data/openssl/security_advisories-importer-expected.json
@@ -1,6 +1,6 @@
 [
   {
-    "unique_content_id": "3b5d1987c5d35dd975de6517663fbf2f",
+    "unique_content_id": "04c6f1647a995270b868349c1a020b8c",
     "aliases": [
       "VC-OPENSSL-20141015"
     ],
@@ -16,7 +16,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zc",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb"
       },
       {
         "package": {
@@ -48,7 +48,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "2ec1914c66b9d7965fca6a0e0bf6c0ec",
+    "unique_content_id": "42c7edcc17f2a9bd2818f09e4eb8adf2",
     "aliases": [
       "CVE-2002-0655",
       "VC-OPENSSL-20020730-CVE-2002-0655"
@@ -84,7 +84,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "25d5f2c0daeaee15470dfefa43708d73",
+    "unique_content_id": "f11457b1b0f06d74f0656b6f2881200a",
     "aliases": [
       "CVE-2002-0656",
       "VC-OPENSSL-20020730-CVE-2002-0656"
@@ -120,7 +120,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "c98c11a31d0c05afb57039eac59ae4b1",
+    "unique_content_id": "ff8f7639c2d99fe59c908883c86d761a",
     "aliases": [
       "CVE-2002-0657",
       "VC-OPENSSL-20020730-CVE-2002-0657"
@@ -156,7 +156,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "cb80d3d5cbb3cecb0f4a3288931c2ed3",
+    "unique_content_id": "0d98126a9c204234a154e3a9b6977c05",
     "aliases": [
       "CVE-2002-0659",
       "VC-OPENSSL-20020730-CVE-2002-0659"
@@ -192,7 +192,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "e030092a3a2d0cce363e5f70220b78dd",
+    "unique_content_id": "2cea5897cba37c4e27a01c3ed449f5fb",
     "aliases": [
       "CVE-2002-1568",
       "VC-OPENSSL-20020808-CVE-2002-1568"
@@ -228,7 +228,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "73a5c0c4082149dea0cc58110cce5240",
+    "unique_content_id": "7ad108b04e616cdded9f4a94b55dce6c",
     "aliases": [
       "CVE-2003-0078",
       "VC-OPENSSL-20030219-CVE-2003-0078"
@@ -276,7 +276,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "55cc2fb9b51cb4777fe7ea4b98a45853",
+    "unique_content_id": "9f7f0a48f8e138e3e2515ce91177cbe0",
     "aliases": [
       "CVE-2003-0131",
       "VC-OPENSSL-20030319-CVE-2003-0131"
@@ -324,7 +324,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "63a8a6e8a2dbde22c68815ec8fa6e1b5",
+    "unique_content_id": "b050f6ae5953058031a3fb2e2fc72db3",
     "aliases": [
       "CVE-2003-0147",
       "VC-OPENSSL-20030314-CVE-2003-0147"
@@ -372,7 +372,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "aebb33e7fbb490eac9a8a617fc0d7ca3",
+    "unique_content_id": "335235ddd89e29167e086214681496df",
     "aliases": [
       "CVE-2003-0543",
       "VC-OPENSSL-20030930-CVE-2003-0543"
@@ -420,7 +420,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "b00ab5e0ca915c6c9b2663a0ee19e472",
+    "unique_content_id": "a82b76e19ba7ad275716c3cd75d1836b",
     "aliases": [
       "CVE-2003-0544",
       "VC-OPENSSL-20030930-CVE-2003-0544"
@@ -468,7 +468,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "9ae2c602beabf73d535f1933f2bdee91",
+    "unique_content_id": "5d0026f327e7cba4891469588fe1c4a6",
     "aliases": [
       "CVE-2003-0545",
       "VC-OPENSSL-20030930-CVE-2003-0545"
@@ -504,7 +504,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "b9dbe99eb99cff6623b2f07bda3db3e1",
+    "unique_content_id": "52184347fb4766570eca1ee567f39e8d",
     "aliases": [
       "CVE-2003-0851",
       "VC-OPENSSL-20031104-CVE-2003-0851"
@@ -540,7 +540,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "0399fccd94425e8afdd33ffc49edcf87",
+    "unique_content_id": "7cb81c10e696823889a42034ef01d952",
     "aliases": [
       "CVE-2004-0079",
       "VC-OPENSSL-20040317-CVE-2004-0079"
@@ -588,7 +588,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "04baadb0909239aa63250f8148b840e4",
+    "unique_content_id": "80609d58052f5dee5307c49797dd0354",
     "aliases": [
       "CVE-2004-0081",
       "VC-OPENSSL-20040317-CVE-2004-0081"
@@ -624,7 +624,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "e11001942f7918509fd2391a2595d3c8",
+    "unique_content_id": "9fc029f20569a155f5b0f6900597224d",
     "aliases": [
       "CVE-2004-0112",
       "VC-OPENSSL-20040317-CVE-2004-0112"
@@ -660,7 +660,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "fa1f3146fe26d34512d73ade9810b151",
+    "unique_content_id": "86814969435fc412c5650b7f67adb27a",
     "aliases": [
       "CVE-2004-0975",
       "VC-OPENSSL-20040930-CVE-2004-0975"
@@ -708,7 +708,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "6d92ea5ca68aae26e71ee69b0343b3a5",
+    "unique_content_id": "c5ed0df4ac23391b98d591cc624682bf",
     "aliases": [
       "CVE-2005-2969",
       "VC-OPENSSL-20051011-CVE-2005-2969"
@@ -768,7 +768,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "69a5e64b56819419f55c40d5db981710",
+    "unique_content_id": "28e01d8ee7ddf83d1fea01f73da11fe0",
     "aliases": [
       "CVE-2006-2937",
       "VC-OPENSSL-20060928-CVE-2006-2937"
@@ -816,7 +816,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "12536462776dc0fec2a706166cccb41f",
+    "unique_content_id": "df43f1cb0acc1ca7469acb31bda2c95c",
     "aliases": [
       "CVE-2006-2940",
       "VC-OPENSSL-20060928-CVE-2006-2940"
@@ -876,7 +876,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "5a1555075a1a07181596e9ee755176d2",
+    "unique_content_id": "bc0d18502346c6c08615d41d8d0a9eec",
     "aliases": [
       "CVE-2006-3738",
       "VC-OPENSSL-20060928-CVE-2006-3738"
@@ -936,7 +936,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "6213f8e51cb9850bd2d59065aecdf0cd",
+    "unique_content_id": "60cb604d23398455a16af94aea7808f8",
     "aliases": [
       "CVE-2006-4339",
       "VC-OPENSSL-20060905-CVE-2006-4339"
@@ -996,7 +996,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "b8fcc1e274575002715a347b125ae8e4",
+    "unique_content_id": "792ddd9624a1bfae87875f1031f05bbb",
     "aliases": [
       "CVE-2006-4343",
       "VC-OPENSSL-20060928-CVE-2006-4343"
@@ -1056,7 +1056,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "ce7a360e61885d4a980deb76217c0d60",
+    "unique_content_id": "53912e78919b09414925ecdcfe8280ed",
     "aliases": [
       "CVE-2007-4995",
       "VC-OPENSSL-20071012-CVE-2007-4995"
@@ -1092,7 +1092,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "70a70192d83214d772289d57dae1ee61",
+    "unique_content_id": "f7c5e9f36c855b863d50e346ba3113a4",
     "aliases": [
       "CVE-2007-5135",
       "VC-OPENSSL-20071012-CVE-2007-5135"
@@ -1128,7 +1128,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "1f2782accf0ef33eec7f7c21fe969938",
+    "unique_content_id": "66fb6c05d98c7c6576bfc964d91ef5a4",
     "aliases": [
       "CVE-2008-0891",
       "VC-OPENSSL-20080528-CVE-2008-0891"
@@ -1164,7 +1164,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "b1b17735ced56629f76d4ad4156b9bce",
+    "unique_content_id": "5fa6451f516d613020a51adba4b2a5df",
     "aliases": [
       "CVE-2008-1672",
       "VC-OPENSSL-20080528-CVE-2008-1672"
@@ -1200,7 +1200,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "0b092b26a3a1c75112d186f6cdd60ff7",
+    "unique_content_id": "e5bb0ef8f68da1227acbbe9a0e19ea51",
     "aliases": [
       "CVE-2008-5077",
       "VC-OPENSSL-20090107-CVE-2008-5077"
@@ -1236,7 +1236,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "e0b9e817cf72e4d773d890a61287bd88",
+    "unique_content_id": "0815c1003ef7173e3d9f08dfe755f3e9",
     "aliases": [
       "CVE-2009-0590",
       "VC-OPENSSL-20090325-CVE-2009-0590"
@@ -1272,7 +1272,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "43dcbfcedcc32b87a723125d164291e1",
+    "unique_content_id": "da15bbfbc67a1aeeef7b10e3b64ab6f7",
     "aliases": [
       "CVE-2009-0591",
       "VC-OPENSSL-20090325-CVE-2009-0591"
@@ -1308,7 +1308,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "1e3c05fa25e14f424f2078739c0bdc60",
+    "unique_content_id": "69794aa9a8ae3f113cb1ebeb800cb922",
     "aliases": [
       "CVE-2009-0789",
       "VC-OPENSSL-20090325-CVE-2009-0789"
@@ -1344,7 +1344,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "10ae2d0da4aa9205aaded1b081eb1b25",
+    "unique_content_id": "125f375fc65250d248dd1c6fa835b62d",
     "aliases": [
       "CVE-2009-1377",
       "VC-OPENSSL-20090512-CVE-2009-1377"
@@ -1385,7 +1385,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "2b4e1b73c41a5e2fd1e5ec5acd53085f",
+    "unique_content_id": "c43fe57897c5382af03f9801d8e967fb",
     "aliases": [
       "CVE-2009-1378",
       "VC-OPENSSL-20090512-CVE-2009-1378"
@@ -1426,7 +1426,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "2479cc3b4b0c5a64f6af5fe00d4bb334",
+    "unique_content_id": "5e6aafb8f482a7c6178b42b38a009f5e",
     "aliases": [
       "CVE-2009-1379",
       "VC-OPENSSL-20090512-CVE-2009-1379"
@@ -1467,7 +1467,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "dd6da6267d70026a558db1a116fbee2e",
+    "unique_content_id": "9ec98946c82defeed233a217811ad933",
     "aliases": [
       "CVE-2009-1386",
       "VC-OPENSSL-20090602-CVE-2009-1386"
@@ -1503,7 +1503,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "855075369cb16f6855f37e5f18dd94aa",
+    "unique_content_id": "28c7c4855665b24fa480867b7b253d92",
     "aliases": [
       "CVE-2009-1387",
       "VC-OPENSSL-20090205-CVE-2009-1387"
@@ -1539,7 +1539,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "cd5a928e754a81fe78d2ff793fd9fe5c",
+    "unique_content_id": "f816b850fedbf873b53ae6fb365b5e5c",
     "aliases": [
       "CVE-2009-3245",
       "VC-OPENSSL-20100223-CVE-2009-3245"
@@ -1575,7 +1575,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "e13ddcabb53c6826afd71355212e490f",
+    "unique_content_id": "f05a468f236f6ec08d062c7b0c4a0304",
     "aliases": [
       "CVE-2009-3555",
       "VC-OPENSSL-20091105-CVE-2009-3555"
@@ -1611,7 +1611,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "7623cc9fdf2c1a033ae13b9c4f85c216",
+    "unique_content_id": "0d0e5931b5f5806a1a05743db7e4b7c0",
     "aliases": [
       "CVE-2009-4355",
       "VC-OPENSSL-20100113-CVE-2009-4355"
@@ -1647,7 +1647,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "f93465ffe5c17257ebdf5801edd6c8e7",
+    "unique_content_id": "d4a6f889f0f02d58f9752b11577a8be2",
     "aliases": [
       "CVE-2010-0433",
       "VC-OPENSSL-20100119-CVE-2010-0433"
@@ -1683,7 +1683,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "1c2ec8085e7e8589e189bc816ea6e4f8",
+    "unique_content_id": "530e4ad08c16575df24251503443bb59",
     "aliases": [
       "CVE-2010-0740",
       "VC-OPENSSL-20100324-CVE-2010-0740"
@@ -1719,7 +1719,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "10a8d75d89e03a7e1b68c7de54099ca7",
+    "unique_content_id": "5f67cbc323f861aa346b3ffc16e4f1dc",
     "aliases": [
       "CVE-2010-0742",
       "VC-OPENSSL-20100601-CVE-2010-0742"
@@ -1767,7 +1767,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "a2f368d38ceb728d8725aff53b981893",
+    "unique_content_id": "9e4b9fc6761a1be003001a8b65b17c3d",
     "aliases": [
       "CVE-2010-1633",
       "VC-OPENSSL-20100601-CVE-2010-1633"
@@ -1803,7 +1803,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "c59743251b77735f296be0f67fead428",
+    "unique_content_id": "6145640f99267325e2563cb418803581",
     "aliases": [
       "CVE-2010-3864",
       "VC-OPENSSL-20101116-CVE-2010-3864"
@@ -1851,7 +1851,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "e4b73e603cc3582c869a0225260b68f2",
+    "unique_content_id": "f5e66b2b29d74be1589f52ed6bb546f2",
     "aliases": [
       "CVE-2010-4180",
       "VC-OPENSSL-20101202-CVE-2010-4180"
@@ -1899,7 +1899,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "c8d35a8e132ea021df593dbfa90519fe",
+    "unique_content_id": "bf23a27f23947cb0334950bbbb5555bd",
     "aliases": [
       "CVE-2010-4252",
       "VC-OPENSSL-20101202-CVE-2010-4252"
@@ -1935,7 +1935,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "89b3f67beba5915422b336140683b8a9",
+    "unique_content_id": "1d616cba585895cea489ab0f659a826c",
     "aliases": [
       "CVE-2010-5298",
       "VC-OPENSSL-20140408-CVE-2010-5298"
@@ -1983,7 +1983,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "c321f88c434d878975bb4654c9dd11fb",
+    "unique_content_id": "0acb88364ff16f0571c8050e68cd92f9",
     "aliases": [
       "CVE-2011-0014",
       "VC-OPENSSL-20110208-CVE-2011-0014"
@@ -2031,7 +2031,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "54c01172e2e79e9e75d62960fb3f3ca3",
+    "unique_content_id": "d7924341a4014bb900a24b2530b012a9",
     "aliases": [
       "CVE-2011-3207",
       "VC-OPENSSL-20110906-CVE-2011-3207"
@@ -2067,7 +2067,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "0b591f3a423642028bd7610a4c0c4c8b",
+    "unique_content_id": "6f2ec945a660843afe357f506e95c7d6",
     "aliases": [
       "CVE-2011-3210",
       "VC-OPENSSL-20110906-CVE-2011-3210"
@@ -2115,7 +2115,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "600af49289d67cfbc3327ab07d7ad2e4",
+    "unique_content_id": "fd14646a48839e19cd5abca58a6f7027",
     "aliases": [
       "CVE-2011-4108",
       "VC-OPENSSL-20120104-CVE-2011-4108"
@@ -2163,7 +2163,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "7807545a105e79cf1c8b50521641e613",
+    "unique_content_id": "3ace70105bdd9fa5032611dc8f0d5b18",
     "aliases": [
       "CVE-2011-4109",
       "VC-OPENSSL-20120104-CVE-2011-4109"
@@ -2199,7 +2199,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "ad9473b31be72e89afbe9ad718a72e00",
+    "unique_content_id": "884ae61328017b4ef12de8ad6873485b",
     "aliases": [
       "CVE-2011-4576",
       "VC-OPENSSL-20120104-CVE-2011-4576"
@@ -2247,7 +2247,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "3e660791fead8dd25efecc0f283c208c",
+    "unique_content_id": "7bb6357fd79f5c4464321d9411068fda",
     "aliases": [
       "CVE-2011-4577",
       "VC-OPENSSL-20120104-CVE-2011-4577"
@@ -2295,7 +2295,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "f86d2211da5a61d8e581d7b11f1908d1",
+    "unique_content_id": "5270da511756b8f2e6ca146b807c804f",
     "aliases": [
       "CVE-2011-4619",
       "VC-OPENSSL-20120104-CVE-2011-4619"
@@ -2343,7 +2343,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "92951f2a40936d95d72816f0d2998000",
+    "unique_content_id": "9042759278f60e0f796d95200b39e366",
     "aliases": [
       "CVE-2012-0027",
       "VC-OPENSSL-20120104-CVE-2012-0027"
@@ -2379,7 +2379,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "f50e568118ff3cbe3e7d9218d8fe8490",
+    "unique_content_id": "bb02abe70e513a44cad7157ae9c2e46a",
     "aliases": [
       "CVE-2012-0050",
       "VC-OPENSSL-20120104-CVE-2012-0050"
@@ -2427,7 +2427,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "f06c70d55861fcad43368de536b9fa2b",
+    "unique_content_id": "a40cce4dd635daa3bf5de19c3f48052f",
     "aliases": [
       "CVE-2012-0884",
       "VC-OPENSSL-20120312-CVE-2012-0884"
@@ -2475,7 +2475,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "e5eb2917af2b324b45323e80a932eaac",
+    "unique_content_id": "cdee95deef77ce07d70f8e88eaa4c095",
     "aliases": [
       "CVE-2012-2110",
       "VC-OPENSSL-20120419-CVE-2012-2110"
@@ -2491,7 +2491,7 @@
           "namespace": null,
           "qualifiers": null
         },
-        "fixed_version": "0.9.8",
+        "fixed_version": "0.9.8v",
         "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u"
       },
       {
@@ -2535,7 +2535,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "4ec9eb4c6e5c622e43a6ea6ef15d52b4",
+    "unique_content_id": "55b076d162c4b240106f7bf2763cafd6",
     "aliases": [
       "CVE-2012-2131",
       "VC-OPENSSL-20120424-CVE-2012-2131"
@@ -2552,7 +2552,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8w",
-        "affected_version_range": "vers:openssl/0.9.8"
+        "affected_version_range": "vers:openssl/0.9.8v"
       }
     ],
     "references": [
@@ -2571,7 +2571,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "6a0035c2e08c94d1f96c341c1c65308e",
+    "unique_content_id": "59549e2437baad3ea212eadc88b1be2f",
     "aliases": [
       "CVE-2012-2333",
       "VC-OPENSSL-20120510-CVE-2012-2333"
@@ -2588,7 +2588,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8x",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w"
       },
       {
         "package": {
@@ -2631,7 +2631,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "71f19fecae0d29e9647041dd489f8b9d",
+    "unique_content_id": "bef507e9573f158a2636009c0c1d02dc",
     "aliases": [
       "CVE-2012-2686",
       "VC-OPENSSL-20130205-CVE-2012-2686"
@@ -2667,7 +2667,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "9ead169dc70d8bbcfceb668bf99916b5",
+    "unique_content_id": "3b3c16c29c6939aabdd71dda5d0b7026",
     "aliases": [
       "CVE-2013-0166",
       "VC-OPENSSL-20130205-CVE-2013-0166"
@@ -2684,7 +2684,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8y",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x"
       },
       {
         "package": {
@@ -2727,7 +2727,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "5150b7bcb2a91bca5bbec4be5fd9707e",
+    "unique_content_id": "c0c837fbd9286531139584322473c105",
     "aliases": [
       "CVE-2013-0169",
       "VC-OPENSSL-20130204-CVE-2013-0169"
@@ -2744,7 +2744,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8y",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x"
       },
       {
         "package": {
@@ -2787,7 +2787,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "8f379a5bad1322f3555d207330a7e79b",
+    "unique_content_id": "5439c50ba4534fcf24cf97ccb3627451",
     "aliases": [
       "CVE-2013-4353",
       "VC-OPENSSL-20140106-CVE-2013-4353"
@@ -2823,7 +2823,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "e044b060bb6a88182ef047435b17edc7",
+    "unique_content_id": "0643b605ee605695901f19c07aeee4e1",
     "aliases": [
       "CVE-2013-6449",
       "VC-OPENSSL-20131214-CVE-2013-6449"
@@ -2859,7 +2859,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "f629034826a9a0b0405e02e8fecc5471",
+    "unique_content_id": "a12d47e9571229f619d1f42252fb5892",
     "aliases": [
       "CVE-2013-6450",
       "VC-OPENSSL-20131213-CVE-2013-6450"
@@ -2907,7 +2907,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "f088991977978985d6c22eae42e9ae0d",
+    "unique_content_id": "6d1745be01f0c906e616276b8a55cbe5",
     "aliases": [
       "CVE-2014-0076",
       "VC-OPENSSL-20140214-CVE-2014-0076"
@@ -2924,7 +2924,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8za",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y"
       },
       {
         "package": {
@@ -2977,7 +2977,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "45eb6dfd31b5fc4828ce7918a5e30fe1",
+    "unique_content_id": "96ebdfe483dbf2660488ccc0b525d272",
     "aliases": [
       "CVE-2014-0160",
       "VC-OPENSSL-20140407-CVE-2014-0160"
@@ -3013,7 +3013,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "61d91c23f6b3cbb2cfe8c448285ced91",
+    "unique_content_id": "4b673338bc04fe6d13db13f2c461c902",
     "aliases": [
       "CVE-2014-0195",
       "VC-OPENSSL-20140605-CVE-2014-0195"
@@ -3030,7 +3030,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8za",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y"
+        "affected_version_range": "vers:openssl/0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y"
       },
       {
         "package": {
@@ -3073,7 +3073,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "b72606d65a6ae99abd593e03be951491",
+    "unique_content_id": "3d26b6d40e357e403e99f2e803d3cc2a",
     "aliases": [
       "CVE-2014-0198",
       "VC-OPENSSL-20140421-CVE-2014-0198"
@@ -3121,7 +3121,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "9d281843d5f176d057383fdad48bf8b9",
+    "unique_content_id": "71b03dc2ca936e1fbd72792eed218d50",
     "aliases": [
       "CVE-2014-0221",
       "VC-OPENSSL-20140605-CVE-2014-0221"
@@ -3138,7 +3138,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8za",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y"
       },
       {
         "package": {
@@ -3181,7 +3181,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "acd1e3ac9746e2bf60f9e4356e42a244",
+    "unique_content_id": "bafb3d6d9d26d4e61f3eaf73cceb1984",
     "aliases": [
       "CVE-2014-0224",
       "VC-OPENSSL-20140605-CVE-2014-0224"
@@ -3198,7 +3198,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8za",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y"
       },
       {
         "package": {
@@ -3241,7 +3241,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "928fd52bdf45973bd405785383f86ff9",
+    "unique_content_id": "427f998b56aa7aa86d5f503abe3f3e67",
     "aliases": [
       "CVE-2014-3470",
       "VC-OPENSSL-20140530-CVE-2014-3470"
@@ -3258,7 +3258,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8za",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y"
       },
       {
         "package": {
@@ -3301,7 +3301,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "ddb7ca3a4fe071c0b0e2bce9159e80a9",
+    "unique_content_id": "cd3d23c5b9699235956654afc49a2c43",
     "aliases": [
       "CVE-2014-3505",
       "VC-OPENSSL-20140806-CVE-2014-3505"
@@ -3318,7 +3318,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zb",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za"
+        "affected_version_range": "vers:openssl/0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za"
       },
       {
         "package": {
@@ -3361,7 +3361,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "9a0cc7af593e54b92b6972add5003c70",
+    "unique_content_id": "2e547e8a2438efbae8cbadb0e24d874a",
     "aliases": [
       "CVE-2014-3506",
       "VC-OPENSSL-20140806-CVE-2014-3506"
@@ -3378,7 +3378,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zb",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za"
       },
       {
         "package": {
@@ -3421,7 +3421,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "3f2bdad8de4efd2e68f4bf04d8cb7038",
+    "unique_content_id": "f965d051d32fa4966d28e5decb28886b",
     "aliases": [
       "CVE-2014-3507",
       "VC-OPENSSL-20140806-CVE-2014-3507"
@@ -3438,7 +3438,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zb",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za"
+        "affected_version_range": "vers:openssl/0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za"
       },
       {
         "package": {
@@ -3481,7 +3481,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "3c0bc908a2f8b2ec18eabf6b12757586",
+    "unique_content_id": "57a7b3eccf0e52bf47dc7302888b8049",
     "aliases": [
       "CVE-2014-3508",
       "VC-OPENSSL-20140806-CVE-2014-3508"
@@ -3498,7 +3498,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zb",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za"
       },
       {
         "package": {
@@ -3541,7 +3541,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "cc4b40b103fcbee25daf28d68cfc0f96",
+    "unique_content_id": "f8ed096f8200970514f718d63ddb02ae",
     "aliases": [
       "CVE-2014-3509",
       "VC-OPENSSL-20140806-CVE-2014-3509"
@@ -3589,7 +3589,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "f2c41d8c1f22980784c20b489c539cfb",
+    "unique_content_id": "86bf2459c7fbfa8f4103d41962f0230a",
     "aliases": [
       "CVE-2014-3510",
       "VC-OPENSSL-20140806-CVE-2014-3510"
@@ -3606,7 +3606,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zb",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za"
       },
       {
         "package": {
@@ -3649,7 +3649,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "9538bc3461d96c2b21db3c1fac24baa1",
+    "unique_content_id": "efb5634d875346aac9d819cf9ace3565",
     "aliases": [
       "CVE-2014-3511",
       "VC-OPENSSL-20140806-CVE-2014-3511"
@@ -3685,7 +3685,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "69b45e7fa2c0b4fb073a8b82849decbd",
+    "unique_content_id": "b3f508428f93dd8a12bc6acddde22fec",
     "aliases": [
       "CVE-2014-3512",
       "VC-OPENSSL-20140806-CVE-2014-3512"
@@ -3721,7 +3721,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "11e1f9c06f2e3543c81cf07c224cf341",
+    "unique_content_id": "2522443fee1593d04487aa896ab8d3cf",
     "aliases": [
       "CVE-2014-3513",
       "VC-OPENSSL-20141015-CVE-2014-3513"
@@ -3763,7 +3763,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "8d6fe58e87dc190b8862a94b4d2d8562",
+    "unique_content_id": "41768bb8c0e8ba285ea8b6117a0b4a14",
     "aliases": [
       "CVE-2014-3567",
       "VC-OPENSSL-20141015-CVE-2014-3567"
@@ -3780,7 +3780,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zc",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb"
+        "affected_version_range": "vers:openssl/0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb"
       },
       {
         "package": {
@@ -3829,7 +3829,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "da97f3220903401cf9a9d0e1bcb5d216",
+    "unique_content_id": "a2db1a045cd404825494c3d4336f3856",
     "aliases": [
       "CVE-2014-3568",
       "VC-OPENSSL-20141015-CVE-2014-3568"
@@ -3846,7 +3846,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zc",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb"
       },
       {
         "package": {
@@ -3895,7 +3895,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "bc3dcbb576781e2d3895959a32a98cd6",
+    "unique_content_id": "f70d5d89d03b7716da1d33ba8b2c2186",
     "aliases": [
       "CVE-2014-3569",
       "VC-OPENSSL-20141021-CVE-2014-3569"
@@ -3961,7 +3961,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "de6019028ac0c1f61b2791ea0b64dae4",
+    "unique_content_id": "2f0bf3ec1a2df6fdb54d720d39e328c8",
     "aliases": [
       "CVE-2014-3570",
       "VC-OPENSSL-20150108-CVE-2014-3570"
@@ -3978,7 +3978,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zd",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc"
       },
       {
         "package": {
@@ -4027,7 +4027,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "e1a2c8490ee8ec555408bf1ba329ab5f",
+    "unique_content_id": "cbb08ce1ed7dfd01e8a31ecf6068a5b9",
     "aliases": [
       "CVE-2014-3571",
       "VC-OPENSSL-20150105-CVE-2014-3571"
@@ -4044,7 +4044,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zd",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc"
       },
       {
         "package": {
@@ -4093,7 +4093,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "830d8ea55e127bf408bf1a96867fde9e",
+    "unique_content_id": "d40fbb5ca254efa4c82936d1a4043332",
     "aliases": [
       "CVE-2014-3572",
       "VC-OPENSSL-20150105-CVE-2014-3572"
@@ -4110,7 +4110,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zd",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc"
       },
       {
         "package": {
@@ -4159,7 +4159,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "556ac77a9be9aa218ddaa6bafb6c3ef1",
+    "unique_content_id": "654168ae1454ec9525ebd708aba408b2",
     "aliases": [
       "CVE-2014-5139",
       "VC-OPENSSL-20140806-CVE-2014-5139"
@@ -4195,7 +4195,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "ba9bf80219726629bf9ca25b9ec2d7ee",
+    "unique_content_id": "ddbeb02bbc58e4b80cac7a0849450d35",
     "aliases": [
       "CVE-2014-8176",
       "VC-OPENSSL-20150611-CVE-2014-8176"
@@ -4212,7 +4212,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8za",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y"
       },
       {
         "package": {
@@ -4261,7 +4261,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "17a2b9e6e7f20925bfa76eed64d97e63",
+    "unique_content_id": "fccd55495c5926e4caa4f4f6c58f05cf",
     "aliases": [
       "CVE-2014-8275",
       "VC-OPENSSL-20150105-CVE-2014-8275"
@@ -4278,7 +4278,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zd",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc"
       },
       {
         "package": {
@@ -4327,7 +4327,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "da0b220dac069d120b1b47e18460563e",
+    "unique_content_id": "6273bc95ece83f5c5943c392af36f2b4",
     "aliases": [
       "CVE-2015-0204",
       "VC-OPENSSL-20150106-CVE-2015-0204"
@@ -4344,7 +4344,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zd",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc"
       },
       {
         "package": {
@@ -4393,7 +4393,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "9110b3c3a234b07357ebc6c80b9e5718",
+    "unique_content_id": "03f80e184b4049d83fba669c049a458e",
     "aliases": [
       "CVE-2015-0205",
       "VC-OPENSSL-20150108-CVE-2015-0205"
@@ -4447,7 +4447,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "f80174a3b289a4ded7c91ff074ab8d3c",
+    "unique_content_id": "150229214c5730affcc204cb2894b1a6",
     "aliases": [
       "CVE-2015-0206",
       "VC-OPENSSL-20150108-CVE-2015-0206"
@@ -4501,7 +4501,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "6e873fedb8d2713b07fdac4782eb09ec",
+    "unique_content_id": "4766024a5aebabe681b60623902ac850",
     "aliases": [
       "CVE-2015-0207",
       "VC-OPENSSL-20150319-CVE-2015-0207"
@@ -4543,7 +4543,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "517f709ddc0f0586d83e272e9c8b0773",
+    "unique_content_id": "6b92dd09c9bd97ea10dfee8725c6cb02",
     "aliases": [
       "CVE-2015-0208",
       "VC-OPENSSL-20150319-CVE-2015-0208"
@@ -4585,7 +4585,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "b76e9c597b1ed20726dd4b1927843303",
+    "unique_content_id": "dfd36313ac5e826bd39d99dc2419c8f8",
     "aliases": [
       "CVE-2015-0209",
       "VC-OPENSSL-20150319-CVE-2015-0209"
@@ -4602,7 +4602,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zf",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze"
       },
       {
         "package": {
@@ -4663,7 +4663,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "fdcf9c50310fe3e4a297a0477ecb33d8",
+    "unique_content_id": "53b34f9bfa9228686b74afcd7b46b850",
     "aliases": [
       "CVE-2015-0285",
       "VC-OPENSSL-20150310-CVE-2015-0285"
@@ -4705,7 +4705,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "b260215cc8903aec80e94a71e6b1ba1a",
+    "unique_content_id": "fcb4b977c399b980678f2cb421a1bca7",
     "aliases": [
       "CVE-2015-0286",
       "VC-OPENSSL-20150319-CVE-2015-0286"
@@ -4783,7 +4783,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "7da3628b8b128b6e84e39d89d5f13c19",
+    "unique_content_id": "54491ae1b0f86abeffc243272b05d009",
     "aliases": [
       "CVE-2015-0287",
       "VC-OPENSSL-20150319-CVE-2015-0287"
@@ -4800,7 +4800,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zf",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze"
       },
       {
         "package": {
@@ -4861,7 +4861,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "ca59a8208ab9a2665834ce8f27cfdc0d",
+    "unique_content_id": "1f74aff810fc70bcf7d02370823d3ca2",
     "aliases": [
       "CVE-2015-0288",
       "VC-OPENSSL-20150302-CVE-2015-0288"
@@ -4878,7 +4878,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zf",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze"
       },
       {
         "package": {
@@ -4939,7 +4939,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "7ba9c375172e33e587e6916a2c04abc2",
+    "unique_content_id": "e2a716160c6e507698d5a2af8a38001e",
     "aliases": [
       "CVE-2015-0289",
       "VC-OPENSSL-20150319-CVE-2015-0289"
@@ -4956,7 +4956,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zf",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze"
       },
       {
         "package": {
@@ -5017,7 +5017,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "19d2f8893cb07b2605c1579c89dfe8f5",
+    "unique_content_id": "de990f6e8f558cc0431f82b141625776",
     "aliases": [
       "CVE-2015-0290",
       "VC-OPENSSL-20150319-CVE-2015-0290"
@@ -5059,7 +5059,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "5c2919fe7b5c27c156fb01572b75c3f7",
+    "unique_content_id": "ad214c980f3fc572880a7d2d687a421f",
     "aliases": [
       "CVE-2015-0291",
       "VC-OPENSSL-20150319-CVE-2015-0291"
@@ -5101,7 +5101,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "0f721e9aab1c62cb180baeb245335c9d",
+    "unique_content_id": "695e095c32c74fff52ef2f8f67daf2fe",
     "aliases": [
       "CVE-2015-0292",
       "VC-OPENSSL-20150319-CVE-2015-0292"
@@ -5118,7 +5118,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8za",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y"
       },
       {
         "package": {
@@ -5167,7 +5167,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "e84f4ac47cc48005d56f018d2e65daf5",
+    "unique_content_id": "886d61d776562e0ed30cde7b5e8aa442",
     "aliases": [
       "CVE-2015-0293",
       "VC-OPENSSL-20150319-CVE-2015-0293"
@@ -5184,7 +5184,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zf",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze"
       },
       {
         "package": {
@@ -5245,7 +5245,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "d303e292194a0e8071acc4fc72084b83",
+    "unique_content_id": "7139469821dd8eb1d4e020b3ca0d9817",
     "aliases": [
       "CVE-2015-1787",
       "VC-OPENSSL-20150319-CVE-2015-1787"
@@ -5287,7 +5287,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "de7491499e972efb327be2360b1d7cdd",
+    "unique_content_id": "03dc71e42245b992129c91d59ea856b5",
     "aliases": [
       "CVE-2015-1788",
       "VC-OPENSSL-20150611-CVE-2015-1788"
@@ -5365,7 +5365,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "9a43962bbf90922aca933cf9313dd17e",
+    "unique_content_id": "9936f1396e03091544de1459fb088f6a",
     "aliases": [
       "CVE-2015-1789",
       "VC-OPENSSL-20150611-CVE-2015-1789"
@@ -5382,7 +5382,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zg",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze|0.9.8zf"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze|0.9.8zf"
       },
       {
         "package": {
@@ -5443,7 +5443,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "52b243f95587be4795cf1b20e3d32d44",
+    "unique_content_id": "e5468ba9851d97dfed0907c9573420ec",
     "aliases": [
       "CVE-2015-1790",
       "VC-OPENSSL-20150611-CVE-2015-1790"
@@ -5460,7 +5460,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zg",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze|0.9.8zf"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze|0.9.8zf"
       },
       {
         "package": {
@@ -5521,7 +5521,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "7cb208b48e8a1b1a13ace73af9d072f5",
+    "unique_content_id": "c5a3721df374b9f3f7b751b706c83d6a",
     "aliases": [
       "CVE-2015-1791",
       "VC-OPENSSL-20150602-CVE-2015-1791"
@@ -5538,7 +5538,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zg",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze|0.9.8zf"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze|0.9.8zf"
       },
       {
         "package": {
@@ -5599,7 +5599,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "2b161e2cb26f5f69adae525b1bb55be2",
+    "unique_content_id": "a18da80d2bb658b8105913e2803abe21",
     "aliases": [
       "CVE-2015-1792",
       "VC-OPENSSL-20150611-CVE-2015-1792"
@@ -5616,7 +5616,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zg",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze|0.9.8zf"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze|0.9.8zf"
       },
       {
         "package": {
@@ -5677,7 +5677,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "ed7f363c3468e822e0b6f7ff17df2f70",
+    "unique_content_id": "d69142a350ffefea13102e7f459f6b11",
     "aliases": [
       "CVE-2015-1793",
       "VC-OPENSSL-20150709-CVE-2015-1793"
@@ -5731,7 +5731,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "c5e420a14990226a4a83d287ee46ff06",
+    "unique_content_id": "1b2b5e17c7df85a775b568fb8e02e630",
     "aliases": [
       "CVE-2015-1794",
       "VC-OPENSSL-20150811-CVE-2015-1794"
@@ -5773,7 +5773,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "b271421c430e491af8d4ef2a41c18859",
+    "unique_content_id": "499ddc023b80f19d3613eba1f9b452d4",
     "aliases": [
       "CVE-2015-3193",
       "VC-OPENSSL-20151203-CVE-2015-3193"
@@ -5815,7 +5815,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "1e4d05c5d1f49c2c21106fe8bd1741b0",
+    "unique_content_id": "9cebf452b4b6ae5c5bed1ebe5c3b6e6a",
     "aliases": [
       "CVE-2015-3194",
       "VC-OPENSSL-20151203-CVE-2015-3194"
@@ -5869,7 +5869,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "cfa823ad1a1d8f66b8efc7472dfd1803",
+    "unique_content_id": "c60eed4f2a1b2ee05a1e3ed69a8a4728",
     "aliases": [
       "CVE-2015-3195",
       "VC-OPENSSL-20151203-CVE-2015-3195"
@@ -5886,7 +5886,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zh",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze|0.9.8zf|0.9.8zg"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze|0.9.8zf|0.9.8zg"
       },
       {
         "package": {
@@ -5947,7 +5947,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "87218d1dec8ba5f20c4fa10ed58a5cbd",
+    "unique_content_id": "cfecc5ae70c825b6069875370ada9ab4",
     "aliases": [
       "CVE-2015-3196",
       "VC-OPENSSL-20151203-CVE-2015-3196"
@@ -6013,7 +6013,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "9f2f59254d29b5dde559974aa39aaab5",
+    "unique_content_id": "6e4e7087192f19428dad6649e47eabb2",
     "aliases": [
       "CVE-2015-3197",
       "VC-OPENSSL-20160128-CVE-2015-3197"
@@ -6067,7 +6067,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "2c5fcff42780eda76107cd4d1d428440",
+    "unique_content_id": "29b10d37e89a5ba0ddf6cca227205bbe",
     "aliases": [
       "CVE-2016-0701",
       "VC-OPENSSL-20160128-CVE-2016-0701"
@@ -6109,7 +6109,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "bedf5abaa9e09cc7e8c88d307af2471d",
+    "unique_content_id": "fd87144af6bfdfbb34b03cfb60885714",
     "aliases": [
       "CVE-2016-0702",
       "VC-OPENSSL-20160301-CVE-2016-0702"
@@ -6163,7 +6163,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "ee14f55b7ca44f25383963f3632f5ce6",
+    "unique_content_id": "32d618eea86c0a08320f380fa0f60ba5",
     "aliases": [
       "CVE-2016-0703",
       "VC-OPENSSL-20160301-CVE-2016-0703"
@@ -6180,7 +6180,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zf",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze"
       },
       {
         "package": {
@@ -6241,7 +6241,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "6e944e4ae9494a92c0524c9385ba57fa",
+    "unique_content_id": "b5c9ee77d2e61d6bce8e381418c49775",
     "aliases": [
       "CVE-2016-0704",
       "VC-OPENSSL-20160301-CVE-2016-0704"
@@ -6258,7 +6258,7 @@
           "qualifiers": null
         },
         "fixed_version": "0.9.8zf",
-        "affected_version_range": "vers:openssl/0.9.8|0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze"
+        "affected_version_range": "vers:openssl/0.9.8|0.9.8a|0.9.8b|0.9.8c|0.9.8d|0.9.8e|0.9.8f|0.9.8g|0.9.8h|0.9.8i|0.9.8j|0.9.8k|0.9.8l|0.9.8m|0.9.8n|0.9.8o|0.9.8p|0.9.8q|0.9.8r|0.9.8s|0.9.8t|0.9.8u|0.9.8v|0.9.8w|0.9.8x|0.9.8y|0.9.8za|0.9.8zb|0.9.8zc|0.9.8zd|0.9.8ze"
       },
       {
         "package": {
@@ -6319,7 +6319,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "13ae8b30193d6ec8c136c984be9e3a10",
+    "unique_content_id": "85f00fc8910d39d925b05c3764761fda",
     "aliases": [
       "CVE-2016-0705",
       "VC-OPENSSL-20160301-CVE-2016-0705"
@@ -6373,7 +6373,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "7e09aafeb92ce8fe7c521a686d0512c7",
+    "unique_content_id": "1dc54e96259c0b4016e908db390127ea",
     "aliases": [
       "CVE-2016-0797",
       "VC-OPENSSL-20160301-CVE-2016-0797"
@@ -6427,7 +6427,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "3e39295eed09f594d800182719c7e7a9",
+    "unique_content_id": "963ed371a547a8ecacb84c43182591c7",
     "aliases": [
       "CVE-2016-0798",
       "VC-OPENSSL-20160301-CVE-2016-0798"
@@ -6481,7 +6481,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "7fce5880e666dd07fdb5d065d290c66c",
+    "unique_content_id": "2f343a5d67f0ffadbb63491f8fa5aeac",
     "aliases": [
       "CVE-2016-0799",
       "VC-OPENSSL-20160301-CVE-2016-0799"
@@ -6535,7 +6535,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "cb36123362fb740570fed49d206977ea",
+    "unique_content_id": "da8f3e3ae9944ddfae28d695573afe15",
     "aliases": [
       "CVE-2016-0800",
       "VC-OPENSSL-20160301-CVE-2016-0800"
@@ -6589,7 +6589,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "5e8d51c166acf64b3a4b36c12e9e3887",
+    "unique_content_id": "0769d373a4bf4f1b5e886fb44b4fbb6b",
     "aliases": [
       "CVE-2016-2105",
       "VC-OPENSSL-20160503-CVE-2016-2105"
@@ -6643,7 +6643,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "af86c5d45b8bc400e35ba954b77e1ab8",
+    "unique_content_id": "62ec074a18f7ad176ead9b8bc9e974f3",
     "aliases": [
       "CVE-2016-2106",
       "VC-OPENSSL-20160503-CVE-2016-2106"
@@ -6697,7 +6697,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "3bc6a5d23c3f0c13e5cb6ba7511b77fa",
+    "unique_content_id": "bb9535d07c6cfb30db0cd50bdb07d2cc",
     "aliases": [
       "CVE-2016-2107",
       "VC-OPENSSL-20160503-CVE-2016-2107"
@@ -6756,7 +6756,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "6f28891b48e529b6181ac053a2dd6831",
+    "unique_content_id": "1850da5e99cf8b02129a8e2603d60b42",
     "aliases": [
       "CVE-2016-2108",
       "VC-OPENSSL-20160503-CVE-2016-2108"
@@ -6810,7 +6810,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "31da6300c54771768dfbbb493c0ea012",
+    "unique_content_id": "e850a8435cc102536aa5a057374f9cf7",
     "aliases": [
       "CVE-2016-2109",
       "VC-OPENSSL-20160503-CVE-2016-2109"
@@ -6864,7 +6864,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "3e9c33c7fa8c5395fdd5bbcbfa22873f",
+    "unique_content_id": "7d87ec7560cd85386eba31927b69c463",
     "aliases": [
       "CVE-2016-2176",
       "VC-OPENSSL-20160503-CVE-2016-2176"
@@ -6918,7 +6918,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "f7aaf96e395a2dba4c36c673c22434f8",
+    "unique_content_id": "f12de39281bd5bbfcd10961a98aa81ed",
     "aliases": [
       "CVE-2016-2177",
       "VC-OPENSSL-20160601-CVE-2016-2177"
@@ -6972,7 +6972,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "22c52099d0acc1a49228c3dd25b79942",
+    "unique_content_id": "ab632c6e826f86f31e6ccea92387c8fd",
     "aliases": [
       "CVE-2016-2178",
       "VC-OPENSSL-20160607-CVE-2016-2178"
@@ -7026,7 +7026,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "268776bd9394c0ecb7509b7b3bcb2d7b",
+    "unique_content_id": "da6fb0b222d49bcccfec974863f2fcd5",
     "aliases": [
       "CVE-2016-2179",
       "VC-OPENSSL-20160822-CVE-2016-2179"
@@ -7090,7 +7090,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "dbb52bd196ca767a28c425e5ee363dee",
+    "unique_content_id": "d7735d10774397454987db11509a61b5",
     "aliases": [
       "CVE-2016-2180",
       "VC-OPENSSL-20160722-CVE-2016-2180"
@@ -7144,7 +7144,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "3dd39a452b071637a8d0a9c68425d6c3",
+    "unique_content_id": "2d80c368482391acb5d5033b14d04f86",
     "aliases": [
       "CVE-2016-2181",
       "VC-OPENSSL-20160819-CVE-2016-2181"
@@ -7208,7 +7208,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "19e7d92bb3814220b6d76331a3f61dfa",
+    "unique_content_id": "6d3b00dd9dc50234040a8af0f1186b67",
     "aliases": [
       "CVE-2016-2182",
       "VC-OPENSSL-20160816-CVE-2016-2182"
@@ -7262,7 +7262,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "021d94c11f04ee1e3c8ebb30430ecea8",
+    "unique_content_id": "9eb00e0225eaa9e1a415784e14c8ad78",
     "aliases": [
       "CVE-2016-2183",
       "VC-OPENSSL-20160824-CVE-2016-2183"
@@ -7304,7 +7304,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "4a1ed8b07b630922c9abd2cb9dd11e89",
+    "unique_content_id": "957fa01a25c036afc697e167f59fc561",
     "aliases": [
       "CVE-2016-6302",
       "VC-OPENSSL-20160823-CVE-2016-6302"
@@ -7368,7 +7368,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "1c88b59c666122ca095dc7d316ee96ed",
+    "unique_content_id": "beb28727ae6c03e47591b6dd671d5af0",
     "aliases": [
       "CVE-2016-6303",
       "VC-OPENSSL-20160824-CVE-2016-6303"
@@ -7432,7 +7432,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "9b901055857e8309bf9660758966d368",
+    "unique_content_id": "d765b82550d6383724d8b08c6ce5fad6",
     "aliases": [
       "CVE-2016-6304",
       "VC-OPENSSL-20160922-CVE-2016-6304"
@@ -7513,7 +7513,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "2419ffdc30aaa2a3d1201eb4a4619971",
+    "unique_content_id": "59f100f6c572376fc83b7a6966c39316",
     "aliases": [
       "CVE-2016-6305",
       "VC-OPENSSL-20160922-CVE-2016-6305"
@@ -7560,7 +7560,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "40a04f9bb1e95d0ac60574cc03f03aac",
+    "unique_content_id": "e1d59abfe83dcd79256041760fa5e6a1",
     "aliases": [
       "CVE-2016-6306",
       "VC-OPENSSL-20160921-CVE-2016-6306"
@@ -7624,7 +7624,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "2e25b2d69f1eab45b1b7029e6b422eda",
+    "unique_content_id": "7de828ad43d26f980e17be459fcbf508",
     "aliases": [
       "CVE-2016-6307",
       "VC-OPENSSL-20160921-CVE-2016-6307"
@@ -7671,7 +7671,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "123af7e3199e4cb96b82e6b7b4147c83",
+    "unique_content_id": "18ea209a74f818d8eddc3773527de32f",
     "aliases": [
       "CVE-2016-6308",
       "VC-OPENSSL-20160921-CVE-2016-6308"
@@ -7718,7 +7718,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "c9b2f175fc6014ed75090aa3ac346d07",
+    "unique_content_id": "08b2c4f720bf212cede677abc3c29257",
     "aliases": [
       "CVE-2016-6309",
       "VC-OPENSSL-20160926-CVE-2016-6309"
@@ -7765,7 +7765,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "0ca838fe0ecd5347bfe4810743c68d76",
+    "unique_content_id": "66ceb8d64d0862daf9876ff9f314d3a8",
     "aliases": [
       "CVE-2016-7052",
       "VC-OPENSSL-20160926-CVE-2016-7052"
@@ -7812,7 +7812,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "977753740957f22482446fa804b3bacb",
+    "unique_content_id": "863e9daf4b7fb1fa65f092097d927b01",
     "aliases": [
       "CVE-2016-7053",
       "VC-OPENSSL-20161110-CVE-2016-7053"
@@ -7859,7 +7859,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "a1787d390b904122cf68f1fcd7cbf49d",
+    "unique_content_id": "deef3c2b09226cd8f4b437de4583fc8a",
     "aliases": [
       "CVE-2016-7054",
       "VC-OPENSSL-20161110-CVE-2016-7054"
@@ -7906,7 +7906,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "b29e4e1444a95c4ac89b67825960fc30",
+    "unique_content_id": "66a0792e56194e47f82fae11d6255d05",
     "aliases": [
       "CVE-2016-7055",
       "VC-OPENSSL-20161110-CVE-2016-7055"
@@ -7970,7 +7970,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "6ac9a30b63d9120bac06625f40f7793e",
+    "unique_content_id": "1257c676289937b36f5d2108648aa3c0",
     "aliases": [
       "CVE-2017-3730",
       "VC-OPENSSL-20170126-CVE-2017-3730"
@@ -8017,7 +8017,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "d87ae57ff551a38e03041e9e46c46132",
+    "unique_content_id": "6491e9cfab3dec8123d3aee6e89a1e4c",
     "aliases": [
       "CVE-2017-3731",
       "VC-OPENSSL-20170126-CVE-2017-3731"
@@ -8081,7 +8081,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "108b4958e52639140053033741fd5922",
+    "unique_content_id": "94d9b647625526207b1170579fe114ee",
     "aliases": [
       "CVE-2017-3732",
       "VC-OPENSSL-20170126-CVE-2017-3732"
@@ -8145,7 +8145,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "5f038662b9b3c70c751f11672fb4fbcb",
+    "unique_content_id": "c47bb58f511a041ef652d94b7a62e96a",
     "aliases": [
       "CVE-2017-3733",
       "VC-OPENSSL-20170216-CVE-2017-3733"
@@ -8192,7 +8192,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "9737708961f378dfee3d47ed43884c11",
+    "unique_content_id": "e33cfef9b51b5225eb26f72046bdd88a",
     "aliases": [
       "CVE-2017-3735",
       "VC-OPENSSL-20170828-CVE-2017-3735"
@@ -8256,7 +8256,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "c3b257e295a5600543dae25d04aa42cd",
+    "unique_content_id": "a0376bb1029a64b0c441b382b0fc10d7",
     "aliases": [
       "CVE-2017-3736",
       "VC-OPENSSL-20171102-CVE-2017-3736"
@@ -8320,7 +8320,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "d394c4e4bd822d903834d7a3c71998ea",
+    "unique_content_id": "7f6602c99d1157581bfb940ee8fc98ca",
     "aliases": [
       "CVE-2017-3737",
       "VC-OPENSSL-20171207-CVE-2017-3737"
@@ -8367,7 +8367,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "3982fdafdc98d5aa5b0fb95793d837c5",
+    "unique_content_id": "6c0222fbe71b5121b9bef2261995af9d",
     "aliases": [
       "CVE-2017-3738",
       "VC-OPENSSL-20171207-CVE-2017-3738"
@@ -8431,7 +8431,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "0c0f3d9f673e7dfd17d5af9ab52a527f",
+    "unique_content_id": "a96966e3c61aceb6386d67ac201d8390",
     "aliases": [
       "CVE-2018-0732",
       "VC-OPENSSL-20180612-CVE-2018-0732"
@@ -8495,7 +8495,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "8a42bdb4244b87a07381796eac77b5dd",
+    "unique_content_id": "ae3bd51bfa1e31be36738d0e29e93a2e",
     "aliases": [
       "CVE-2018-0733",
       "VC-OPENSSL-20180327-CVE-2018-0733"
@@ -8542,7 +8542,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "e5db72eef7ab0c3c1c4ab2adc4153b7c",
+    "unique_content_id": "8b3bce19cf02f247591caf325d89d215",
     "aliases": [
       "CVE-2018-0734",
       "VC-OPENSSL-20181030-CVE-2018-0734"
@@ -8623,7 +8623,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "4f357adf49d7aaff448007329cef90e5",
+    "unique_content_id": "8518ca2489a47ef2cf102f6416de41f3",
     "aliases": [
       "CVE-2018-0735",
       "VC-OPENSSL-20181029-CVE-2018-0735"
@@ -8687,7 +8687,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "5b894b1f146925555f16167269e3d1ac",
+    "unique_content_id": "5a7f232a039d11c8d4d0494efd0e82e8",
     "aliases": [
       "CVE-2018-0737",
       "VC-OPENSSL-20180416-CVE-2018-0737"
@@ -8751,7 +8751,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "a4177376d5ba9b5bc5dc22b340e6a75f",
+    "unique_content_id": "61e3c921be4e33fc96986db0728bd8e1",
     "aliases": [
       "CVE-2018-0739",
       "VC-OPENSSL-20180327-CVE-2018-0739"
@@ -8815,7 +8815,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "65578d021077b3ade97c82d30e9cbba1",
+    "unique_content_id": "864dbdf738c6486010c24eeb4749310e",
     "aliases": [
       "CVE-2018-5407",
       "VC-OPENSSL-20181102-CVE-2018-5407"
@@ -8879,7 +8879,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "5a72ce027e8c589dad30c281fd761d75",
+    "unique_content_id": "8d6e59f72477e382d4d7cf3719f7c14f",
     "aliases": [
       "CVE-2019-1543",
       "VC-OPENSSL-20190306-CVE-2019-1543"
@@ -8943,7 +8943,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "fcfcf197a9c4bad6a8dd3ffe15818f12",
+    "unique_content_id": "1ef424b4b76f2e73bc1420addbcde819",
     "aliases": [
       "CVE-2019-1547",
       "VC-OPENSSL-20190910-CVE-2019-1547"
@@ -9024,7 +9024,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "ec00d8bb72ac0b7f1de849bce460731c",
+    "unique_content_id": "6ac66867cc9431e75c150bc148f86875",
     "aliases": [
       "CVE-2019-1549",
       "VC-OPENSSL-20190910-CVE-2019-1549"
@@ -9071,7 +9071,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "42a4c402937fed3e5a602fc384f29de3",
+    "unique_content_id": "f928e41276994ebd553ffe76eb2814eb",
     "aliases": [
       "CVE-2019-1551",
       "VC-OPENSSL-20191206-CVE-2019-1551"
@@ -9135,7 +9135,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "619b9f78d7b4b1f7b86692e6667e630c",
+    "unique_content_id": "d25f2e8d4595bf84a7ee8731184f3f5f",
     "aliases": [
       "CVE-2019-1552",
       "VC-OPENSSL-20190730-CVE-2019-1552"
@@ -9221,7 +9221,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "63919a30984ae536d613016bee191b5a",
+    "unique_content_id": "4974ffd7cd1f28b6fc5dfadf8a18584f",
     "aliases": [
       "CVE-2019-1559",
       "VC-OPENSSL-20190226-CVE-2019-1559"
@@ -9268,7 +9268,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "baef276b71e733ed8313ded9ff93ff86",
+    "unique_content_id": "4716e39df8807a519a0e67931903a6c9",
     "aliases": [
       "CVE-2019-1563",
       "VC-OPENSSL-20190910-CVE-2019-1563"
@@ -9349,7 +9349,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "f2f8bab6941d4e702c466afaf4d63566",
+    "unique_content_id": "6c75b39a8a9a042d4185911d2e5f75d3",
     "aliases": [
       "CVE-2020-1967",
       "VC-OPENSSL-20200421-CVE-2020-1967"
@@ -9396,7 +9396,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "5d5c7aa4c1296dba54969e2f85a8f85d",
+    "unique_content_id": "d0eedab349afba4d8b95ddf18f481b78",
     "aliases": [
       "CVE-2020-1968",
       "VC-OPENSSL-20200909-CVE-2020-1968"
@@ -9413,7 +9413,7 @@
           "qualifiers": null
         },
         "fixed_version": "1.0.2w",
-        "affected_version_range": "vers:openssl/1.0.2|1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u"
+        "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2v"
       }
     ],
     "references": [
@@ -9438,7 +9438,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "4eca1baa3ab7532afce3f199f004c008",
+    "unique_content_id": "39fe509567f47435e101e5abdada4669",
     "aliases": [
       "CVE-2020-1971",
       "VC-OPENSSL-20201208-CVE-2020-1971"
@@ -9467,7 +9467,7 @@
           "qualifiers": null
         },
         "fixed_version": "1.0.2x",
-        "affected_version_range": "vers:openssl/1.0.2|1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2w"
+        "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2v|1.0.2w"
       }
     ],
     "references": [
@@ -9502,7 +9502,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "f0110a9eed5251b83bc81a5735b0561b",
+    "unique_content_id": "30d957ea49d00ed4a7e222324dfc677b",
     "aliases": [
       "CVE-2021-23839",
       "VC-OPENSSL-20210216-CVE-2021-23839"
@@ -9519,7 +9519,7 @@
           "qualifiers": null
         },
         "fixed_version": "1.0.2y",
-        "affected_version_range": "vers:openssl/1.0.2|1.0.2s|1.0.2t|1.0.2u|1.0.2w|1.0.2x"
+        "affected_version_range": "vers:openssl/1.0.2s|1.0.2t|1.0.2u|1.0.2v|1.0.2w|1.0.2x"
       }
     ],
     "references": [
@@ -9549,7 +9549,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "7195f653a74059978ec045dd4558d4d1",
+    "unique_content_id": "24323035c226f5b48308ac892b46b31e",
     "aliases": [
       "CVE-2021-23840",
       "VC-OPENSSL-20210216-CVE-2021-23840"
@@ -9578,7 +9578,7 @@
           "qualifiers": null
         },
         "fixed_version": "1.0.2y",
-        "affected_version_range": "vers:openssl/1.0.2|1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2w|1.0.2x"
+        "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2v|1.0.2w|1.0.2x"
       }
     ],
     "references": [
@@ -9613,7 +9613,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "2a04eb07243878ddd179d5779cf4fd32",
+    "unique_content_id": "aaaf0d0b2dd969842037a7587c3b67d9",
     "aliases": [
       "CVE-2021-23841",
       "VC-OPENSSL-20210216-CVE-2021-23841"
@@ -9642,7 +9642,7 @@
           "qualifiers": null
         },
         "fixed_version": "1.0.2y",
-        "affected_version_range": "vers:openssl/1.0.2|1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2w|1.0.2x"
+        "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2v|1.0.2w|1.0.2x"
       }
     ],
     "references": [
@@ -9677,7 +9677,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "b13223184b6b68b231a91e49ef3ee757",
+    "unique_content_id": "145d1fc0167313f0278c27a6a09b2daf",
     "aliases": [
       "CVE-2021-3449",
       "VC-OPENSSL-20210325-CVE-2021-3449"
@@ -9724,7 +9724,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "c64723c0cebca9d2e3ed32708d0afd26",
+    "unique_content_id": "dc1fb237d90697b412a9ff818912208d",
     "aliases": [
       "CVE-2021-3450",
       "VC-OPENSSL-20210325-CVE-2021-3450"
@@ -9771,7 +9771,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "8e2e7b2bccf583aa4f73640981f9f28c",
+    "unique_content_id": "af64a082583509cb9410953814d2d6b7",
     "aliases": [
       "CVE-2021-3711",
       "VC-OPENSSL-20210824-CVE-2021-3711"
@@ -9818,7 +9818,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "9bba434e660f689b603eba45f564f36b",
+    "unique_content_id": "4d8007e11fe07d31e9dabb993de9b576",
     "aliases": [
       "CVE-2021-3712",
       "VC-OPENSSL-20210824-CVE-2021-3712"
@@ -9847,7 +9847,7 @@
           "qualifiers": null
         },
         "fixed_version": "1.0.2za",
-        "affected_version_range": "vers:openssl/1.0.2|1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2w|1.0.2x|1.0.2y"
+        "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2v|1.0.2w|1.0.2x|1.0.2y"
       }
     ],
     "references": [
@@ -9882,7 +9882,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "2d60663dd3dcc1196b6957d86e64528a",
+    "unique_content_id": "50952c3cc45de09ece3bc15d9d138505",
     "aliases": [
       "CVE-2021-4044",
       "VC-OPENSSL-20211214-CVE-2021-4044"
@@ -9929,7 +9929,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "7e6fa0286e37a5ab70e652291081bd09",
+    "unique_content_id": "f675e3afc0174f3cf01a1c64cad1630a",
     "aliases": [
       "CVE-2021-4160",
       "VC-OPENSSL-20220128-CVE-2021-4160"
@@ -9969,8 +9969,8 @@
           "namespace": null,
           "qualifiers": null
         },
-        "fixed_version": "1.0.2zc-de",
-        "affected_version_range": "vers:openssl/1.0.2|1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2w|1.0.2x|1.0.2y|1.0.2za|1.0.2zb"
+        "fixed_version": "1.0.2zc-dev",
+        "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2v|1.0.2w|1.0.2x|1.0.2y|1.0.2za|1.0.2zb"
       }
     ],
     "references": [
@@ -10010,7 +10010,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "46263e25471907426341354aed6dc237",
+    "unique_content_id": "f5bb0b278e9b30b154a09d0b11eb66c9",
     "aliases": [
       "CVE-2022-0778",
       "VC-OPENSSL-20220315-CVE-2022-0778"
@@ -10051,7 +10051,7 @@
           "qualifiers": null
         },
         "fixed_version": "1.0.2zd",
-        "affected_version_range": "vers:openssl/1.0.2|1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2w|1.0.2x|1.0.2y|1.0.2za|1.0.2zb|1.0.2zc"
+        "affected_version_range": "vers:openssl/1.0.2|1.0.2a|1.0.2b|1.0.2c|1.0.2d|1.0.2e|1.0.2f|1.0.2g|1.0.2h|1.0.2i|1.0.2j|1.0.2k|1.0.2l|1.0.2m|1.0.2n|1.0.2o|1.0.2p|1.0.2q|1.0.2r|1.0.2s|1.0.2t|1.0.2u|1.0.2v|1.0.2w|1.0.2x|1.0.2y|1.0.2za|1.0.2zb|1.0.2zc"
       }
     ],
     "references": [
diff --git a/vulnerabilities/tests/test_data/oss_fuzz/oss-fuzz-data1.yaml b/vulnerabilities/tests/test_data/oss_fuzz/oss-fuzz-data1.yaml
new file mode 100644
index 000000000..dbe1a8a08
--- /dev/null
+++ b/vulnerabilities/tests/test_data/oss_fuzz/oss-fuzz-data1.yaml
@@ -0,0 +1,41 @@
+id: OSV-2021-933
+summary: Heap-buffer-overflow in print_mac
+details: |
+  OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887
+
+  ```
+  Crash type: Heap-buffer-overflow WRITE 4
+  Crash state:
+  print_mac
+  log_packet
+  dhcp_reply
+  ```
+modified: '2022-04-13T03:04:31.143462Z'
+published: '2021-07-08T00:01:26.369555Z'
+references:
+- type: REPORT
+  url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887
+affected:
+- package:
+    name: dnsmasq
+    ecosystem: OSS-Fuzz
+  ranges:
+  - type: GIT
+    repo: git://thekelleys.org.uk/dnsmasq.git
+    events:
+    - introduced: 96f6444958c29a670f4254722d787f328153605c
+    - fixed: d242cbffa4f20c9f7472f79b3a9e47008b6fe77c
+  versions:
+  - v2.86
+  - v2.86rc1
+  - v2.86rc2
+  - v2.86rc3
+  - v2.86test5
+  - v2.86test6
+  - v2.86test7
+  - v2.87test1
+  - v2.87test2
+  - v2.87test3
+  - v2.87test4
+  ecosystem_specific:
+    severity: HIGH
diff --git a/vulnerabilities/tests/test_data/oss_fuzz/oss-fuzz-data1.yaml-expected.json b/vulnerabilities/tests/test_data/oss_fuzz/oss-fuzz-data1.yaml-expected.json
new file mode 100644
index 000000000..4b7914971
--- /dev/null
+++ b/vulnerabilities/tests/test_data/oss_fuzz/oss-fuzz-data1.yaml-expected.json
@@ -0,0 +1,20 @@
+{
+  "aliases": [
+    "OSV-2021-933"
+  ],
+  "summary": "Heap-buffer-overflow in print_mac\nOSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887\n\n```\nCrash type: Heap-buffer-overflow WRITE 4\nCrash state:\nprint_mac\nlog_packet\ndhcp_reply\n```",
+  "affected_packages": [
+
+  ],
+  "references": [
+    {
+      "reference_id": "",
+      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887",
+      "severities": [
+
+      ]
+    }
+  ],
+  "date_published": "2021-07-08T00:01:26.369555+00:00",
+  "weaknesses": []
+}
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/oss_fuzz/oss-fuzz-data2.yaml b/vulnerabilities/tests/test_data/oss_fuzz/oss-fuzz-data2.yaml
new file mode 100644
index 000000000..cff7c1fec
--- /dev/null
+++ b/vulnerabilities/tests/test_data/oss_fuzz/oss-fuzz-data2.yaml
@@ -0,0 +1,33 @@
+id: OSV-2022-145
+summary: Heap-buffer-overflow in print_mac
+details: |
+  OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44581
+
+  ```
+  Crash type: Heap-buffer-overflow WRITE 4
+  Crash state:
+  print_mac
+  log_packet
+  dhcp_reply
+  ```
+modified: '2022-04-13T03:04:31.179893Z'
+published: '2022-02-13T00:01:27.883603Z'
+references:
+- type: REPORT
+  url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44581
+affected:
+- package:
+    name: dnsmasq
+    ecosystem: OSS-Fuzz
+    purl: pkg:generic/dnsmasq
+  ranges:
+  - type: GIT
+    repo: git://thekelleys.org.uk/dnsmasq.git
+    events:
+    - introduced: e426c2d3bc182d790f83039b77a09d55230ca71f
+    - fixed: 03345ecefeb0d82e3c3a4c28f27c3554f0611b39
+  versions:
+  - v2.87test8
+  ecosystem_specific:
+    severity: HIGH
+schema_version: 1.2.0
diff --git a/vulnerabilities/tests/test_data/oss_fuzz/oss-fuzz-data2.yaml-expected.json b/vulnerabilities/tests/test_data/oss_fuzz/oss-fuzz-data2.yaml-expected.json
new file mode 100644
index 000000000..a197ab4d4
--- /dev/null
+++ b/vulnerabilities/tests/test_data/oss_fuzz/oss-fuzz-data2.yaml-expected.json
@@ -0,0 +1,20 @@
+{
+  "aliases": [
+    "OSV-2022-145"
+  ],
+  "summary": "Heap-buffer-overflow in print_mac\nOSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44581\n\n```\nCrash type: Heap-buffer-overflow WRITE 4\nCrash state:\nprint_mac\nlog_packet\ndhcp_reply\n```",
+  "affected_packages": [
+
+  ],
+  "references": [
+    {
+      "reference_id": "",
+      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44581",
+      "severities": [
+
+      ]
+    }
+  ],
+  "date_published": "2022-02-13T00:01:27.883603+00:00",
+  "weaknesses": []
+}
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/parse-advisory-npm-expected.json b/vulnerabilities/tests/test_data/parse-advisory-npm-expected.json
index 938f92152..ea3a94dff 100644
--- a/vulnerabilities/tests/test_data/parse-advisory-npm-expected.json
+++ b/vulnerabilities/tests/test_data/parse-advisory-npm-expected.json
@@ -54,6 +54,6 @@
       }
     ],
     "date_published": "2016-10-27T00:00:00+00:00",
-     "weaknesses": []
+    "weaknesses": []
   }
 ]
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/pysec/pysec-advisories_with_cwe-expected.json b/vulnerabilities/tests/test_data/pysec/pysec-advisories_with_cwe-expected.json
new file mode 100644
index 000000000..7bf695d39
--- /dev/null
+++ b/vulnerabilities/tests/test_data/pysec/pysec-advisories_with_cwe-expected.json
@@ -0,0 +1,124 @@
+{
+  "aliases": [
+    "CVE-2022-24840",
+    "GHSA-4w8f-hjm9-xwgf"
+  ],
+  "summary": "Path Traversal in django-s3file\n### Impact\n\nIt was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files.\nThe issue was discovered by the maintainer. There were no reports of the vulnerability\nbeing known to or exploited by a third party, before the release of the patch.\n\nIf the `AWS_LOCATION` setting was set, traversal was limited to that location only.\nIf all your files handling views (like form views) require authentication or special permission, the thread is limited to privileged users.\n\n### Patches\n\nThe vulnerability has been fixed in version 5.5.1 and above.\n\n### Workarounds\n\nThere is no feasible workaround. We must urge all users to immediately updated to a patched version.\n\n### Detailed attack vector description\n\nAn attacker may use a request with malicious form data to traverse the entire AWS S3 bucket and perform destructive operations.\n\nAn attack could look as follows:\n```bash\ncurl -X POST -F \"s3file=file\" -F \"file=/priviliged/location/secrets.txt\" https://www.example.com/any/path/will/work/\n```\n\nThis will result in a request with files set and opened:\n\n```python\n>>> request.FILES.getlist(\"file\")\n[File(\"/priviliged/location/secrets.txt\")]\n```\n\nSince this behavior is injected via a middleware, any view can be called this way and will carry any files defined by the attacker.\n\nVia the `s3file` form field, any input name can be specified, including multiple inputs. For each input, multiple files can be freely\npicked of the S3 bucket.\n\n#### Scenarios and their practicality\n\nThere are four scenarios that would be considered practical in most setups:\n\n1. Illegal file injection,\n2. file deletion,\n3. file retrieval & tree traversal.\n4. code injection & remote code execution.\n\n##### File deletion\n\nAn attacker knows the location of a privileged file, like a static asset. Next, the file is injected into a form view. The upload to function will move the file to a new location. This is effectively deleting the file, since the previous references to it are invalid, and will cause S3 to return a 404. Furthermore, the new location is unknown to the site operator.\n\n##### File retrieval & tree traversal\n\nAn attacker knows the URL of a secret file and injects it into a form view. The view will move the file to a public location, making it accessible to the attacker. Since most form views will not be rate limited, this could also be used to guess files and traverse the file tree.\n\n##### Illegal file injection\n\nAn attacker uses any form to upload a file to the temporary upload location. Next, the attacker injects that file into a request, does not validate the contents or is not equipped to handle the mime type. The latter could be used as a potential DOS vector.\n\nIn practice, this is not a practical risk in most hardened setup. Files should always be sanitized before processing, since files can be included in a request even without this security issues.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue on [GitHub](https://github.com/codingjoe/django-s3file/issues)\n* Email us at [johannes@maron.family](mailto:johannes@maron.family)",
+  "affected_packages": [
+    {
+      "package": {
+        "type": "pypi",
+        "namespace": null,
+        "name": "django-s3file",
+        "version": null,
+        "qualifiers": null,
+        "subpath": null
+      },
+      "affected_version_range": null,
+      "fixed_version": "5.5.1"
+    }
+  ],
+  "references": [
+    {
+      "reference_id": "",
+      "url": "https://github.com/codingjoe/django-s3file/security/advisories/GHSA-4w8f-hjm9-xwgf",
+      "severities": [
+        {
+          "system": "cvssv3.1",
+          "value": "9.1",
+          "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
+        },
+        {
+          "system": "generic_textual",
+          "value": "CRITICAL",
+          "scoring_elements": ""
+        }
+      ]
+    },
+    {
+      "reference_id": "",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24840",
+      "severities": [
+        {
+          "system": "cvssv3.1",
+          "value": "9.1",
+          "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
+        },
+        {
+          "system": "generic_textual",
+          "value": "CRITICAL",
+          "scoring_elements": ""
+        }
+      ]
+    },
+    {
+      "reference_id": "",
+      "url": "https://github.com/codingjoe/django-s3file/commit/68ccd2c621a40eb66fdd6af2be9d5fcc9c373318",
+      "severities": [
+        {
+          "system": "cvssv3.1",
+          "value": "9.1",
+          "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
+        },
+        {
+          "system": "generic_textual",
+          "value": "CRITICAL",
+          "scoring_elements": ""
+        }
+      ]
+    },
+    {
+      "reference_id": "",
+      "url": "https://github.com/codingjoe/django-s3file",
+      "severities": [
+        {
+          "system": "cvssv3.1",
+          "value": "9.1",
+          "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
+        },
+        {
+          "system": "generic_textual",
+          "value": "CRITICAL",
+          "scoring_elements": ""
+        }
+      ]
+    },
+    {
+      "reference_id": "",
+      "url": "https://github.com/codingjoe/django-s3file/releases/tag/5.5.1",
+      "severities": [
+        {
+          "system": "cvssv3.1",
+          "value": "9.1",
+          "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
+        },
+        {
+          "system": "generic_textual",
+          "value": "CRITICAL",
+          "scoring_elements": ""
+        }
+      ]
+    },
+    {
+      "reference_id": "",
+      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-s3file/PYSEC-2022-208.yaml",
+      "severities": [
+        {
+          "system": "cvssv3.1",
+          "value": "9.1",
+          "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
+        },
+        {
+          "system": "generic_textual",
+          "value": "CRITICAL",
+          "scoring_elements": ""
+        }
+      ]
+    }
+  ],
+  "date_published": "2022-06-06T21:24:24+00:00",
+  "weaknesses": [
+    22,
+    96
+  ]
+}
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/pysec/pysec-advisory_with_cwe.json b/vulnerabilities/tests/test_data/pysec/pysec-advisory_with_cwe.json
new file mode 100644
index 000000000..fd2e8a6d2
--- /dev/null
+++ b/vulnerabilities/tests/test_data/pysec/pysec-advisory_with_cwe.json
@@ -0,0 +1,82 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4w8f-hjm9-xwgf",
+  "modified": "2022-06-06T21:24:24Z",
+  "published": "2022-06-06T21:24:24Z",
+  "aliases": [
+    "CVE-2022-24840"
+  ],
+  "summary": "Path Traversal in django-s3file",
+  "details": "### Impact\n\nIt was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files.\nThe issue was discovered by the maintainer. There were no reports of the vulnerability\nbeing known to or exploited by a third party, before the release of the patch.\n\nIf the `AWS_LOCATION` setting was set, traversal was limited to that location only.\nIf all your files handling views (like form views) require authentication or special permission, the thread is limited to privileged users.\n\n### Patches\n\nThe vulnerability has been fixed in version 5.5.1 and above.\n\n### Workarounds\n\nThere is no feasible workaround. We must urge all users to immediately updated to a patched version.\n\n### Detailed attack vector description\n\nAn attacker may use a request with malicious form data to traverse the entire AWS S3 bucket and perform destructive operations.\n\nAn attack could look as follows:\n```bash\ncurl -X POST -F \"s3file=file\" -F \"file=/priviliged/location/secrets.txt\" https://www.example.com/any/path/will/work/\n```\n\nThis will result in a request with files set and opened:\n\n```python\n>>> request.FILES.getlist(\"file\")\n[File(\"/priviliged/location/secrets.txt\")]\n```\n\nSince this behavior is injected via a middleware, any view can be called this way and will carry any files defined by the attacker.\n\nVia the `s3file` form field, any input name can be specified, including multiple inputs. For each input, multiple files can be freely\npicked of the S3 bucket.\n\n#### Scenarios and their practicality\n\nThere are four scenarios that would be considered practical in most setups:\n\n1. Illegal file injection,\n2. file deletion,\n3. file retrieval & tree traversal.\n4. code injection & remote code execution.\n\n##### File deletion\n\nAn attacker knows the location of a privileged file, like a static asset. Next, the file is injected into a form view. The upload to function will move the file to a new location. This is effectively deleting the file, since the previous references to it are invalid, and will cause S3 to return a 404. Furthermore, the new location is unknown to the site operator.\n\n##### File retrieval & tree traversal\n\nAn attacker knows the URL of a secret file and injects it into a form view. The view will move the file to a public location, making it accessible to the attacker. Since most form views will not be rate limited, this could also be used to guess files and traverse the file tree.\n\n##### Illegal file injection\n\nAn attacker uses any form to upload a file to the temporary upload location. Next, the attacker injects that file into a request, does not validate the contents or is not equipped to handle the mime type. The latter could be used as a potential DOS vector.\n\nIn practice, this is not a practical risk in most hardened setup. Files should always be sanitized before processing, since files can be included in a request even without this security issues.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue on [GitHub](https://github.com/codingjoe/django-s3file/issues)\n* Email us at [johannes@maron.family](mailto:johannes@maron.family)\n",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "django-s3file"
+      },
+      "ecosystem_specific": {
+        "affected_functions": [
+          "s3file.forms.S3FileInputMixin",
+          "s3file.forms.S3FileInputMixin.build_attrs",
+          "s3file.middleware.S3FileMiddleware.__call__",
+          "s3file.middleware.S3FileMiddleware.get_files_from_storage"
+        ]
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "5.5.1"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/codingjoe/django-s3file/security/advisories/GHSA-4w8f-hjm9-xwgf"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24840"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/codingjoe/django-s3file/commit/68ccd2c621a40eb66fdd6af2be9d5fcc9c373318"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/codingjoe/django-s3file"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/codingjoe/django-s3file/releases/tag/5.5.1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/django-s3file/PYSEC-2022-208.yaml"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22",
+      "CWE-96"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": true,
+    "github_reviewed_at": "2022-06-06T21:24:24Z",
+    "nvd_published_at": "2022-06-09T04:15:00Z"
+  }
+}
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/redhat/redhat-expected.json b/vulnerabilities/tests/test_data/redhat/redhat-expected.json
index 721eb4575..3e91555de 100644
--- a/vulnerabilities/tests/test_data/redhat/redhat-expected.json
+++ b/vulnerabilities/tests/test_data/redhat/redhat-expected.json
@@ -9,13 +9,7 @@
       {
         "reference_id": 2077736,
         "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077736",
-        "severities": [
-          {
-            "system": "rhbs",
-            "value": "medium",
-            "scoring_elements": ""
-          }
-        ]
+        "severities": []
       },
       {
         "reference_id": "",
@@ -197,35 +191,22 @@
       {
         "reference_id": 2075788,
         "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075788",
-        "severities": [
-          {
-            "system": "rhbs",
-            "value": "medium",
-            "scoring_elements": ""
-          }
-        ]
+        "severities": []
       },
       {
         "reference_id": "RHSA-2022:1439",
         "url": "https://access.redhat.com/errata/RHSA-2022:1439",
-        "severities": [
-          {
-            "system": "rhas",
-            "value": "Important",
-            "scoring_elements": ""
-          }
-        ]
+        "severities": []
       },
       {
         "reference_id": "RHSA-2022:1437",
         "url": "https://access.redhat.com/errata/RHSA-2022:1437",
-        "severities": [
-          {
-            "system": "rhas",
-            "value": "Important",
-            "scoring_elements": ""
-          }
-        ]
+        "severities": []
+      },
+      {
+        "reference_id": "RHSA-2022:1436",
+        "url": "https://access.redhat.com/errata/RHSA-2022:1436",
+        "severities": []
       },
       {
         "reference_id": "",
@@ -240,6 +221,6 @@
       }
     ],
     "date_published": null,
-    "weaknesses": []
+    "weaknesses": [400]
   }
 ]
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/ubuntu-oval-improver-expected.json b/vulnerabilities/tests/test_data/ubuntu-oval-improver-expected.json
new file mode 100644
index 000000000..49fa028eb
--- /dev/null
+++ b/vulnerabilities/tests/test_data/ubuntu-oval-improver-expected.json
@@ -0,0 +1,246 @@
+[
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2016-8703"
+    ],
+    "confidence": 100,
+    "summary": "Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, and CVE-2016-8702.",
+    "affected_purls": [
+      {
+        "type": "deb",
+        "namespace": "ubuntu",
+        "name": "potrace",
+        "version": "1.1.0",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "ubuntu",
+        "name": "potrace",
+        "version": "1.1.1",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "ubuntu",
+        "name": "potrace",
+        "version": "1.1.2",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "ubuntu",
+        "name": "potrace",
+        "version": "1.1.3",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "ubuntu",
+        "name": "potrace",
+        "version": "1.1.4",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "ubuntu",
+        "name": "potrace",
+        "version": "1.1.5",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "ubuntu",
+        "name": "potrace",
+        "version": "1.1.6",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "ubuntu",
+        "name": "potrace",
+        "version": "1.1.7",
+        "qualifiers": null,
+        "subpath": null
+      },
+      {
+        "type": "deb",
+        "namespace": "ubuntu",
+        "name": "potrace",
+        "version": "1.1.8",
+        "qualifiers": null,
+        "subpath": null
+      }
+    ],
+    "fixed_purl": null,
+    "references": [
+      {
+        "reference_id": "",
+        "url": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8703.html",
+        "severities": [
+          {
+            "system": "generic_textual",
+            "value": "Medium",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/",
+        "severities": [
+          {
+            "system": "generic_textual",
+            "value": "Medium",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8703",
+        "severities": [
+          {
+            "system": "generic_textual",
+            "value": "Medium",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2016-8703"
+    ],
+    "confidence": 100,
+    "summary": "Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, and CVE-2016-8702.",
+    "affected_purls": [],
+    "fixed_purl": null,
+    "references": [
+      {
+        "reference_id": "",
+        "url": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8703.html",
+        "severities": [
+          {
+            "system": "generic_textual",
+            "value": "Medium",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/",
+        "severities": [
+          {
+            "system": "generic_textual",
+            "value": "Medium",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8703",
+        "severities": [
+          {
+            "system": "generic_textual",
+            "value": "Medium",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  },
+  {
+    "vulnerability_id": null,
+    "aliases": [
+      "CVE-2016-8860"
+    ],
+    "confidence": 100,
+    "summary": "Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.",
+    "affected_purls": [],
+    "fixed_purl": null,
+    "references": [
+      {
+        "reference_id": "",
+        "url": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8860.html",
+        "severities": [
+          {
+            "system": "generic_textual",
+            "value": "Medium",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "http://www.openwall.com/lists/oss-security/2016/10/18/11",
+        "severities": [
+          {
+            "system": "generic_textual",
+            "value": "Medium",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://blog.torproject.org/blog/tor-0289-released-important-fixes",
+        "severities": [
+          {
+            "system": "generic_textual",
+            "value": "Medium",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8860",
+        "severities": [
+          {
+            "system": "generic_textual",
+            "value": "Medium",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce",
+        "severities": [
+          {
+            "system": "generic_textual",
+            "value": "Medium",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "",
+        "url": "https://trac.torproject.org/projects/tor/ticket/20384",
+        "severities": [
+          {
+            "system": "generic_textual",
+            "value": "Medium",
+            "scoring_elements": ""
+          }
+        ]
+      }
+    ],
+    "weaknesses": []
+  }
+]
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data/vulnerability_status_improver/CVE-2023-35866.json b/vulnerabilities/tests/test_data/vulnerability_status_improver/CVE-2023-35866.json
new file mode 100644
index 000000000..2c88f5722
--- /dev/null
+++ b/vulnerabilities/tests/test_data/vulnerability_status_improver/CVE-2023-35866.json
@@ -0,0 +1,71 @@
+{
+  "dataType": "CVE_RECORD",
+  "dataVersion": 5,
+  "cveMetadata": {
+    "state": "PUBLISHED",
+    "cveId": "CVE-2023-35866",
+    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
+    "assignerShortName": "mitre",
+    "dateUpdated": "2023-06-21T00:00:00",
+    "dateReserved": "2023-06-19T00:00:00",
+    "datePublished": "2023-06-19T00:00:00"
+  },
+  "containers": {
+    "cna": {
+      "providerMetadata": {
+        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
+        "shortName": "mitre",
+        "dateUpdated": "2023-06-21T00:00:00"
+      },
+      "descriptions": [
+        {
+          "lang": "en",
+          "value": "In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes. NOTE: the vendor's position is \"asking the user for their password prior to making any changes to the database settings adds no additional protection against a local attacker.\""
+        }
+      ],
+      "tags": [
+        "disputed"
+      ],
+      "affected": [
+        {
+          "vendor": "n/a",
+          "product": "n/a",
+          "versions": [
+            {
+              "version": "n/a",
+              "status": "affected"
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "url": "https://github.com/keepassxreboot/keepassxc/issues/9391"
+        },
+        {
+          "url": "https://github.com/keepassxreboot/keepassxc/issues/9339"
+        },
+        {
+          "url": "https://github.com/keepassxreboot/keepassxc/issues/9339#issuecomment-1598219482"
+        },
+        {
+          "url": "https://keepassxc.org/docs/#faq-yubikey-2fa"
+        },
+        {
+          "url": "https://medium.com/%40cybercitizen.tech/keepassxc-vulnerability-cve-2023-35866-dc7d447c4903"
+        }
+      ],
+      "problemTypes": [
+        {
+          "descriptions": [
+            {
+              "type": "text",
+              "lang": "en",
+              "description": "n/a"
+            }
+          ]
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/vulnerabilities/tests/test_data_migrations.py b/vulnerabilities/tests/test_data_migrations.py
index 72796ac0f..76e7b4bf8 100644
--- a/vulnerabilities/tests/test_data_migrations.py
+++ b/vulnerabilities/tests/test_data_migrations.py
@@ -568,3 +568,29 @@ def test_removal_of_corrupted_advisory(self):
         # using get_model to avoid circular import
         Advisory = self.apps.get_model("vulnerabilities", "Advisory")
         Advisory.objects.all().count() == 0
+
+
+class RemoveVulnerabilitiesWithEmptyAliases(TestMigrations):
+    app_name = "vulnerabilities"
+    migrate_from = "0040_remove_advisory_date_improved_advisory_date_imported"
+    migrate_to = "0041_remove_vulns_with_empty_aliases"
+
+    def setUpBeforeMigration(self, apps):
+        # using get_model to avoid circular import
+        Vulnerability = apps.get_model("vulnerabilities", "Vulnerability")
+        Alias = apps.get_model("vulnerabilities", "Alias")
+
+        vuln = Vulnerability.objects.create(
+            summary="Corrupted vuln",
+        )
+        vuln.save()
+        vuln = Vulnerability.objects.create(
+            summary="vuln",
+        )
+        vuln.save()
+        Alias.objects.create(alias="CVE-123", vulnerability=vuln)
+
+    def test_removal_of_corrupted_vulns(self):
+        # using get_model to avoid circular import
+        Vulnerability = self.apps.get_model("vulnerabilities", "Vulnerability")
+        Vulnerability.objects.all().count() == 1
diff --git a/vulnerabilities/tests/test_data_source.py b/vulnerabilities/tests/test_data_source.py
index b2f173029..a603ff50c 100644
--- a/vulnerabilities/tests/test_data_source.py
+++ b/vulnerabilities/tests/test_data_source.py
@@ -9,12 +9,23 @@
 
 import os
 import xml.etree.ElementTree as ET
+from unittest.mock import MagicMock
 from unittest.mock import patch
 
+from fetchcode.vcs import VCSResponse
 from packageurl import PackageURL
 
-from vulnerabilities.importer import GitImporter
+from vulnerabilities.importer import Importer
 from vulnerabilities.importer import OvalImporter
+from vulnerabilities.importers.elixir_security import ElixirSecurityImporter
+from vulnerabilities.importers.fireeye import FireyeImporter
+from vulnerabilities.importers.gentoo import GentooImporter
+from vulnerabilities.importers.gitlab import GitLabAPIImporter
+from vulnerabilities.importers.istio import IstioImporter
+from vulnerabilities.importers.mozilla import MozillaImporter
+from vulnerabilities.importers.npm import NpmImporter
+from vulnerabilities.importers.pypa import PyPaImporter
+from vulnerabilities.importers.retiredotnet import RetireDotnetImporter
 from vulnerabilities.oval_parser import OvalParser
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
@@ -35,7 +46,7 @@ class MockOvalImporter(OvalImporter):
     spdx_license_expression = "FOO-BAR"
 
 
-class MockGitImporter(GitImporter):
+class MockGitImporter(Importer):
     spdx_license_expression = "FOO-BAR"
 
 
@@ -83,12 +94,43 @@ def test__collect_pkgs():
     assert found_ubuntu_pkgs == expected_ubuntu_pkgs
 
 
-def clone(self):
-    pass
+@patch("vulnerabilities.importer.fetch_via_vcs")
+def test_git_importer(mock_clone):
+    mock_clone.return_value = VCSResponse(
+        dest_dir="test",
+        vcs_type="git",
+        domain="test",
+    )
+    git_importer = MockGitImporter()
+    git_importer.clone("test-url") == VCSResponse(
+        dest_dir="test",
+        vcs_type="git",
+        domain="test",
+    )
 
 
-@patch("vulnerabilities.importer.GitImporter.clone")
-def test_git_importer(mock_clone):
-    mock_clone.return_value = clone
-    imp = MockGitImporter("test-url")
-    assert imp.repo_url == "test-url"
+def test_git_importer_clone():
+    git_importers = [
+        ElixirSecurityImporter,
+        FireyeImporter,
+        GentooImporter,
+        GitLabAPIImporter,
+        IstioImporter,
+        MozillaImporter,
+        NpmImporter,
+        RetireDotnetImporter,
+        PyPaImporter,
+    ]
+    for git_importer in git_importers:
+        mock_function = MagicMock(
+            return_value=VCSResponse(
+                dest_dir="test",
+                vcs_type="git",
+                domain="test",
+            )
+        )
+        with patch("vulnerabilities.importer.fetch_via_vcs", mock_function) as mock_fetch:
+            with patch.object(VCSResponse, "delete") as mock_delete:
+                list(git_importer().advisory_data())
+                mock_fetch.assert_called_once()
+                mock_delete.assert_called_once()
diff --git a/vulnerabilities/tests/test_debian.py b/vulnerabilities/tests/test_debian.py
index 1ee928f69..ad21ef92a 100644
--- a/vulnerabilities/tests/test_debian.py
+++ b/vulnerabilities/tests/test_debian.py
@@ -11,9 +11,10 @@
 import os
 from unittest.mock import patch
 
-from vulnerabilities.importers.debian import DebianBasicImprover
+from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importers.debian import DebianImporter
 from vulnerabilities.improvers.default import DefaultImprover
+from vulnerabilities.improvers.valid_versions import DebianBasicImprover
 from vulnerabilities.tests import util_tests
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
@@ -30,16 +31,27 @@ def test_debian_importer(mock_response):
     util_tests.check_results_against_json(result, expected_file)
 
 
-@patch("vulnerabilities.importers.debian.DebianImporter.get_response")
+@patch("vulnerabilities.improvers.valid_versions.DebianBasicImprover.get_package_versions")
 def test_debian_improver(mock_response):
-    with open(os.path.join(TEST_DATA, "debian.json")) as f:
-        mock_response.return_value = json.load(f)
-    advisories = list(DebianImporter().advisory_data())
-    result = []
+    advisory_file = os.path.join(TEST_DATA, f"debian-expected.json")
+    with open(advisory_file) as exp:
+        advisories = [AdvisoryData.from_dict(adv) for adv in (json.load(exp))]
+    mock_response.return_value = [
+        "1.1.0",
+        "1.1.1",
+        "1.1.2",
+        "1.1.3",
+        "1.1.4",
+        "1.1.5",
+        "1.1.6",
+        "1.1.7",
+        "1.1.8",
+    ]
     improvers = [DebianBasicImprover(), DefaultImprover()]
+    result = []
     for improver in improvers:
         for advisory in advisories:
-            for data in improver.get_inferences(advisory_data=advisory):
-                result.append(data.to_dict())
+            inference = [data.to_dict() for data in improver.get_inferences(advisory)]
+            result.extend(inference)
     expected_file = os.path.join(TEST_DATA, f"debian-improver-expected.json")
     util_tests.check_results_against_json(result, expected_file)
diff --git a/vulnerabilities/tests/test_debian_oval.py b/vulnerabilities/tests/test_debian_oval.py
index d9a6998c5..b8fb0935b 100644
--- a/vulnerabilities/tests/test_debian_oval.py
+++ b/vulnerabilities/tests/test_debian_oval.py
@@ -7,10 +7,15 @@
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
+import json
 import os
 import xml.etree.ElementTree as ET
+from unittest.mock import patch
 
+from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importers.debian_oval import DebianOvalImporter
+from vulnerabilities.improvers.default import DefaultImprover
+from vulnerabilities.improvers.valid_versions import DebianOvalImprover
 from vulnerabilities.tests import util_tests
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
@@ -27,3 +32,29 @@ def test_debian_oval_importer():
     util_tests.check_results_against_json(
         [advisory.to_dict() for advisory in advsiories], expected_file
     )
+
+
+@patch("vulnerabilities.improvers.valid_versions.DebianOvalImprover.get_package_versions")
+def test_debian_oval_improver(mock_response):
+    advisory_file = os.path.join(TEST_DATA, f"debian-oval-expected.json")
+    with open(advisory_file) as exp:
+        advisories = [AdvisoryData.from_dict(adv) for adv in (json.load(exp))]
+    mock_response.return_value = [
+        "1.1.0",
+        "1.1.1",
+        "1.1.2",
+        "1.1.3",
+        "1.1.4",
+        "1.1.5",
+        "1.1.6",
+        "1.1.7",
+        "1.1.8",
+    ]
+    improvers = [DebianOvalImprover(), DefaultImprover()]
+    result = []
+    for improver in improvers:
+        for advisory in advisories:
+            inference = [data.to_dict() for data in improver.get_inferences(advisory)]
+            result.extend(inference)
+    expected_file = os.path.join(TEST_DATA, f"debian-oval-improver-expected.json")
+    util_tests.check_results_against_json(result, expected_file)
diff --git a/vulnerabilities/tests/test_elixir_security.py b/vulnerabilities/tests/test_elixir_security.py
index 631f44450..611b92cd1 100644
--- a/vulnerabilities/tests/test_elixir_security.py
+++ b/vulnerabilities/tests/test_elixir_security.py
@@ -7,9 +7,14 @@
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
+import json
 import os
+from unittest.mock import patch
 
+from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importers.elixir_security import ElixirSecurityImporter
+from vulnerabilities.improvers.default import DefaultImprover
+from vulnerabilities.improvers.valid_versions import ElixirImprover
 from vulnerabilities.tests import util_tests
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
@@ -21,3 +26,32 @@ def test_elixir_process_file():
     expected_file = os.path.join(TEST_DIR, f"elixir-expected.json")
     result = [data.to_dict() for data in list(ElixirSecurityImporter().process_file(path))]
     util_tests.check_results_against_json(result, expected_file)
+
+
+@patch("vulnerabilities.improvers.valid_versions.ElixirImprover.get_package_versions")
+def test_elixir_improver(mock_response):
+    advisory_file = os.path.join(TEST_DIR, f"elixir-expected.json")
+    with open(advisory_file) as exp:
+        advisories = [AdvisoryData.from_dict(adv) for adv in (json.load(exp))]
+    mock_response.return_value = [
+        "0.1.0",
+        "0.5.6",
+        "0.5.2",
+        "1.1.0",
+        "1.1.1",
+        "1.1.2",
+        "1.1.3",
+        "1.1.4",
+        "1.1.5",
+        "1.1.6",
+        "1.1.7",
+        "1.1.8",
+    ]
+    improvers = [ElixirImprover(), DefaultImprover()]
+    result = []
+    for improver in improvers:
+        for advisory in advisories:
+            inference = [data.to_dict() for data in improver.get_inferences(advisory)]
+            result.extend(inference)
+    expected_file = os.path.join(TEST_DIR, f"elixir-improver-expected.json")
+    util_tests.check_results_against_json(result, expected_file)
diff --git a/vulnerabilities/tests/test_example.py b/vulnerabilities/tests/test_example.py
index 539d3bfb3..0fd99c245 100644
--- a/vulnerabilities/tests/test_example.py
+++ b/vulnerabilities/tests/test_example.py
@@ -79,8 +79,8 @@ def test_import_framework_using_example_importer(self):
     @pytest.mark.django_db(transaction=True)
     def test_improve_framework_using_example_improver(self):
         ImportRunner(ExampleImporter).run()
-        ImproveRunner(DefaultImprover).run()
-        ImproveRunner(ExampleAliasImprover).run()
+        ImproveRunner(improver_class=DefaultImprover).run()
+        ImproveRunner(improver_class=ExampleAliasImprover).run()
 
         assert models.Package.objects.count() == 3
         assert models.PackageRelatedVulnerability.objects.filter(fix=True).count() == 1
diff --git a/vulnerabilities/tests/test_github.py b/vulnerabilities/tests/test_github.py
index 45f43d5c6..0f2e634d5 100644
--- a/vulnerabilities/tests/test_github.py
+++ b/vulnerabilities/tests/test_github.py
@@ -24,8 +24,9 @@
 from vulnerabilities.importer import Reference
 from vulnerabilities.importer import VulnerabilitySeverity
 from vulnerabilities.importers.github import GitHubAPIImporter
-from vulnerabilities.importers.github import GitHubBasicImprover
+from vulnerabilities.importers.github import get_cwes_from_github_advisory
 from vulnerabilities.importers.github import process_response
+from vulnerabilities.improvers.valid_versions import GitHubBasicImprover
 from vulnerabilities.tests.util_tests import VULNERABLECODE_REGEN_TEST_FIXTURES as REGEN
 from vulnerabilities.utils import GitHubTokenError
 
@@ -172,10 +173,12 @@ def valid_versions():
         "6.0.3.4",
         "6.0.3.rc1",
         "6.0.2.rc2",
+        "10.2.8",
+        "10.2.1",
     ]
 
 
-@mock.patch("vulnerabilities.importers.github.GitHubBasicImprover.get_package_versions")
+@mock.patch("vulnerabilities.improvers.valid_versions.GitHubBasicImprover.get_package_versions")
 def test_github_improver(mock_response, regen=REGEN):
     advisory_data = AdvisoryData(
         aliases=["CVE-2022-21831", "GHSA-w749-p3v6-hccq"],
@@ -203,7 +206,27 @@ def test_github_improver(mock_response, regen=REGEN):
                     )
                 ),
                 fixed_version=None,
-            )
+            ),
+            AffectedPackage(
+                package=PackageURL(
+                    type="gem",
+                    namespace=None,
+                    name="activestorage",
+                    version=None,
+                    qualifiers={},
+                    subpath=None,
+                ),
+                affected_version_range=GemVersionRange(
+                    constraints=(
+                        VersionConstraint(
+                            comparator=">=", version=RubygemsVersion(string="10.2.0")
+                        ),
+                        VersionConstraint(
+                            comparator="<=", version=RubygemsVersion(string="10.2.8")
+                        ),
+                    )
+                ),
+            ),
         ],
         references=[
             Reference(
@@ -289,3 +312,24 @@ def test_get_package_versions(mock_response):
     assert PackageURL(type="gem", name="foo") in improver.versions_fetcher_by_purl
     assert PackageURL(type="pypi", name="django") in improver.versions_fetcher_by_purl
     assert PackageURL(type="pypi", name="foo") in improver.versions_fetcher_by_purl
+
+
+def test_get_cwes_from_github_advisory():
+    assert get_cwes_from_github_advisory(
+        {"cwes": {"nodes": [{"cweId": "CWE-502"}, {"cweId": "CWE-770"}]}}
+    ) == [502, 770]
+    assert get_cwes_from_github_advisory(
+        {
+            "cwes": {
+                "nodes": [
+                    {"cweId": "CWE-173"},
+                    {"cweId": "CWE-200"},
+                    {"cweId": "CWE-378"},
+                    {"cweId": "CWE-732"},
+                ]
+            }
+        }
+    ) == [173, 200, 378, 732]
+    assert get_cwes_from_github_advisory(
+        {"cwes": {"nodes": [{"cweId": "CWE-11111111111"}, {"cweId": "CWE-200"}]}}  # invalid cwe-id
+    ) == [200]
diff --git a/vulnerabilities/tests/test_gitlab.py b/vulnerabilities/tests/test_gitlab.py
index bad3eae4f..f0792c75b 100644
--- a/vulnerabilities/tests/test_gitlab.py
+++ b/vulnerabilities/tests/test_gitlab.py
@@ -14,9 +14,9 @@
 import pytest
 
 from vulnerabilities.importer import AdvisoryData
-from vulnerabilities.importers.gitlab import GitLabBasicImprover
 from vulnerabilities.importers.gitlab import parse_gitlab_advisory
 from vulnerabilities.improvers.default import DefaultImprover
+from vulnerabilities.improvers.valid_versions import GitLabBasicImprover
 from vulnerabilities.tests import util_tests
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
@@ -70,7 +70,7 @@ def valid_versions(pkg_type):
     return valid_versions_by_package_type[pkg_type]
 
 
-@mock.patch("vulnerabilities.importers.gitlab.GitLabBasicImprover.get_package_versions")
+@mock.patch("vulnerabilities.improvers.valid_versions.GitLabBasicImprover.get_package_versions")
 @pytest.mark.parametrize("pkg_type", ["maven", "nuget", "gem", "composer", "pypi", "npm"])
 def test_gitlab_improver(mock_response, pkg_type):
     advisory_file = os.path.join(TEST_DATA, f"{pkg_type}-expected.json")
diff --git a/vulnerabilities/tests/test_import_runner.py b/vulnerabilities/tests/test_import_runner.py
index c10e830a9..22648a518 100644
--- a/vulnerabilities/tests/test_import_runner.py
+++ b/vulnerabilities/tests/test_import_runner.py
@@ -10,11 +10,11 @@
 from datetime import datetime
 from datetime import timezone
 
+import pytest
 from univers.version_range import VersionRange
 
 from vulnerabilities import models
 from vulnerabilities.import_runner import ImportRunner
-from vulnerabilities.import_runner import process_advisories
 from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importer import AffectedPackage
 from vulnerabilities.importer import Importer
@@ -44,6 +44,7 @@ def advisory_data(self):
         return ADVISORY_DATAS
 
 
+@pytest.mark.django_db(transaction=True)
 def test_import_runner(db):
     runner = ImportRunner(DummyImporter)
     runner.run()
@@ -52,44 +53,56 @@ def test_import_runner(db):
     assert advisory_datas == ADVISORY_DATAS
 
 
+@pytest.mark.django_db(transaction=True)
 def test_process_advisories_with_no_advisory(db):
-    process_advisories([], "")
+    ImportRunner(DummyImporter).process_advisories([], "")
     assert 0 == models.Advisory.objects.count()
 
 
+@pytest.mark.django_db(transaction=True)
 def test_process_advisories_with_advisories(db):
-    process_advisories(ADVISORY_DATAS, "test_importer")
+    ImportRunner(DummyImporter).process_advisories(ADVISORY_DATAS, "test_importer")
     advisories = models.Advisory.objects.all()
     advisory_datas = [x.to_advisory_data() for x in advisories]
     assert advisory_datas == ADVISORY_DATAS
 
 
+@pytest.mark.django_db(transaction=True)
 def test_process_advisories_idempotency(db):
-    process_advisories(ADVISORY_DATAS, "test_importer")
-    process_advisories(ADVISORY_DATAS, "test_importer")
-    process_advisories(ADVISORY_DATAS, "test_importer")
+    ImportRunner(DummyImporter).process_advisories(ADVISORY_DATAS, "test_importer")
+    ImportRunner(DummyImporter).process_advisories(ADVISORY_DATAS, "test_importer")
+    ImportRunner(DummyImporter).process_advisories(ADVISORY_DATAS, "test_importer")
     advisories = models.Advisory.objects.all()
     advisory_datas = [x.to_advisory_data() for x in advisories]
     assert advisory_datas == ADVISORY_DATAS
 
 
+@pytest.mark.django_db(transaction=True)
 def test_process_advisories_idempotency_with_one_new_advisory(db):
     advisory_datas = ADVISORY_DATAS.copy()
-    process_advisories(advisory_datas, "test_importer")
+    ImportRunner(DummyImporter).process_advisories(advisory_datas, "test_importer")
     advisory_datas.append(
         AdvisoryData(
             aliases=["CVE-2022-1337"],
         )
     )
-    process_advisories(advisory_datas, "test_importer")
+    ImportRunner(DummyImporter).process_advisories(advisory_datas, "test_importer")
     advisories = models.Advisory.objects.all()
     advisory_datas_in_db = [x.to_advisory_data() for x in advisories]
     assert advisory_datas_in_db == advisory_datas
 
 
-def test_process_advisories_idempotency_with_different_importer_names(db):
-    process_advisories(ADVISORY_DATAS, "test_importer_one")
-    process_advisories(ADVISORY_DATAS, "test_importer_two")
+@pytest.mark.django_db(transaction=True)
+def test_process_advisories_idempotency_with_different_importer_names():
+    ImportRunner(DummyImporter).process_advisories(ADVISORY_DATAS, "test_importer_one")
+    ImportRunner(DummyImporter).process_advisories(ADVISORY_DATAS, "test_importer_two")
     advisories = models.Advisory.objects.all()
     advisory_datas = [x.to_advisory_data() for x in advisories]
     assert advisory_datas == ADVISORY_DATAS
+
+
+def test_advisory_summary_clean_up():
+    adv = AdvisoryData(
+        summary="The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\x00' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."
+    )
+    assert "\x00" not in adv.summary
diff --git a/vulnerabilities/tests/test_improve_runner.py b/vulnerabilities/tests/test_improve_runner.py
index 1d425b211..632b6dab6 100644
--- a/vulnerabilities/tests/test_improve_runner.py
+++ b/vulnerabilities/tests/test_improve_runner.py
@@ -7,9 +7,30 @@
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
+from collections import Counter
+
 import pytest
+from django.utils import timezone
+from packageurl import PackageURL
+from pytest_django.asserts import assertQuerysetEqual
 
+from vulnerabilities.importer import Reference
 from vulnerabilities.improve_runner import create_valid_vulnerability_reference
+from vulnerabilities.improve_runner import create_vulnerability_and_add_aliases
+from vulnerabilities.improve_runner import get_or_create_vulnerability_and_aliases
+from vulnerabilities.improve_runner import get_vulns_for_aliases_and_get_new_aliases
+from vulnerabilities.improve_runner import process_inferences
+from vulnerabilities.improver import MAX_CONFIDENCE
+from vulnerabilities.improver import Improver
+from vulnerabilities.improver import Inference
+from vulnerabilities.models import Advisory
+from vulnerabilities.models import Alias
+from vulnerabilities.models import Package
+from vulnerabilities.models import PackageRelatedVulnerability
+from vulnerabilities.models import Vulnerability
+from vulnerabilities.models import VulnerabilityReference
+from vulnerabilities.models import VulnerabilityRelatedReference
+from vulnerabilities.models import VulnerabilitySeverity
 
 
 @pytest.mark.django_db
@@ -37,3 +58,201 @@ def test_create_valid_vulnerability_reference_accepts_long_references():
         url="https://foo.bar",
     )
     assert result
+
+
+@pytest.mark.django_db
+def test_get_or_create_vulnerability_and_aliases_with_new_vulnerability_and_new_aliases():
+    alias_names = ["TAYLOR-1337", "SWIFT-1337"]
+    summary = "Melodious vulnerability"
+    vulnerability = get_or_create_vulnerability_and_aliases(aliases=alias_names, summary=summary)
+    assert vulnerability
+    alias_names_in_db = vulnerability.get_aliases.values_list("alias", flat=True)
+    assert Counter(alias_names_in_db) == Counter(alias_names)
+
+
+@pytest.mark.django_db
+def test_get_or_create_vulnerability_and_aliases_with_different_vulnerability_and_existing_aliases():
+    existing_vulnerability = Vulnerability(vulnerability_id="VCID-Existing")
+    existing_vulnerability.save()
+    existing_aliases = []
+    existing_alias_names = ["ALIAS-1", "ALIAS-2"]
+    for alias in existing_alias_names:
+        existing_aliases.append(Alias(alias=alias, vulnerability=existing_vulnerability))
+    Alias.objects.bulk_create(existing_aliases)
+
+    different_vulnerability = Vulnerability(vulnerability_id="VCID-New")
+    different_vulnerability.save()
+    assert not get_or_create_vulnerability_and_aliases(
+        aliases=existing_alias_names, vulnerability_id=different_vulnerability.vulnerability_id
+    )
+
+
+@pytest.mark.django_db
+def test_get_or_create_vulnerability_and_aliases_with_existing_vulnerability_and_new_aliases():
+    existing_vulnerability = Vulnerability(vulnerability_id="VCID-Existing")
+    existing_vulnerability.save()
+
+    existing_alias_names = ["ALIAS-1", "ALIAS-2"]
+    vulnerability = get_or_create_vulnerability_and_aliases(
+        vulnerability_id="VCID-Existing", aliases=existing_alias_names
+    )
+    assert existing_vulnerability == vulnerability
+
+    alias_names_in_db = vulnerability.get_aliases.values_list("alias", flat=True)
+    assert Counter(alias_names_in_db) == Counter(existing_alias_names)
+
+
+@pytest.mark.django_db
+def test_get_or_create_vulnerability_and_aliases_with_existing_vulnerability_and_existing_aliases():
+    existing_vulnerability = Vulnerability(vulnerability_id="VCID-Existing")
+    existing_vulnerability.save()
+
+    existing_aliases = []
+    existing_alias_names = ["ALIAS-1", "ALIAS-2"]
+    for alias in existing_alias_names:
+        existing_aliases.append(Alias(alias=alias, vulnerability=existing_vulnerability))
+    Alias.objects.bulk_create(existing_aliases)
+
+    vulnerability = get_or_create_vulnerability_and_aliases(
+        vulnerability_id="VCID-Existing", aliases=existing_alias_names
+    )
+    assert existing_vulnerability == vulnerability
+
+    alias_names_in_db = vulnerability.get_aliases.values_list("alias", flat=True)
+    assert Counter(alias_names_in_db) == Counter(existing_alias_names)
+
+
+@pytest.mark.django_db
+def test_get_or_create_vulnerability_and_aliases_with_existing_vulnerability_and_existing_and_new_aliases():
+    existing_vulnerability = Vulnerability(vulnerability_id="VCID-Existing")
+    existing_vulnerability.save()
+
+    existing_aliases = []
+    existing_alias_names = ["ALIAS-1", "ALIAS-2"]
+    for alias in existing_alias_names:
+        existing_aliases.append(Alias(alias=alias, vulnerability=existing_vulnerability))
+    Alias.objects.bulk_create(existing_aliases)
+
+    new_alias_names = ["ALIAS-3", "ALIAS-4"]
+    alias_names = existing_alias_names + new_alias_names
+    vulnerability = get_or_create_vulnerability_and_aliases(
+        vulnerability_id="VCID-Existing", aliases=alias_names
+    )
+    assert existing_vulnerability == vulnerability
+
+    alias_names_in_db = vulnerability.get_aliases.values_list("alias", flat=True)
+    assert Counter(alias_names_in_db) == Counter(alias_names)
+
+
+DUMMY_ADVISORY = Advisory(summary="dummy", created_by="tests", date_collected=timezone.now())
+
+
+@pytest.mark.django_db
+def test_process_inferences_with_no_inference():
+    assert not process_inferences(
+        inferences=[], advisory=DUMMY_ADVISORY, improver_name="test_improver"
+    )
+
+
+@pytest.mark.django_db
+def test_process_inferences_with_unknown_but_specified_vulnerability():
+    inference = Inference(vulnerability_id="VCID-Does-Not-Exist-In-DB", aliases=["MATRIX-Neo"])
+    assert not process_inferences(
+        inferences=[inference], advisory=DUMMY_ADVISORY, improver_name="test_improver"
+    )
+
+
+INFERENCES = [
+    Inference(
+        aliases=["CVE-1", "CVE-2"],
+        summary="One upon a time, in a package far far away",
+        affected_purls=[
+            PackageURL(type="character", namespace="star-wars", name="anakin", version="1")
+        ],
+        fixed_purl=PackageURL(
+            type="character", namespace="star-wars", name="darth-vader", version="1"
+        ),
+        references=[Reference(reference_id="imperial-vessel-1", url="https://m47r1x.github.io")],
+    )
+]
+
+
+def get_objects_in_all_tables_used_by_process_inferences():
+    return {
+        "vulnerabilities": list(Vulnerability.objects.all()),
+        "aliases": list(Alias.objects.all()),
+        "references": list(VulnerabilityReference.objects.all()),
+        "advisories": list(Advisory.objects.all()),
+        "packages": list(Package.objects.all()),
+        "references": list(VulnerabilityReference.objects.all()),
+        "severity": list(VulnerabilitySeverity.objects.all()),
+    }
+
+
+@pytest.mark.django_db
+def test_process_inferences_idempotency():
+    process_inferences(INFERENCES, DUMMY_ADVISORY, improver_name="test_improver")
+    all_objects = get_objects_in_all_tables_used_by_process_inferences()
+    process_inferences(INFERENCES, DUMMY_ADVISORY, improver_name="test_improver")
+    process_inferences(INFERENCES, DUMMY_ADVISORY, improver_name="test_improver")
+    assert all_objects == get_objects_in_all_tables_used_by_process_inferences()
+
+
+@pytest.mark.django_db
+def test_process_inference_idempotency_with_different_improver_names():
+    process_inferences(INFERENCES, DUMMY_ADVISORY, improver_name="test_improver_one")
+    all_objects = get_objects_in_all_tables_used_by_process_inferences()
+    process_inferences(INFERENCES, DUMMY_ADVISORY, improver_name="test_improver_two")
+    process_inferences(INFERENCES, DUMMY_ADVISORY, improver_name="test_improver_three")
+    assert all_objects == get_objects_in_all_tables_used_by_process_inferences()
+
+
+@pytest.mark.django_db
+def test_get_or_created_vulnerability_and_aliases_with_empty_aliases():
+    assert get_or_create_vulnerability_and_aliases(aliases=[], summary="EMPTY ALIASES") == None
+
+
+@pytest.mark.django_db
+def test_process_inferences_with_empty_aliases():
+    with pytest.raises(AssertionError):
+        process_inferences(
+            inferences=[
+                Inference(
+                    aliases=[],
+                    vulnerability_id=None,
+                    confidence=MAX_CONFIDENCE,
+                    summary="",
+                )
+            ],
+            advisory=Advisory.objects.create(summary="", date_collected=timezone.now()),
+            improver_name="NO_ALIASES_IMPROVER",
+        )
+
+
+@pytest.mark.django_db
+def test_get_vulns_for_aliases_and_get_new_aliases():
+    v = Vulnerability.objects.create(summary="TEST")
+    Alias.objects.create(alias="CVE-1", vulnerability=v)
+    new_aliases, existing_vulns = get_vulns_for_aliases_and_get_new_aliases(
+        aliases=["CVE-1", "CVE-2"]
+    )
+    assert new_aliases == set(["CVE-2"])
+    assert existing_vulns == set([v])
+    new_aliases, existing_vulns = get_vulns_for_aliases_and_get_new_aliases(aliases=["CVE-3"])
+    assert new_aliases == set(["CVE-3"])
+    assert existing_vulns == set()
+
+
+@pytest.mark.django_db
+def test_create_vulnerability_and_add_aliases():
+    vuln = create_vulnerability_and_add_aliases(aliases=["CVE-1", "GHSA-1"], summary="NEW-VULN")
+    assert vuln is not None
+    assert vuln.aliases.all().count() == 2
+    assert [alias["alias"] for alias in vuln.alias.all().values("alias")] == ["CVE-1", "GHSA-1"]
+    assert vuln.summary == "NEW-VULN"
+
+
+@pytest.mark.django_db
+def test_create_vulnerability_and_add_aliases_with_no_aliases():
+    with pytest.raises(Exception):
+        create_vulnerability_and_add_aliases(aliases=[], summary="NEW-VULN")
diff --git a/vulnerabilities/tests/test_improver.py b/vulnerabilities/tests/test_improver.py
new file mode 100644
index 000000000..792fefc63
--- /dev/null
+++ b/vulnerabilities/tests/test_improver.py
@@ -0,0 +1,72 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+
+import pytest
+
+from vulnerabilities.importer import AdvisoryData
+from vulnerabilities.importer import Reference
+from vulnerabilities.improver import MAX_CONFIDENCE
+from vulnerabilities.improver import Inference
+from vulnerabilities.improver import PackageURL
+
+
+def test_empty_inference_raises_exception():
+    with pytest.raises(AssertionError):
+        Inference()
+
+
+def test_inference_to_dict_method_with_vulnerability_id():
+    inference = Inference(vulnerability_id="vulcoid-1337")
+    expected = {
+        "vulnerability_id": "vulcoid-1337",
+        "aliases": [],
+        "confidence": MAX_CONFIDENCE,
+        "summary": "",
+        "affected_purls": [],
+        "fixed_purl": None,
+        "references": [],
+        "weaknesses": [],
+    }
+    assert expected == inference.to_dict()
+
+
+def test_inference_to_dict_method_with_purls():
+    purl = PackageURL(type="dummy", namespace="rick", name="jalebi", version="1")
+    inference = Inference(affected_purls=[purl], fixed_purl=purl)
+    expected = {
+        "vulnerability_id": None,
+        "aliases": [],
+        "confidence": MAX_CONFIDENCE,
+        "summary": "",
+        "affected_purls": [purl.to_dict()],
+        "fixed_purl": purl.to_dict(),
+        "references": [],
+        "weaknesses": [],
+    }
+    assert expected == inference.to_dict()
+
+
+def test_inference_to_dict_method_with_versionless_purls_raises_exception():
+    versionless_purl = PackageURL(type="dummy", namespace="rick", name="gulabjamun")
+    with pytest.raises(AssertionError):
+        Inference(affected_purls=[versionless_purl], fixed_purl=versionless_purl)
+
+
+def test_inference_from_advisory_data():
+    aliases = ["lalmohan", "gulabjamun"]
+    summary = "really tasty sweets"
+    references = [Reference(url="http://localhost")]
+    advisory_data = AdvisoryData(aliases=aliases, summary=summary, references=references)
+    fixed_purl = PackageURL(name="mithai", version="1", type="sweets")
+    inference = Inference.from_advisory_data(
+        advisory_data=advisory_data, fixed_purl=fixed_purl, confidence=MAX_CONFIDENCE
+    )
+    assert inference == Inference(
+        aliases=aliases, summary=summary, references=references, fixed_purl=fixed_purl
+    )
diff --git a/vulnerabilities/tests/test_istio.py b/vulnerabilities/tests/test_istio.py
index 93a714459..82a88ae04 100644
--- a/vulnerabilities/tests/test_istio.py
+++ b/vulnerabilities/tests/test_istio.py
@@ -13,8 +13,8 @@
 
 from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importers.istio import IstioImporter
-from vulnerabilities.importers.istio import IstioImprover
 from vulnerabilities.improvers.default import DefaultImprover
+from vulnerabilities.improvers.valid_versions import IstioImprover
 from vulnerabilities.tests import util_tests
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
@@ -50,7 +50,7 @@ def test_istio_process_file():
     util_tests.check_results_against_json(result, expected_file)
 
 
-@mock.patch("vulnerabilities.importers.istio.IstioImprover.get_package_versions")
+@mock.patch("vulnerabilities.improvers.valid_versions.IstioImprover.get_package_versions")
 def test_istio_improver(mock_response):
     advisory_file = os.path.join(TEST_DIR, f"istio-expected.json")
     expected_file = os.path.join(TEST_DIR, f"istio-improver-expected.json")
diff --git a/vulnerabilities/tests/test_models.py b/vulnerabilities/tests/test_models.py
index 58b95af80..ed8eb29e6 100644
--- a/vulnerabilities/tests/test_models.py
+++ b/vulnerabilities/tests/test_models.py
@@ -7,51 +7,40 @@
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
+import urllib.parse
 from datetime import datetime
 from unittest import TestCase
+from unittest import mock
 
 import pytest
+from django.db import transaction
+from django.db.models.query import QuerySet
 from django.db.utils import IntegrityError
 from freezegun import freeze_time
+from packageurl import PackageURL
+from univers import versions
+from univers.version_range import RANGE_CLASS_BY_SCHEMES
+from univers.version_range import AlpineLinuxVersionRange
 
 from vulnerabilities import models
+from vulnerabilities.models import Alias
+from vulnerabilities.models import Package
+from vulnerabilities.models import Vulnerability
+from vulnerabilities.models import VulnerabilityQuerySet
 
 
 class TestVulnerabilityModel(TestCase):
-    def test_generate_vulcoid_given_timestamp_object(self):
-        timestamp_object = datetime(2021, 1, 1, 11, 12, 13, 2000)
-        expected_vulcoid = "VULCOID-20210101-1112-13002000"
-        found_vulcoid = models.Vulnerability.generate_vulcoid(timestamp_object)
-        assert expected_vulcoid == found_vulcoid
-
-    def test_generate_vulcoid(self):
-        expected_vulcoid = "VULCOID-20210101-1112-13000000"
-        with freeze_time("2021-01-01 11:12:13.000000"):
-            found_vulcoid = models.Vulnerability.generate_vulcoid()
-        assert expected_vulcoid == found_vulcoid
-
     @pytest.mark.django_db
     def test_vulnerability_save_with_vulnerability_id(self):
         models.Vulnerability(vulnerability_id="CVE-2020-7965").save()
         assert models.Vulnerability.objects.filter(vulnerability_id="CVE-2020-7965").count() == 1
 
     @pytest.mark.django_db
-    def test_vulnerability_save_without_vulnerability_id(self):
-        assert (
-            models.Vulnerability.objects.filter(
-                vulnerability_id="VULCOID-20210101-1112-13000000"
-            ).count()
-            == 0
-        )
-
-        with freeze_time("2021-01-01 11:12:13.000000"):
-            models.Vulnerability(vulnerability_id="").save()
-            assert (
-                models.Vulnerability.objects.filter(
-                    vulnerability_id="VULCOID-20210101-1112-13000000"
-                ).count()
-                == 1
-            )
+    def test_cwe_not_present_in_weaknesses_db(self):
+        w1 = models.Weakness.objects.create(cwe_id=189)
+        assert w1.weakness is None
+        assert w1.name is ""
+        assert w1.description is ""
 
 
 # FIXME: The fixture code is duplicated. setUpClass is not working with the pytest mark.
@@ -63,16 +52,16 @@ def test_package_to_vulnerability(self):
         v1 = models.Vulnerability.objects.create(vulnerability_id="CVE-123-2002")
 
         prv1 = models.PackageRelatedVulnerability.objects.create(
-            patched_package=p2, package=p1, vulnerability=v1
+            package=p1, vulnerability=v1, fix=False
+        )
+        prv2 = models.PackageRelatedVulnerability.objects.create(
+            package=p2, vulnerability=v1, fix=True
         )
 
-        assert p1.vulnerabilities.all().count() == 1
-        assert p1.resolved_vulnerabilities.all().count() == 0
-        assert p1.vulnerabilities.all()[0] == v1
+        assert p1.fixing_vulnerabilities.count() == 0
 
-        assert p2.vulnerabilities.all().count() == 0
-        assert p2.resolved_vulnerabilities.all().count() == 1
-        assert p2.resolved_vulnerabilities.all()[0] == v1
+        assert p2.fixing_vulnerabilities.count() == 1
+        assert p2.fixing_vulnerabilities[0] == v1
 
     def test_vulnerability_package(self):
         p1 = models.Package.objects.create(type="deb", name="git", version="2.30.1")
@@ -80,11 +69,574 @@ def test_vulnerability_package(self):
         v1 = models.Vulnerability.objects.create(vulnerability_id="CVE-123-2002")
 
         prv1 = models.PackageRelatedVulnerability.objects.create(
-            patched_package=p2, package=p1, vulnerability=v1
+            package=p1, vulnerability=v1, fix=False
+        )
+        prv2 = models.PackageRelatedVulnerability.objects.create(
+            package=p2, vulnerability=v1, fix=True
+        )
+
+        assert v1.vulnerable_packages.count() == 1
+        assert v1.fixed_by_packages.count() == 1
+
+        assert v1.vulnerable_packages[0] == p1
+        assert v1.fixed_by_packages[0] == p2
+
+
+@pytest.mark.django_db
+class TestPackageModel(TestCase):
+    def setUp(self):
+        """
+        This uses a package/vuln/fix group we know from the DB/UI testing: pkg:pypi/redis@4.1.1.
+        It has 2 non-vuln versions, both the same: 5.0.0b1.  The first of its two vulns is
+        VCID-g2fu-45jw-aaan (aliases: CVE-2023-28858 and GHSA-24wv-mv5m-xv4h), fixed by
+        4.3.6 w/1 vuln of its own.  The second is VCID-rqe1-dkmg-aaad (aliases: CVE-2023-28859
+        and GHSA-8fww-64cx-x8p5), fixed by 5.0.0b1 w/ 0 vulns of its own.
+        """
+
+        # pkg
+        self.package_pypi_redis_4_1_1 = models.Package.objects.create(
+            type="pypi",
+            namespace="",
+            name="redis",
+            version="4.1.1",
+            qualifiers={},
+            subpath="",
+        )
+
+        # vuln #1 for affected pkg
+        self.vuln_VCID_g2fu_45jw_aaan = models.Vulnerability.objects.create(
+            summary="This is VCID-g2fu-45jw-aaan",
+            vulnerability_id="VCID-g2fu-45jw-aaan",
+        )
+
+        # relationship
+        models.PackageRelatedVulnerability.objects.create(
+            package=self.package_pypi_redis_4_1_1,
+            vulnerability=self.vuln_VCID_g2fu_45jw_aaan,
+            fix=False,
+        )
+
+        # aliases
+        Alias.objects.create(alias="CVE-2023-28858", vulnerability=self.vuln_VCID_g2fu_45jw_aaan)
+        Alias.objects.create(
+            alias="GHSA-24wv-mv5m-xv4h", vulnerability=self.vuln_VCID_g2fu_45jw_aaan
+        )
+
+        # fixed pkg for vuln #1 for affected pkg
+        self.package_pypi_redis_4_3_6 = models.Package.objects.create(
+            type="pypi",
+            namespace="",
+            name="redis",
+            version="4.3.6",
+            qualifiers={},
+            subpath="",
+        )
+
+        # relationship
+        models.PackageRelatedVulnerability.objects.create(
+            package=self.package_pypi_redis_4_3_6,
+            vulnerability=self.vuln_VCID_g2fu_45jw_aaan,
+            fix=True,
+        )
+
+        # vuln for fixed pkg -- and also vuln # 2 for affected pkg
+        self.vuln_VCID_rqe1_dkmg_aaad = models.Vulnerability.objects.create(
+            summary="This is VCID-rqe1-dkmg-aaad",
+            vulnerability_id="VCID-rqe1-dkmg-aaad",
+        )
+
+        # relationship
+        models.PackageRelatedVulnerability.objects.create(
+            package=self.package_pypi_redis_4_3_6,
+            vulnerability=self.vuln_VCID_rqe1_dkmg_aaad,
+            fix=False,
+        )
+
+        # aliases
+        Alias.objects.create(alias="CVE-2023-28859", vulnerability=self.vuln_VCID_rqe1_dkmg_aaad)
+        Alias.objects.create(
+            alias="GHSA-8fww-64cx-x8p5", vulnerability=self.vuln_VCID_rqe1_dkmg_aaad
+        )
+
+        # vuln # 2 for affected pkg -- already defined above bc also vuln for fixed pkg above!
+
+        # relationship
+        models.PackageRelatedVulnerability.objects.create(
+            package=self.package_pypi_redis_4_1_1,
+            vulnerability=self.vuln_VCID_rqe1_dkmg_aaad,
+            fix=False,
+        )
+
+        # aliases -- already defined above
+
+        # fixed pkg -- 0 vulns of its own
+        self.package_pypi_redis_5_0_0b1 = models.Package.objects.create(
+            type="pypi",
+            namespace="",
+            name="redis",
+            version="5.0.0b1",
+            qualifiers={},
+            subpath="",
+        )
+
+        # relationship
+        models.PackageRelatedVulnerability.objects.create(
+            package=self.package_pypi_redis_5_0_0b1,
+            vulnerability=self.vuln_VCID_rqe1_dkmg_aaad,
+            fix=True,
+        )
+
+        # This vulnerability does not affect any redis packages in this set of tests but does affect a made-up package, self.package_pypi_bogus_1_2_3.
+        self.vuln_VCID_abcd_efgh_1234 = models.Vulnerability.objects.create(
+            summary="This is VCID-abcd-efgh-1234",
+            vulnerability_id="VCID-abcd-efgh-1234",
+        )
+
+        # pkg
+        self.package_pypi_bogus_1_2_3 = models.Package.objects.create(
+            type="pypi",
+            namespace="",
+            name="bogus",
+            version="1.2.3",
+            qualifiers={},
+            subpath="",
+        )
+
+        # relationship
+        models.PackageRelatedVulnerability.objects.create(
+            package=self.package_pypi_bogus_1_2_3,
+            vulnerability=self.vuln_VCID_abcd_efgh_1234,
+            fix=False,
+        )
+
+        # This vulnerability does not affect any packages in this set of tests included to test .all().
+        self.vuln_VCID_wxyz_0000_0000 = models.Vulnerability.objects.create(
+            summary="This is VCID-wxyz-0000-0000",
+            vulnerability_id="VCID-wxyz-0000-0000",
+        )
+
+    def test_fixed_package_details(self):
+        searched_for_package = self.package_pypi_redis_4_1_1
+
+        assert searched_for_package.package_url == "pkg:pypi/redis@4.1.1"
+        assert searched_for_package.plain_package_url == "pkg:pypi/redis@4.1.1"
+        assert searched_for_package.get_absolute_url() == "/packages/pkg:pypi/redis@4.1.1"
+        assert searched_for_package.purl == "pkg:pypi/redis@4.1.1"
+
+        assert len(searched_for_package.affected_by) == 2
+
+        assert self.vuln_VCID_g2fu_45jw_aaan in searched_for_package.affected_by
+        assert self.package_pypi_redis_4_3_6 in self.vuln_VCID_g2fu_45jw_aaan.fixed_by_packages
+
+        assert self.vuln_VCID_rqe1_dkmg_aaad in searched_for_package.affected_by
+        assert self.package_pypi_redis_5_0_0b1 in self.vuln_VCID_rqe1_dkmg_aaad.fixed_by_packages
+
+        searched_for_package_details = searched_for_package.fixed_package_details
+
+        package_details = {
+            "purl": PackageURL(
+                type="pypi",
+                name="redis",
+                version="4.1.1",
+            ),
+            "next_non_vulnerable": PackageURL(
+                type="pypi",
+                name="redis",
+                version="5.0.0b1",
+            ),
+            "latest_non_vulnerable": PackageURL(
+                type="pypi",
+                namespace=None,
+                name="redis",
+                version="5.0.0b1",
+                qualifiers={},
+                subpath=None,
+            ),
+            "vulnerabilities": [
+                {
+                    "vulnerability": self.vuln_VCID_g2fu_45jw_aaan,
+                    "fixed_by_package_details": [
+                        {
+                            "fixed_by_purl": PackageURL(
+                                type="pypi",
+                                namespace=None,
+                                name="redis",
+                                version="4.3.6",
+                                qualifiers={},
+                                subpath=None,
+                            ),
+                            "fixed_by_purl_vulnerabilities": [self.vuln_VCID_rqe1_dkmg_aaad],
+                        }
+                    ],
+                    "fixed_by_purl": [],
+                    "fixed_by_purl_vulnerabilities": [],
+                },
+                {
+                    "vulnerability": self.vuln_VCID_rqe1_dkmg_aaad,
+                    "fixed_by_package_details": [
+                        {
+                            "fixed_by_purl": PackageURL(
+                                type="pypi",
+                                namespace=None,
+                                name="redis",
+                                version="5.0.0b1",
+                                qualifiers={},
+                                subpath=None,
+                            ),
+                            "fixed_by_purl_vulnerabilities": [],
+                        }
+                    ],
+                    "fixed_by_purl": [],
+                    "fixed_by_purl_vulnerabilities": [],
+                },
+            ],
+        }
+
+        assert searched_for_package_details == package_details
+
+        assert searched_for_package_details.get("latest_non_vulnerable") == PackageURL(
+            type="pypi",
+            namespace=None,
+            name="redis",
+            version="5.0.0b1",
+            qualifiers={},
+            subpath=None,
+        )
+
+        searched_for_package_fixing = searched_for_package.fixing
+        assert type(searched_for_package_fixing) == models.VulnerabilityQuerySet
+        assert searched_for_package_fixing.count() == 0
+        assert len(searched_for_package_fixing) == 0
+        assert list(searched_for_package_fixing) == []
+
+    def test_get_vulnerable_packages(self):
+        vuln_packages = Package.objects.vulnerable()
+        assert vuln_packages.count() == 4
+        assert vuln_packages.distinct().count() == 3
+
+        first_vulnerable_package = vuln_packages.distinct()[0]
+        assert first_vulnerable_package.purl == "pkg:pypi/bogus@1.2.3"
+
+        second_vulnerable_package = vuln_packages.distinct()[1]
+        assert second_vulnerable_package.purl == "pkg:pypi/redis@4.1.1"
+
+        second_vulnerable_package_matching_fixed_packages = (
+            Package.objects.get_fixed_by_package_versions(second_vulnerable_package, fix=True)
+        )
+        first_fixed_by_package = second_vulnerable_package_matching_fixed_packages[0]
+
+        assert len(second_vulnerable_package_matching_fixed_packages) == 2
+        assert first_fixed_by_package.purl == "pkg:pypi/redis@4.3.6"
+
+    def test_string_to_package(self):
+        purl_string = "pkg:maven/org.apache.tomcat/tomcat@10.0.0-M4"
+        purl = PackageURL.from_string(purl_string)
+        purl_to_dict = purl.to_dict()
+
+        # For namespace, version, qualifiers and subpath, we need to add the or * to avoid an
+        # IntegrityError, e.g., django.db.utils.IntegrityError: null value in column "subpath" violates
+        # not-null constraint
+        vulnerablecode_package = models.Package.objects.create(
+            type=purl_to_dict.get("type"),
+            namespace=purl_to_dict.get("namespace") or "",
+            name=purl_to_dict.get("name"),
+            version=purl_to_dict.get("version") or "",
+            qualifiers=purl_to_dict.get("qualifiers") or {},
+            subpath=purl_to_dict.get("subpath") or "",
+        )
+
+        assert type(vulnerablecode_package) == models.Package
+        assert vulnerablecode_package.purl == "pkg:maven/org.apache.tomcat/tomcat@10.0.0-M4"
+        assert vulnerablecode_package.package_url == "pkg:maven/org.apache.tomcat/tomcat@10.0.0-M4"
+        assert (
+            vulnerablecode_package.plain_package_url
+            == "pkg:maven/org.apache.tomcat/tomcat@10.0.0-M4"
+        )
+        assert (
+            vulnerablecode_package.get_absolute_url()
+            == "/packages/pkg:maven/org.apache.tomcat/tomcat@10.0.0-M4"
+        )
+
+    def test_univers_version_comparisons(self):
+        assert versions.PypiVersion("1.2.3") < versions.PypiVersion("1.2.4")
+        assert versions.PypiVersion("0.9") < versions.PypiVersion("0.10")
+
+        deb01 = models.Package.objects.create(type="deb", name="git", version="2.30.1")
+        deb02 = models.Package.objects.create(type="deb", name="git", version="2.31.1")
+        assert versions.DebianVersion(deb01.version) < versions.DebianVersion(deb02.version)
+
+        # pkg:deb/debian/jackson-databind@2.12.1-1%2Bdeb11u1 is a real PURL in the DB
+        # But we need to replace/delete the "%".  Test the error:
+        with pytest.raises(versions.InvalidVersion):
+            assert versions.DebianVersion("2.12.1-1%2Bdeb11u1") < versions.DebianVersion(
+                "2.13.1-1%2Bdeb11u1"
+            )
+        # Decode the version and test:
+        assert versions.DebianVersion(
+            urllib.parse.unquote("2.12.1-1%2Bdeb11u1")
+        ) < versions.DebianVersion(urllib.parse.unquote("2.13.1-1%2Bdeb11u1"))
+
+        # Expect an error when comparing different types.
+        with pytest.raises(TypeError):
+            assert versions.PypiVersion("0.9") < versions.DebianVersion("0.10")
+
+        # This demonstrates that versions.Version does not correctly compare 0.9 vs. 0.10.
+        assert not versions.Version("0.9") < versions.Version("0.10")
+        # Use SemverVersion instead as a default fallback version for comparisons.
+        assert versions.SemverVersion("0.9") < versions.SemverVersion("0.10")
+
+    def test_univers_version_class(self):
+        gem_version = RANGE_CLASS_BY_SCHEMES["gem"].version_class
+        assert gem_version == versions.RubygemsVersion
+
+        gem_package = models.Package.objects.create(type="gem", name="sidekiq", version="0.9")
+        gem_package_version = RANGE_CLASS_BY_SCHEMES[gem_package.type].version_class
+        assert gem_package_version == versions.RubygemsVersion
+
+        deb_version = RANGE_CLASS_BY_SCHEMES["deb"].version_class
+        assert deb_version == versions.DebianVersion
+
+        deb_package = models.Package.objects.create(type="deb", name="git", version="2.31.1")
+        deb_package_version = RANGE_CLASS_BY_SCHEMES[deb_package.type].version_class
+        assert deb_package_version == versions.DebianVersion
+
+        pypi_version = RANGE_CLASS_BY_SCHEMES["pypi"].version_class
+        assert pypi_version == versions.PypiVersion
+
+        pypi_package = models.Package.objects.create(type="pypi", name="pyopenssl", version="0.9")
+        pypi_package_version = RANGE_CLASS_BY_SCHEMES[pypi_package.type].version_class
+        assert pypi_package_version == versions.PypiVersion
+
+        RANGE_CLASS_BY_SCHEMES["alpine"] = AlpineLinuxVersionRange
+        alpine_version = RANGE_CLASS_BY_SCHEMES["alpine"].version_class
+        assert alpine_version == versions.AlpineLinuxVersion
+
+    def test_sort_by_version(self):
+        list_to_sort = [
+            "pkg:npm/sequelize@3.13.1",
+            "pkg:npm/sequelize@3.10.1",
+            "pkg:npm/sequelize@3.40.1",
+            "pkg:npm/sequelize@3.9.1",
+        ]
+
+        # Convert list of strings ^ to a list of vulnerablecode Package objects.
+        vuln_pkg_list = []
+        for package in list_to_sort:
+            purl = PackageURL.from_string(package)
+            attrs = {k: v for k, v in purl.to_dict().items() if v}
+            vulnerablecode_package = models.Package.objects.create(**attrs)
+            vuln_pkg_list.append(vulnerablecode_package)
+
+        requesting_package = models.Package.objects.create(
+            type="npm",
+            name="sequelize",
+            version="3.0.0",
+        )
+
+        sorted_pkgs = requesting_package.sort_by_version(vuln_pkg_list)
+        first_sorted_item = sorted_pkgs[0]
+
+        assert sorted_pkgs[0].purl == "pkg:npm/sequelize@3.9.1"
+        assert sorted_pkgs[-1].purl == "pkg:npm/sequelize@3.40.1"
+
+    def test_affecting_vulnerabilities_vulnerabilityqueryset_method(self):
+        """
+        Return querysets of Vulnerabilities using the VulnerabilityQuerySet affecting_vulnerabilities() method.
+        """
+        searched_for_package = self.package_pypi_redis_4_1_1
+
+        # Return a queryset of Vulnerabilities that affect this Package.
+        this_package_vulnerabilities = (
+            searched_for_package.vulnerabilities.affecting_vulnerabilities()
+        )
+
+        assert this_package_vulnerabilities[0] == self.vuln_VCID_g2fu_45jw_aaan
+        assert this_package_vulnerabilities[1] == self.vuln_VCID_rqe1_dkmg_aaad
+
+        # Return a queryset of Vulnerabilities that affect any Package.
+        any_package_vulnerabilities = Vulnerability.objects.affecting_vulnerabilities()
+
+        assert any_package_vulnerabilities[0] == self.vuln_VCID_abcd_efgh_1234
+        assert any_package_vulnerabilities[1] == self.vuln_VCID_g2fu_45jw_aaan
+        assert any_package_vulnerabilities[2] == self.vuln_VCID_rqe1_dkmg_aaad
+        assert any_package_vulnerabilities[3] == self.vuln_VCID_rqe1_dkmg_aaad
+
+        # Return a queryset of distinct Vulnerabilities that affect any Package.
+        any_package_vulnerabilities_distinct = (
+            Vulnerability.objects.affecting_vulnerabilities().distinct()
+        )
+
+        assert any_package_vulnerabilities_distinct[0] == self.vuln_VCID_abcd_efgh_1234
+        assert any_package_vulnerabilities_distinct[1] == self.vuln_VCID_g2fu_45jw_aaan
+        assert any_package_vulnerabilities_distinct[2] == self.vuln_VCID_rqe1_dkmg_aaad
+
+        # Return a count of the queryset of distinct Vulnerabilities that affect any Package.
+        any_package_vulnerabilities_distinct_count = (
+            Vulnerability.objects.affecting_vulnerabilities().distinct().count()
+        )
+
+        assert any_package_vulnerabilities_distinct_count == 3
+
+        # Return a queryset of all Vulnerabilities, regardless of whether they affect a package.
+        all_vulnerabilities = Vulnerability.objects.all()
+
+        assert all_vulnerabilities[0] == self.vuln_VCID_abcd_efgh_1234
+        assert all_vulnerabilities[1] == self.vuln_VCID_g2fu_45jw_aaan
+        assert all_vulnerabilities[2] == self.vuln_VCID_rqe1_dkmg_aaad
+        assert all_vulnerabilities[3] == self.vuln_VCID_wxyz_0000_0000
+
+        # Return a count of the queryset of all Vulnerabilities, regardless of whether they affect a package.
+        all_vulnerabilities_count = Vulnerability.objects.all().count()
+
+        assert all_vulnerabilities_count == 4
+
+    def test_affecting_vulnerabilities_package_property_method(self):
+        """
+        Return a queryset of Vulnerabilities using the Package affecting_vulnerabilities() property
+        method.
+        """
+        searched_for_package = self.package_pypi_redis_4_1_1
+
+        # Return a queryset of Vulnerabilities that affect a specific Package.
+        this_package_vulnerabilities = searched_for_package.affecting_vulnerabilities
+
+        assert this_package_vulnerabilities[0] == self.vuln_VCID_g2fu_45jw_aaan
+        assert this_package_vulnerabilities[1] == self.vuln_VCID_rqe1_dkmg_aaad
+
+    def test_fixing_vulnerabilities_package_property_method(self):
+        """
+        Return a queryset of Vulnerabilities using the Package fixing_vulnerabilities() property
+        method.
+        """
+        # Return a queryset of Vulnerabilities that are fixed by a specific Package.
+        searched_for_package_redis_4_1_1 = self.package_pypi_redis_4_1_1
+        redis_4_1_1_fixing_vulnerabilities = searched_for_package_redis_4_1_1.fixing_vulnerabilities
+
+        assert redis_4_1_1_fixing_vulnerabilities.count() == 0
+
+        searched_for_package_redis_4_3_6 = self.package_pypi_redis_4_3_6
+        redis_4_3_6_fixing_vulnerabilities = searched_for_package_redis_4_3_6.fixing_vulnerabilities
+
+        assert redis_4_3_6_fixing_vulnerabilities.count() == 1
+        assert redis_4_3_6_fixing_vulnerabilities[0] == self.vuln_VCID_g2fu_45jw_aaan
+
+        searched_for_package_redis_5_0_0b1 = self.package_pypi_redis_5_0_0b1
+        redis_5_0_0b1_fixing_vulnerabilities = (
+            searched_for_package_redis_5_0_0b1.fixing_vulnerabilities
+        )
+
+        assert redis_5_0_0b1_fixing_vulnerabilities.count() == 1
+        assert redis_5_0_0b1_fixing_vulnerabilities[0] == self.vuln_VCID_rqe1_dkmg_aaad
+
+    def test_get_affecting_vulnerabilities_package_method(self):
+        """
+        Return a list of vulnerabilities that affect this package.
+        """
+        searched_for_package_redis_4_1_1 = self.package_pypi_redis_4_1_1
+        redis_4_1_1_affecting_vulnerabilities = (
+            searched_for_package_redis_4_1_1.get_affecting_vulnerabilities()
+        )
+
+        affecting_vulnerabilities = [
+            {
+                "vulnerability": self.vuln_VCID_g2fu_45jw_aaan,
+                "fixed_by_purl": [],
+                "fixed_by_purl_vulnerabilities": [],
+                "fixed_by_package_details": [
+                    {
+                        "fixed_by_purl": PackageURL(
+                            type="pypi",
+                            namespace=None,
+                            name="redis",
+                            version="4.3.6",
+                            qualifiers={},
+                            subpath=None,
+                        ),
+                        "fixed_by_purl_vulnerabilities": [self.vuln_VCID_rqe1_dkmg_aaad],
+                    }
+                ],
+            },
+            {
+                "vulnerability": self.vuln_VCID_rqe1_dkmg_aaad,
+                "fixed_by_purl": [],
+                "fixed_by_purl_vulnerabilities": [],
+                "fixed_by_package_details": [
+                    {
+                        "fixed_by_purl": PackageURL(
+                            type="pypi",
+                            namespace=None,
+                            name="redis",
+                            version="5.0.0b1",
+                            qualifiers={},
+                            subpath=None,
+                        ),
+                        "fixed_by_purl_vulnerabilities": [],
+                    }
+                ],
+            },
+        ]
+
+        assert redis_4_1_1_affecting_vulnerabilities == affecting_vulnerabilities
+
+    def test_get_non_vulnerable_versions(self):
+        """
+        Return a tuple of the next and latest non-vulnerable versions of this package as PackageURLs.
+        """
+        searched_for_package_redis_4_1_1 = self.package_pypi_redis_4_1_1
+        redis_4_1_1_non_vulnerable_versions = (
+            searched_for_package_redis_4_1_1.get_non_vulnerable_versions()
+        )
+
+        non_vulnerable_versions = (
+            PackageURL(
+                type="pypi",
+                namespace=None,
+                name="redis",
+                version="5.0.0b1",
+                qualifiers={},
+                subpath=None,
+            ),
+            PackageURL(
+                type="pypi",
+                namespace=None,
+                name="redis",
+                version="5.0.0b1",
+                qualifiers={},
+                subpath=None,
+            ),
+        )
+
+        assert redis_4_1_1_non_vulnerable_versions == non_vulnerable_versions
+
+    def test_version_class_and_current_version(self):
+        searched_for_package_redis_4_1_1 = self.package_pypi_redis_4_1_1
+
+        package_version_class = RANGE_CLASS_BY_SCHEMES[
+            searched_for_package_redis_4_1_1.type
+        ].version_class
+
+        assert package_version_class == versions.PypiVersion
+        assert searched_for_package_redis_4_1_1.current_version == package_version_class(
+            string="4.1.1"
+        )
+        assert str(searched_for_package_redis_4_1_1.current_version) == "4.1.1"
+
+    def test_get_fixed_by_package_versions(self):
+        searched_for_package_redis_4_1_1 = self.package_pypi_redis_4_1_1
+
+        fixed_by_package_versions = Package.objects.get_fixed_by_package_versions(
+            searched_for_package_redis_4_1_1, fix=True
+        )
+
+        all_package_versions = Package.objects.get_fixed_by_package_versions(
+            searched_for_package_redis_4_1_1, fix=False
         )
 
-        assert v1.vulnerable_packages.all().count() == 1
-        assert v1.patched_packages.all().count() == 1
+        assert fixed_by_package_versions[0] == self.package_pypi_redis_4_3_6
+        assert fixed_by_package_versions[1] == self.package_pypi_redis_5_0_0b1
+        assert fixed_by_package_versions.count() == 2
 
-        assert v1.vulnerable_packages.all()[0] == p1
-        assert v1.patched_packages.all()[0] == p2
+        assert all_package_versions[0] == self.package_pypi_redis_4_1_1
+        assert all_package_versions[1] == self.package_pypi_redis_4_3_6
+        assert all_package_versions[2] == self.package_pypi_redis_5_0_0b1
+        assert all_package_versions.count() == 3
diff --git a/vulnerabilities/tests/test_msr2019.py b/vulnerabilities/tests/test_msr2019.py
index c921de0b2..4af8334e3 100644
--- a/vulnerabilities/tests/test_msr2019.py
+++ b/vulnerabilities/tests/test_msr2019.py
@@ -9,6 +9,7 @@
 
 import csv
 import os
+from unittest import mock
 
 from vulnerabilities.importers.project_kb_msr2019 import ProjectKBMSRImporter
 from vulnerabilities.tests import util_tests
@@ -17,6 +18,13 @@
 TEST_DIR = os.path.join(BASE_DIR, "test_data/kbmsr2019")
 
 
+@mock.patch("vulnerabilities.importers.project_kb_msr2019.fetch_and_read_from_csv")
+def test_data_fetch(mock_value):
+    importer = ProjectKBMSRImporter()
+    mock_value.return_value = []
+    importer.advisory_data()
+
+
 def test_kbmsr_to_advisories():
     TEST_DATA = os.path.join(TEST_DIR, "test_msr_data.csv")
     with open(TEST_DATA) as f:
diff --git a/vulnerabilities/tests/test_nginx.py b/vulnerabilities/tests/test_nginx.py
index 7f8da680f..1d59830ee 100644
--- a/vulnerabilities/tests/test_nginx.py
+++ b/vulnerabilities/tests/test_nginx.py
@@ -23,9 +23,11 @@
 from vulnerabilities.importer import Reference
 from vulnerabilities.importer import VulnerabilitySeverity
 from vulnerabilities.importers import nginx
+from vulnerabilities.improvers.valid_versions import NginxBasicImprover
 from vulnerabilities.models import Advisory
 from vulnerabilities.package_managers import PackageVersion
 from vulnerabilities.tests import util_tests
+from vulnerabilities.utils import is_vulnerable_nginx_version
 
 ADVISORY_FIELDS_TO_TEST = (
     "unique_content_id",
@@ -50,43 +52,43 @@ def test_is_vulnerable(self):
         fixed_versions = [vcls("1.17.3"), vcls("1.16.1")]
 
         version = vcls("1.9.4")
-        assert not nginx.is_vulnerable(version, affected_version_range, fixed_versions)
+        assert not is_vulnerable_nginx_version(version, affected_version_range, fixed_versions)
 
         version = vcls("1.9.5")
-        assert nginx.is_vulnerable(version, affected_version_range, fixed_versions)
+        assert is_vulnerable_nginx_version(version, affected_version_range, fixed_versions)
 
         version = vcls("1.9.6")
-        assert nginx.is_vulnerable(version, affected_version_range, fixed_versions)
+        assert is_vulnerable_nginx_version(version, affected_version_range, fixed_versions)
 
         version = vcls("1.16.0")
-        assert nginx.is_vulnerable(version, affected_version_range, fixed_versions)
+        assert is_vulnerable_nginx_version(version, affected_version_range, fixed_versions)
 
         version = vcls("1.16.1")
-        assert not nginx.is_vulnerable(version, affected_version_range, fixed_versions)
+        assert not is_vulnerable_nginx_version(version, affected_version_range, fixed_versions)
 
         version = vcls("1.16.2")
-        assert not nginx.is_vulnerable(version, affected_version_range, fixed_versions)
+        assert not is_vulnerable_nginx_version(version, affected_version_range, fixed_versions)
 
         version = vcls("1.16.99")
-        assert not nginx.is_vulnerable(version, affected_version_range, fixed_versions)
+        assert not is_vulnerable_nginx_version(version, affected_version_range, fixed_versions)
 
         version = vcls("1.17.0")
-        assert nginx.is_vulnerable(version, affected_version_range, fixed_versions)
+        assert is_vulnerable_nginx_version(version, affected_version_range, fixed_versions)
 
         version = vcls("1.17.1")
-        assert nginx.is_vulnerable(version, affected_version_range, fixed_versions)
+        assert is_vulnerable_nginx_version(version, affected_version_range, fixed_versions)
 
         version = vcls("1.17.2")
-        assert nginx.is_vulnerable(version, affected_version_range, fixed_versions)
+        assert is_vulnerable_nginx_version(version, affected_version_range, fixed_versions)
 
         version = vcls("1.17.3")
-        assert not nginx.is_vulnerable(version, affected_version_range, fixed_versions)
+        assert not is_vulnerable_nginx_version(version, affected_version_range, fixed_versions)
 
         version = vcls("1.17.4")
-        assert not nginx.is_vulnerable(version, affected_version_range, fixed_versions)
+        assert not is_vulnerable_nginx_version(version, affected_version_range, fixed_versions)
 
         version = vcls("1.18.0")
-        assert not nginx.is_vulnerable(version, affected_version_range, fixed_versions)
+        assert not is_vulnerable_nginx_version(version, affected_version_range, fixed_versions)
 
     def test_parse_advisory_data_from_paragraph(self):
         paragraph = (
@@ -186,7 +188,7 @@ def fetch(self):
     def test_NginxBasicImprover__interesting_advisories(self):
         advisories, importer_class = self.run_import()
 
-        class MockNginxBasicImprover(nginx.NginxBasicImprover):
+        class MockNginxBasicImprover(NginxBasicImprover):
             @property
             def interesting_advisories(self) -> QuerySet:
                 return Advisory.objects.filter(created_by=importer_class.qualified_name)
@@ -213,9 +215,7 @@ def test_NginxBasicImprover_fetch_nginx_version_from_git_tags(self, mock_fetcher
                 side_effects.append(json.load(f))
         mock_fetcher.side_effect = side_effects
 
-        results = [
-            pv.to_dict() for pv in nginx.NginxBasicImprover().fetch_nginx_version_from_git_tags()
-        ]
+        results = [pv.to_dict() for pv in NginxBasicImprover().fetch_nginx_version_from_git_tags()]
         expected_file = self.get_test_loc("improver/nginx-versions-expected.json", must_exist=False)
         util_tests.check_results_against_json(results, expected_file)
 
@@ -229,7 +229,7 @@ def test_NginxBasicImprover__get_inferences_from_versions_end_to_end(self):
             all_versions = [PackageVersion(**vd) for vd in json.load(vf)]
 
         results = []
-        improver = nginx.NginxBasicImprover()
+        improver = NginxBasicImprover()
         for advdata in advisories_data:
             advisory_data = AdvisoryData.from_dict(advdata)
 
diff --git a/vulnerabilities/tests/test_npm.py b/vulnerabilities/tests/test_npm.py
index afd72181b..28ca7a548 100644
--- a/vulnerabilities/tests/test_npm.py
+++ b/vulnerabilities/tests/test_npm.py
@@ -8,15 +8,20 @@
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
+import json
 import os
+from unittest.mock import patch
 
 from packageurl import PackageURL
 from univers.version_constraint import VersionConstraint
 from univers.version_range import NpmVersionRange
 from univers.versions import SemverVersion
 
+from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importer import AffectedPackage
 from vulnerabilities.importers.npm import NpmImporter
+from vulnerabilities.improvers.default import DefaultImprover
+from vulnerabilities.improvers.valid_versions import NpmImprover
 from vulnerabilities.tests import util_tests
 from vulnerabilities.utils import load_json
 
@@ -43,3 +48,31 @@ def test_get_affected_package():
         ),
         fixed_version=SemverVersion(string="1.3.3"),
     ) == NpmImporter().get_affected_package(data, "npm")
+
+
+@patch("vulnerabilities.improvers.valid_versions.NpmImprover.get_package_versions")
+def test_npm_improver(mock_response):
+    advisory_file = os.path.join(TEST_DATA, f"parse-advisory-npm-expected.json")
+    with open(advisory_file) as exp:
+        advisories = [AdvisoryData.from_dict(adv) for adv in (json.load(exp))]
+    mock_response.return_value = [
+        "0.1.0",
+        "0.5.6",
+        "0.5.2",
+        "1.1.1",
+        "1.1.2",
+        "1.1.3",
+        "1.1.4",
+        "1.1.5",
+        "1.1.6",
+        "1.1.7",
+        "1.1.8",
+    ]
+    improvers = [NpmImprover(), DefaultImprover()]
+    result = []
+    for improver in improvers:
+        for advisory in advisories:
+            inference = [data.to_dict() for data in improver.get_inferences(advisory)]
+            result.extend(inference)
+    expected_file = os.path.join(TEST_DATA, f"npm-improver-expected.json")
+    util_tests.check_results_against_json(result, expected_file)
diff --git a/vulnerabilities/tests/test_nvd.py b/vulnerabilities/tests/test_nvd.py
index af7e2f19b..702faa7f4 100644
--- a/vulnerabilities/tests/test_nvd.py
+++ b/vulnerabilities/tests/test_nvd.py
@@ -15,10 +15,11 @@
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 TEST_DATA = os.path.join(BASE_DIR, "test_data/nvd/nvd_test.json")
+REJECTED_CVE = os.path.join(BASE_DIR, "test_data/nvd/rejected_nvd.json")
 
 
-def load_test_data():
-    with open(TEST_DATA) as f:
+def load_test_data(file):
+    with open(file) as f:
         return json.load(f)
 
 
@@ -38,7 +39,26 @@ def sorted_advisory_data(advisory_data):
 def test_to_advisories_skips_hardware(regen=REGEN):
     expected_file = os.path.join(BASE_DIR, "test_data/nvd/nvd-expected.json")
 
-    test_data = load_test_data()
+    test_data = load_test_data(file=TEST_DATA)
+    result = [data.to_dict() for data in nvd.to_advisories(test_data)]
+    result = sorted_advisory_data(result)
+
+    if regen:
+        with open(expected_file, "w") as f:
+            json.dump(result, f, indent=2)
+        expected = result
+    else:
+        with open(expected_file) as f:
+            expected = json.load(f)
+    expected = sorted_advisory_data(expected)
+
+    assert result == expected
+
+
+def test_to_advisories_marks_rejected_cve(regen=REGEN):
+    expected_file = os.path.join(BASE_DIR, "test_data/nvd/nvd-rejected-expected.json")
+
+    test_data = load_test_data(file=REJECTED_CVE)
     result = [data.to_dict() for data in nvd.to_advisories(test_data)]
     result = sorted_advisory_data(result)
 
diff --git a/vulnerabilities/tests/test_oss_fuzz.py b/vulnerabilities/tests/test_oss_fuzz.py
new file mode 100644
index 000000000..c6dcb501e
--- /dev/null
+++ b/vulnerabilities/tests/test_oss_fuzz.py
@@ -0,0 +1,36 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+import os
+from unittest import TestCase
+
+import saneyaml
+
+from vulnerabilities.importers.osv import parse_advisory_data
+from vulnerabilities.tests import util_tests
+
+BASE_DIR = os.path.dirname(os.path.abspath(__file__))
+TEST_DATA = os.path.join(BASE_DIR, "test_data/oss_fuzz")
+
+
+class TestOSSFuzzImporter(TestCase):
+    def test_to_advisories1(self):
+        with open(os.path.join(TEST_DATA, "oss-fuzz-data1.yaml")) as f:
+            mock_response = saneyaml.load(f)
+        expected_file = os.path.join(TEST_DATA, "oss-fuzz-data1.yaml-expected.json")
+        imported_data = parse_advisory_data(mock_response, "oss-fuzz")
+        result = imported_data.to_dict()
+        util_tests.check_results_against_json(result, expected_file)
+
+    def test_to_advisorie2(self):
+        with open(os.path.join(TEST_DATA, "oss-fuzz-data2.yaml")) as f:
+            mock_response = saneyaml.load(f)
+        expected_file = os.path.join(TEST_DATA, "oss-fuzz-data2.yaml-expected.json")
+        imported_data = parse_advisory_data(mock_response, "oss-fuzz")
+        result = imported_data.to_dict()
+        util_tests.check_results_against_json(result, expected_file)
diff --git a/vulnerabilities/tests/test_package_managers.py b/vulnerabilities/tests/test_package_managers.py
index 228c32fd2..adf46e1cd 100644
--- a/vulnerabilities/tests/test_package_managers.py
+++ b/vulnerabilities/tests/test_package_managers.py
@@ -15,8 +15,10 @@
 
 import pytest
 from dateutil.tz import tzlocal
+from packageurl import PackageURL
 
 from vulnerabilities.package_managers import ComposerVersionAPI
+from vulnerabilities.package_managers import DebianVersionAPI
 from vulnerabilities.package_managers import GitHubTagsAPI
 from vulnerabilities.package_managers import GoproxyVersionAPI
 from vulnerabilities.package_managers import MavenVersionAPI
@@ -25,6 +27,7 @@
 from vulnerabilities.package_managers import PypiVersionAPI
 from vulnerabilities.package_managers import RubyVersionAPI
 from vulnerabilities.package_managers import VersionResponse
+from vulnerabilities.package_managers import get_version_fetcher
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 TEST_DATA = os.path.join(BASE_DIR, "test_data", "package_manager_data")
@@ -450,3 +453,10 @@ def test_fetch_small_repo_2(self, mock_graphql_response):
             PackageVersion(value="v22.01", release_date=dt_local(2022, 1, 24, 23, 48, 4)),
         ]
         assert results == expected
+
+
+def test_get_version_fetcher():
+    purl = "pkg:deb/debian/foo@1.2.3"
+    purl = PackageURL.from_string(purl)
+    fetcher = get_version_fetcher(purl)
+    assert isinstance(fetcher, DebianVersionAPI)
diff --git a/vulnerabilities/tests/test_pysec.py b/vulnerabilities/tests/test_pysec.py
index f5d8107ac..efdcafe55 100644
--- a/vulnerabilities/tests/test_pysec.py
+++ b/vulnerabilities/tests/test_pysec.py
@@ -43,3 +43,16 @@ def test_to_advisories_without_summary(self):
             expected_file=expected_file,
             regen=REGEN,
         )
+
+    def test_to_advisories_with_cwe(self):
+        with open(os.path.join(TEST_DATA, "pysec-advisory_with_cwe.json")) as f:
+            mock_response = json.load(f)
+
+        results = parse_advisory_data(mock_response, "pypi").to_dict()
+
+        expected_file = os.path.join(TEST_DATA, "pysec-advisories_with_cwe-expected.json")
+        check_results_against_json(
+            results=results,
+            expected_file=expected_file,
+            regen=REGEN,
+        )
diff --git a/vulnerabilities/tests/test_throttling.py b/vulnerabilities/tests/test_throttling.py
index 5fbbebe80..550f1767f 100644
--- a/vulnerabilities/tests/test_throttling.py
+++ b/vulnerabilities/tests/test_throttling.py
@@ -29,10 +29,11 @@ def setUp(self):
         self.staff_csrf_client = APIClient(enforce_csrf_checks=True)
         self.staff_csrf_client.credentials(HTTP_AUTHORIZATION=self.staff_auth)
 
-    def test_packages_endpoint_throttling(self):
+        self.csrf_client_anon = APIClient(enforce_csrf_checks=True)
+        self.csrf_client_anon_1 = APIClient(enforce_csrf_checks=True)
 
-        # A basic user can only access /packages endpoint 10 times a day
-        for i in range(0, 10):
+    def test_package_endpoint_throttling(self):
+        for i in range(0, 20):
             response = self.csrf_client.get("/api/packages")
             self.assertEqual(response.status_code, 200)
             response = self.staff_csrf_client.get("/api/packages")
@@ -46,122 +47,36 @@ def test_packages_endpoint_throttling(self):
         # 200 - staff user can access API unlimited times
         self.assertEqual(response.status_code, 200)
 
-    def test_cpes_endpoint_throttling(self):
-
-        # A basic user can only access /cpes endpoint 4 times a day
-        for i in range(0, 4):
-            response = self.csrf_client.get("/api/cpes")
-            self.assertEqual(response.status_code, 200)
-            response = self.staff_csrf_client.get("/api/cpes")
-            self.assertEqual(response.status_code, 200)
-
-        response = self.csrf_client.get("/api/cpes")
-        # 429 - too many requests for basic user
-        self.assertEqual(response.status_code, 429)
-
-        response = self.staff_csrf_client.get("/api/cpes", format="json")
-        # 200 - staff user can access API unlimited times
-        self.assertEqual(response.status_code, 200)
-
-    def test_all_vulnerable_packages_endpoint_throttling(self):
-
-        # A basic user can only access /packages/all 1 time a day
-        for i in range(0, 1):
-            response = self.csrf_client.get("/api/packages/all")
-            self.assertEqual(response.status_code, 200)
-            response = self.staff_csrf_client.get("/api/packages/all")
-            self.assertEqual(response.status_code, 200)
-
-        response = self.csrf_client.get("/api/packages/all")
-        # 429 - too many requests for basic user
-        self.assertEqual(response.status_code, 429)
-
-        response = self.staff_csrf_client.get("/api/packages/all", format="json")
-        # 200 - staff user can access API unlimited times
-        self.assertEqual(response.status_code, 200)
-
-    def test_vulnerabilities_endpoint_throttling(self):
-
-        # A basic user can only access /vulnerabilities 8 times a day
-        for i in range(0, 8):
-            response = self.csrf_client.get("/api/vulnerabilities")
-            self.assertEqual(response.status_code, 200)
-            response = self.staff_csrf_client.get("/api/vulnerabilities")
+        # A anonymous user can only access /packages endpoint 10 times a day
+        for i in range(0, 10):
+            print(i)
+            response = self.csrf_client_anon.get("/api/packages")
             self.assertEqual(response.status_code, 200)
 
-        response = self.csrf_client.get("/api/vulnerabilities")
-        # 429 - too many requests for basic user
+        response = self.csrf_client_anon.get("/api/packages")
+        # 429 - too many requests for anon user
         self.assertEqual(response.status_code, 429)
+        self.assertEqual(
+            response.data.get("message"),
+            "Your request has been throttled. Please contact support@nexb.com",
+        )
 
-        response = self.staff_csrf_client.get("/api/vulnerabilities", format="json")
-        # 200 - staff user can access API unlimited times
-        self.assertEqual(response.status_code, 200)
-
-    def test_aliases_endpoint_throttling(self):
-
-        # A basic user can only access /alias 2 times a day
-        for i in range(0, 2):
-            response = self.csrf_client.get("/api/aliases")
-            self.assertEqual(response.status_code, 200)
-            response = self.staff_csrf_client.get("/api/aliases")
-            self.assertEqual(response.status_code, 200)
-
-        response = self.csrf_client.get("/api/aliases")
-        # 429 - too many requests for basic user
+        response = self.csrf_client_anon.get("/api/vulnerabilities")
+        # 429 - too many requests for anon user
         self.assertEqual(response.status_code, 429)
+        self.assertEqual(
+            response.data.get("message"),
+            "Your request has been throttled. Please contact support@nexb.com",
+        )
 
-        response = self.staff_csrf_client.get("/api/aliases", format="json")
-        # 200 - staff user can access API unlimited times
-        self.assertEqual(response.status_code, 200)
-
-    def test_bulk_search_packages_endpoint_throttling(self):
         data = json.dumps({"purls": ["pkg:foo/bar"]})
 
-        # A basic user can only access /packages/bulk_search 6 times a day
-        for i in range(0, 6):
-            response = self.csrf_client.post(
-                "/api/packages/bulk_search", data=data, content_type="application/json"
-            )
-            self.assertEqual(response.status_code, 200)
-            response = self.staff_csrf_client.post(
-                "/api/packages/bulk_search", data=data, content_type="application/json"
-            )
-            self.assertEqual(response.status_code, 200)
-
-        response = self.csrf_client.post(
+        response = self.csrf_client_anon.post(
             "/api/packages/bulk_search", data=data, content_type="application/json"
         )
-        # 429 - too many requests for basic user
+        # 429 - too many requests for anon user
         self.assertEqual(response.status_code, 429)
-
-        response = self.staff_csrf_client.post(
-            "/api/packages/bulk_search", data=data, content_type="application/json"
+        self.assertEqual(
+            response.data.get("message"),
+            "Your request has been throttled. Please contact support@nexb.com",
         )
-        # 200 - staff user can access API unlimited times
-        self.assertEqual(response.status_code, 200)
-
-    def test_bulk_search_cpes_endpoint_throttling(self):
-        data = json.dumps({"cpes": ["cpe:foo/bar"]})
-
-        # A basic user can only access /cpes/bulk_search 5 times a day
-        for i in range(0, 5):
-            response = self.csrf_client.post(
-                "/api/cpes/bulk_search", data=data, content_type="application/json"
-            )
-            self.assertEqual(response.status_code, 200)
-            response = self.staff_csrf_client.post(
-                "/api/cpes/bulk_search", data=data, content_type="application/json"
-            )
-            self.assertEqual(response.status_code, 200)
-
-        response = self.csrf_client.post(
-            "/api/cpes/bulk_search", data=data, content_type="application/json"
-        )
-        # 429 - too many requests for basic user
-        self.assertEqual(response.status_code, 429)
-
-        response = self.staff_csrf_client.post(
-            "/api/cpes/bulk_search", data=data, content_type="application/json"
-        )
-        # 200 - staff user can access API unlimited times
-        self.assertEqual(response.status_code, 200)
diff --git a/vulnerabilities/tests/test_ubuntu.py b/vulnerabilities/tests/test_ubuntu.py
index cc6c6630a..fa54fa1af 100644
--- a/vulnerabilities/tests/test_ubuntu.py
+++ b/vulnerabilities/tests/test_ubuntu.py
@@ -7,10 +7,15 @@
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
+import json
 import os
 import xml.etree.ElementTree as ET
+from unittest.mock import patch
 
+from vulnerabilities.importer import AdvisoryData
 from vulnerabilities.importers.ubuntu import UbuntuImporter
+from vulnerabilities.improvers.default import DefaultImprover
+from vulnerabilities.improvers.valid_versions import UbuntuOvalImprover
 from vulnerabilities.tests import util_tests
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
@@ -27,3 +32,29 @@ def test_ubuntu_importer():
     util_tests.check_results_against_json(
         [advisory.to_dict() for advisory in advsiories], expected_file
     )
+
+
+@patch("vulnerabilities.improvers.valid_versions.UbuntuOvalImprover.get_package_versions")
+def test_debian_oval_improver(mock_response):
+    advisory_file = os.path.join(TEST_DATA, f"ubuntu-oval-expected.json")
+    with open(advisory_file) as exp:
+        advisories = [AdvisoryData.from_dict(adv) for adv in (json.load(exp))]
+    mock_response.return_value = [
+        "1.1.0",
+        "1.1.1",
+        "1.1.2",
+        "1.1.3",
+        "1.1.4",
+        "1.1.5",
+        "1.1.6",
+        "1.1.7",
+        "1.1.8",
+    ]
+    improvers = [UbuntuOvalImprover(), DefaultImprover()]
+    result = []
+    for improver in improvers:
+        for advisory in advisories:
+            inference = [data.to_dict() for data in improver.get_inferences(advisory)]
+            result.extend(inference)
+    expected_file = os.path.join(TEST_DATA, f"ubuntu-oval-improver-expected.json")
+    util_tests.check_results_against_json(result, expected_file)
diff --git a/vulnerabilities/tests/test_utils.py b/vulnerabilities/tests/test_utils.py
index ac21afc9a..a377d4745 100644
--- a/vulnerabilities/tests/test_utils.py
+++ b/vulnerabilities/tests/test_utils.py
@@ -15,6 +15,7 @@
 from vulnerabilities.package_managers import PackageVersion
 from vulnerabilities.utils import AffectedPackage
 from vulnerabilities.utils import get_item
+from vulnerabilities.utils import get_severity_range
 from vulnerabilities.utils import nearest_patched_package
 from vulnerabilities.utils import resolve_version_range
 from vulnerabilities.utils import split_markdown_front_matter
@@ -145,3 +146,8 @@ def test_resolve_version_range_without_ignorable_versions():
             "10.0.0",
         ],
     )
+
+
+def test_get_severity_range():
+    assert get_severity_range({""}) is None
+    assert get_severity_range({}) is None
diff --git a/vulnerabilities/tests/test_vulnerability_status_improver.py b/vulnerabilities/tests/test_vulnerability_status_improver.py
new file mode 100644
index 000000000..0314af236
--- /dev/null
+++ b/vulnerabilities/tests/test_vulnerability_status_improver.py
@@ -0,0 +1,65 @@
+import os
+from datetime import datetime
+from unittest import mock
+
+import pytest
+
+from vulnerabilities.importers.nvd import NVDImporter
+from vulnerabilities.improvers.vulnerability_status import VulnerabilityStatusImprover
+from vulnerabilities.improvers.vulnerability_status import get_status_from_api
+from vulnerabilities.models import Advisory
+from vulnerabilities.models import Alias
+from vulnerabilities.models import Vulnerability
+from vulnerabilities.models import VulnerabilityStatusType
+
+BASE_DIR = os.path.dirname(os.path.abspath(__file__))
+
+
+TEST_DATA = os.path.join(
+    BASE_DIR,
+    "test_data/vulnerability_status_improver",
+)
+
+
+@pytest.mark.django_db(transaction=True)
+def test_interesting_advisories():
+    Advisory.objects.create(
+        aliases=["CVE-1"],
+        created_by=NVDImporter.qualified_name,
+        summary="1",
+        date_collected=datetime.now(),
+    )
+    Advisory.objects.create(
+        aliases=["CVE-1"],
+        created_by=NVDImporter.qualified_name,
+        summary="2",
+        date_collected=datetime.now(),
+    )
+    advs = VulnerabilityStatusImprover().interesting_advisories
+    assert len(list(advs)) == 1
+
+
+@mock.patch("vulnerabilities.utils.fetch_response")
+def test_get_status_from_api(mock_response):
+    response = os.path.join(TEST_DATA, f"CVE-2023-35866.json")
+    mock_response.return_value = response
+    status = get_status_from_api(cve_id="CVE-2023-35866")
+    assert status == VulnerabilityStatusType.DISPUTED
+
+
+@pytest.mark.django_db(transaction=True)
+@mock.patch("vulnerabilities.utils.fetch_response")
+def test_improver_end_to_end(mock_response):
+    response = os.path.join(TEST_DATA, f"CVE-2023-35866.json")
+    mock_response.return_value = response
+    adv = Advisory.objects.create(
+        aliases=["CVE-2023-35866"],
+        created_by=NVDImporter.qualified_name,
+        summary="1",
+        date_collected=datetime.now(),
+    )
+    v1 = Vulnerability.objects.create(summary="test")
+    Alias.objects.create(alias="CVE-2023-35866", vulnerability=v1)
+    VulnerabilityStatusImprover().get_inferences(advisory_data=adv)
+    v1 = Vulnerability.objects.get(summary="test")
+    assert v1.status == VulnerabilityStatusType.DISPUTED
diff --git a/vulnerabilities/throttling.py b/vulnerabilities/throttling.py
index 12fb23426..d439a04b2 100644
--- a/vulnerabilities/throttling.py
+++ b/vulnerabilities/throttling.py
@@ -6,10 +6,12 @@
 # See https://github.com/nexB/vulnerablecode for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
-from rest_framework.throttling import ScopedRateThrottle
+from rest_framework.exceptions import Throttled
+from rest_framework.throttling import UserRateThrottle
+from rest_framework.views import exception_handler
 
 
-class StaffUserRateThrottle(ScopedRateThrottle):
+class StaffUserRateThrottle(UserRateThrottle):
     def allow_request(self, request, view):
         """
         Do not apply throttling for superusers and admins.
@@ -18,3 +20,19 @@ def allow_request(self, request, view):
             return True
 
         return super().allow_request(request, view)
+
+
+def throttled_exception_handler(exception, context):
+    """
+    Return this response whenever a request has been throttled
+    """
+
+    response = exception_handler(exception, context)
+
+    if isinstance(exception, Throttled):
+        response_data = {
+            "message": "Your request has been throttled. Please contact support@nexb.com"
+        }
+        response.data = response_data
+
+    return response
diff --git a/vulnerabilities/utils.py b/vulnerabilities/utils.py
index f4dcafa2d..4d6b03b46 100644
--- a/vulnerabilities/utils.py
+++ b/vulnerabilities/utils.py
@@ -30,6 +30,7 @@
 import urllib3
 from packageurl import PackageURL
 from univers.version_range import RANGE_CLASS_BY_SCHEMES
+from univers.version_range import NginxVersionRange
 from univers.version_range import VersionRange
 
 logger = logging.getLogger(__name__)
@@ -453,3 +454,87 @@ def get_cwe_id(cwe_string: str) -> int:
     """
     cwe_id = cwe_string.split("-")[1]
     return int(cwe_id)
+
+
+def clean_nginx_git_tag(tag):
+    """
+    Return a cleaned ``version`` string from an nginx git tag.
+
+    Nginx tags git release as in `release-1.2.3`
+    This removes the the `release-` prefix.
+
+    For example:
+    >>> clean_nginx_git_tag("release-1.2.3") == "1.2.3"
+    True
+    >>> clean_nginx_git_tag("1.2.3") == "1.2.3"
+    True
+    """
+    if tag.startswith("release-"):
+        _, _, tag = tag.partition("release-")
+    return tag
+
+
+def is_vulnerable_nginx_version(version, affected_version_range, fixed_versions):
+    """
+    Return True if the ``version`` Version for nginx is vulnerable according to
+    the nginx approach.
+
+    A ``version`` is vulnerable as explained by @mdounin
+    in https://marc.info/?l=nginx&m=164070162912710&w=2 :
+
+        "Note that it is generally trivial to find out if a version is
+        vulnerable or not from the information about a vulnerability,
+        without any knowledge about nginx branches.  That is:
+
+        - Check if the version is in "Vulnerable" range.  If it's not, the
+          version is not vulnerable.
+
+        - If it is, check if the branch is explicitly listed in the "Not
+          vulnerable".  If it's not, the version is vulnerable.  If it
+          is, check the minor number: if it's greater or equal to the
+          version listed as not vulnerable, the version is not vulnerable,
+          else the version is vulnerable."
+
+    """
+    if version in NginxVersionRange.from_string(affected_version_range.to_string()):
+        for fixed_version in fixed_versions:
+            if version.value.minor == fixed_version.value.minor and version >= fixed_version:
+                return False
+        return True
+    return False
+
+
+def get_severity_range(severity_list):
+    """
+    >>> get_severity_range({'LOW','7.5','5'})
+    '0.1 - 7.5'
+    >>> get_severity_range({'LOW','Medium'})
+    '0.1 - 6.9'
+    >>> get_severity_range({'9.5','critical'})
+    '9.0 - 10.0'
+    >>> get_severity_range({'9.5','critical','unknown'})
+    '9.0 - 10.0'
+    >>> get_severity_range({})
+    """
+    if len(severity_list) < 1:
+        return
+    score_map = {
+        "low": [0.1, 3],
+        "moderate": [4.0, 6.9],
+        "medium": [4.0, 6.9],
+        "high": [7.0, 8.9],
+        "important": [7.0, 8.9],
+        "critical": [9.0, 10.0],
+    }
+
+    score_list = []
+    for score in severity_list:
+        try:
+            score_list.append(float(score))
+        except ValueError:
+            score_range = score_map.get(score.lower()) or []
+            if score_range:
+                score_list.extend(score_range)
+    if not score_list:
+        return
+    return f"{min(score_list)} - {max(score_list)}"
diff --git a/vulnerabilities/views.py b/vulnerabilities/views.py
index e96f43a6d..7618369e2 100644
--- a/vulnerabilities/views.py
+++ b/vulnerabilities/views.py
@@ -23,7 +23,8 @@
 from vulnerabilities.forms import ApiUserCreationForm
 from vulnerabilities.forms import PackageSearchForm
 from vulnerabilities.forms import VulnerabilitySearchForm
-from vulnerabilities.models import Weakness
+from vulnerabilities.models import VulnerabilityStatusType
+from vulnerabilities.utils import get_severity_range
 from vulnerablecode.settings import env
 
 PAGE_SIZE = 20
@@ -83,6 +84,8 @@ def get_context_data(self, **kwargs):
         context["affected_by_vulnerabilities"] = package.affected_by.order_by("vulnerability_id")
         context["fixing_vulnerabilities"] = package.fixing.order_by("vulnerability_id")
         context["package_search_form"] = PackageSearchForm(self.request.GET)
+        context["fixed_package_details"] = package.fixed_package_details
+
         return context
 
     def get_object(self, queryset=None):
@@ -116,16 +119,25 @@ def get_queryset(self):
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
+        weaknesses = self.object.weaknesses.all()
+        weaknesses_present_in_db = [
+            weakness_object for weakness_object in weaknesses if weakness_object.weakness
+        ]
+        status = self.object.get_status_label
         context.update(
             {
                 "vulnerability": self.object,
                 "vulnerability_search_form": VulnerabilitySearchForm(self.request.GET),
                 "severities": list(self.object.severities),
+                "severity_score_range": get_severity_range(
+                    {s.value for s in self.object.severities}
+                ),
                 "references": self.object.references.all(),
                 "aliases": self.object.aliases.all(),
                 "affected_packages": self.object.affected_packages.all(),
                 "fixed_by_packages": self.object.fixed_by_packages.all(),
-                "weaknesses": self.object.weaknesses.all(),
+                "weaknesses": weaknesses_present_in_db,
+                "status": status,
             }
         )
         return context
@@ -176,7 +188,6 @@ class ApiUserCreateView(generic.CreateView):
     template_name = "api_user_creation_form.html"
 
     def form_valid(self, form):
-
         try:
             response = super().form_valid(form)
         except ValidationError:
diff --git a/vulnerablecode/__init__.py b/vulnerablecode/__init__.py
index 8c2ca575c..56e7550a1 100644
--- a/vulnerablecode/__init__.py
+++ b/vulnerablecode/__init__.py
@@ -12,7 +12,7 @@
 import warnings
 from pathlib import Path
 
-__version__ = "32.0.0rc3"
+__version__ = "33.6.3"
 
 
 def command_line():
diff --git a/vulnerablecode/settings.py b/vulnerablecode/settings.py
index 0b94c13d7..48c849225 100644
--- a/vulnerablecode/settings.py
+++ b/vulnerablecode/settings.py
@@ -89,6 +89,7 @@
     "django.contrib.auth.middleware.AuthenticationMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
+    "vulnerabilities.middleware.ban_user_agent.BanUserAgent",
 )
 
 ROOT_URLCONF = "vulnerablecode.urls"
@@ -171,27 +172,11 @@
 LOGIN_REDIRECT_URL = "/"
 LOGOUT_REDIRECT_URL = "/"
 
-REST_FRAMEWORK_DEFAULT_THROTTLE_RATES = {
-    "vulnerable_packages": "1/hour",
-    "bulk_search_packages": "5/hour",
-    "packages": "10/minute",
-    "vulnerabilities": "10/minute",
-    "aliases": "5/minute",
-    "cpes": "5/minute",
-    "bulk_search_cpes": "5/hour",
-}
+REST_FRAMEWORK_DEFAULT_THROTTLE_RATES = {"anon": "3600/hour", "user": "10800/hour"}
 
 if IS_TESTS:
-    VULNERABLECODEIO_REQUIRE_AUTHENTICATION = True
-    REST_FRAMEWORK_DEFAULT_THROTTLE_RATES = {
-        "vulnerable_packages": "1/day",
-        "bulk_search_packages": "6/day",
-        "packages": "10/day",
-        "vulnerabilities": "8/day",
-        "aliases": "2/day",
-        "cpes": "4/day",
-        "bulk_search_cpes": "5/day",
-    }
+    VULNERABLECODEIO_REQUIRE_AUTHENTICATION = False
+    REST_FRAMEWORK_DEFAULT_THROTTLE_RATES = {"anon": "10/day", "user": "20/day"}
 
 
 USE_L10N = True
@@ -229,8 +214,11 @@
     ),
     "DEFAULT_THROTTLE_CLASSES": [
         "vulnerabilities.throttling.StaffUserRateThrottle",
+        "rest_framework.throttling.AnonRateThrottle",
+        "rest_framework.throttling.UserRateThrottle",
     ],
     "DEFAULT_THROTTLE_RATES": REST_FRAMEWORK_DEFAULT_THROTTLE_RATES,
+    "EXCEPTION_HANDLER": "vulnerabilities.throttling.throttled_exception_handler",
     "DEFAULT_PAGINATION_CLASS": "vulnerabilities.pagination.SmallResultSetPagination",
     # Limit the load on the Database returning a small number of records by default. https://github.com/nexB/vulnerablecode/issues/819
     "PAGE_SIZE": 10,
diff --git a/vulnerablecode/static/css/custom.css b/vulnerablecode/static/css/custom.css
index 6699d8977..2fb98641f 100644
--- a/vulnerablecode/static/css/custom.css
+++ b/vulnerablecode/static/css/custom.css
@@ -173,8 +173,9 @@ code {
 
 /* end tabset */
 
+.table.vcio-table tr:last-child td,
 .table.vcio-table td {
-    border: 0;
+    border: solid 1px #dbdbdb;
 }
 
 .table th {
@@ -185,29 +186,25 @@ code {
     border-color: #dbdbdb;
 }
 
-.table td {
+/* 2023-08-28 Monday 14:55:42.  Is this still needed or does wrap-strings take its place?  Keep eyes peeled for any odd <td> displays. */
+/* .table td {
     word-wrap: break-word;
-    /* 8/24/2022 Wednesday 4:56:57 PM.  We need this for just 1 table as I recall, displaying some sort of data with few/no word breaks
-    but this messes up the look of columns that need a word-break wrap
-    TODO: identify and create separate CSS class for that table */
-    /* word-break: break-all; */
-}
+} */
+
 
 .wrap-strings {
-    word-break: break-all;
+    word-break: break-word;
 }
 
 .two-col-left {
-    width: 160px;
+    width: 255px;
     text-align: right !important;
     font-weight: bold;
-    padding-right: 20px !important;
+    padding-right: 15px !important;
     line-height: 20px;
-    border: solid 1px #e8e8e8 !important;
 }
 
 .two-col-right {
-    border: solid 1px #e8e8e8 !important;
     line-height: 20px;
 }
 
@@ -329,6 +326,14 @@ a.small_page_button {
     box-shadow: 0px 8px 16px 0px #808080;
 }
 
+.dropdown-vuln-list-width {
+    width: 400px;
+}
+
+.dropdown-vuln-dict-width {
+    max-width: 600px;
+}
+
 .width-100-pct {
     width: 100%;
 }
@@ -368,4 +373,205 @@ a.small_page_button {
 
 span.tag.custom {
     margin: 0px 0px 6px 10px;
-}
\ No newline at end of file
+}
+
+/* CSS for dev fixed by headers */
+.dev_fixed_by_headers {
+    border: solid 1px #cccccc;
+    border-radius: 3px;
+    background-color: #f2f2f2;
+    color: #000000;
+    font-weight: bold;
+    font-size: 13px;
+    padding: 3px;
+    margin-bottom: 3px;
+    display: block;
+}
+
+.non-floating-purl {
+    position: relative;
+    width: 100%;
+    z-index: 100;
+    margin-bottom: 0px;
+}
+
+.non-floating-purl .table td,
+.non-floating-purl .table tbody tr:last-child td,
+.non-floating-purl .table th {
+    border: solid 1px #dbdbdb;
+    background-color: #ffffff;
+}
+
+.non-vuln {
+    margin-top: -25px;
+}
+
+.non-vuln .table td,
+.non-vuln .table tbody tr:last-child td,
+.non-vuln .table th {
+    border: solid 1px #dbdbdb;
+}
+
+/* Floating container to display the PURL on the Package details page as the user scrolls down. */
+.floating-purl {
+    position: sticky;
+    top: 0;
+    width: 100%;
+    z-index: 100;
+    margin-bottom: 0px;
+}
+
+.floating-purl .table td,
+.floating-purl .table tbody tr:last-child td,
+.floating-purl .table th {
+    border: solid 1px #dbdbdb;
+    background-color: #ffffff;
+}
+/* test bulleted list */
+
+ul.fixed_by_bullet {
+    list-style-type: disc;
+    /*margin-top: 2px;
+margin-bottom: 10px;*/
+    /*margin-left: -24px;*/
+    /*margin-left: -30px;*/
+    margin-top: 0.25em;
+    margin-left: 7px;
+    margin-bottom: 0.25em;
+    padding-left: 10px;
+}
+
+ul.fixed_by_bullet ul {
+    list-style-type: disc;
+    /*margin-top: 10px;*/
+    margin-top: 5px;
+    margin-top: 0px;
+    margin-bottom: 0px;
+    margin-left: 23px;
+    margin-left: 18px;
+    padding: 0;
+    border: none;
+}
+
+
+
+ul.fixed_by_bullet li {
+    margin-left: 0px;
+    font-family: Arial;
+    font-family: BlinkMacSystemFont, -apple-system, "Segoe UI", "Roboto", "Oxygen", "Ubuntu", "Cantarell", "Fira Sans", "Droid Sans", "Helvetica Neue", "Helvetica", "Arial", sans-serif;
+    font-size: 13px;
+    font-weight: normal;
+    /*margin-bottom: 10px;*/
+    margin-bottom: 2px;
+}
+
+ul.fixed_by_bullet li:last-child {
+    margin-left: 0px;
+    font-family: Arial;
+    font-family: BlinkMacSystemFont, -apple-system, "Segoe UI", "Roboto", "Oxygen", "Ubuntu", "Cantarell", "Fira Sans", "Droid Sans", "Helvetica Neue", "Helvetica", "Arial", sans-serif;
+    font-size: 13px;
+    font-weight: normal;
+    /*margin-bottom: 10px;*/
+    margin-bottom: 0px;
+}
+
+ul.fixed_by_bullet li li {
+    margin-left: 0px;
+    font-family: Arial;
+    font-family: BlinkMacSystemFont, -apple-system, "Segoe UI", "Roboto", "Oxygen", "Ubuntu", "Cantarell", "Fira Sans", "Droid Sans", "Helvetica Neue", "Helvetica", "Arial", sans-serif;
+    font-size: 13px;
+    font-weight: normal;
+    margin-top: 0px;
+    color: #000000;
+}
+
+/* 10/10/15 add 3rd-level bullets */
+ul.fixed_by_bullet ul ul {
+    list-style-type: disc;
+    margin-top: 0px;
+    margin-bottom: 0px;
+    margin-left: 50px;
+    margin-left: 17px;
+    padding: 0;
+    border: none;
+}
+
+ul.fixed_by_bullet li li li {
+    margin-left: 0px;
+    font-family: Arial;
+    font-family: BlinkMacSystemFont, -apple-system, "Segoe UI", "Roboto", "Oxygen", "Ubuntu", "Cantarell", "Fira Sans", "Droid Sans", "Helvetica Neue", "Helvetica", "Arial", sans-serif;
+    font-size: 13px;
+    font-weight: normal;
+    margin-top: 0px;
+    color: #000000;
+}
+
+/* CSS for dev fixed by headers */
+.dev_fixed_by_headers {
+    border: solid 1px #cccccc;
+    border-radius: 3px;
+    background-color: #f2f2f2;
+    color: #000000;
+    font-weight: bold;
+    font-size: 13px;
+    padding: 3px;
+    margin-bottom: 3px;
+    display: block;
+}
+
+.non-floating-purl {
+    position: relative;
+    width: 100%;
+    z-index: 100;
+    margin-bottom: 0px;
+}
+
+.non-floating-purl .table td,
+.non-floating-purl .table tbody tr:last-child td,
+.non-floating-purl .table th {
+    border: solid 1px #dbdbdb;
+    background-color: #ffffff;
+}
+
+.non-vuln {
+    margin-top: -25px;
+}
+
+.non-vuln .table td,
+.non-vuln .table tbody tr:last-child td,
+.non-vuln .table th {
+    border: solid 1px #dbdbdb;
+}
+
+/* Floating container to display the PURL on the Package details page as the user scrolls down. */
+.floating-purl {
+    position: sticky;
+    top: 0;
+    width: 100%;
+    z-index: 100;
+    margin-bottom: 0px;
+}
+
+.floating-purl .table td,
+.floating-purl .table tbody tr:last-child td,
+.floating-purl .table th {
+    border: solid 1px #dbdbdb;
+    background-color: #ffffff;
+}
+
+/* Emphasis for affected/fixed headings and related references. */
+.affected-fixed {
+    color: #000000;
+    font-weight: 800;
+}
+
+/* Emphasis for not vulnerable. */
+.emphasis-not-vulnerable {
+    background-color: #e6ffe6;
+    /* background-color: #e6ffff; */
+}
+
+/* Emphasis for vulnerable. */
+.emphasis-vulnerable {
+    background-color: #ffe6e6;
+}
diff --git a/vulntotal/datasources/deps.py b/vulntotal/datasources/deps.py
index f8f264d38..33c62773d 100644
--- a/vulntotal/datasources/deps.py
+++ b/vulntotal/datasources/deps.py
@@ -12,6 +12,7 @@
 from urllib.parse import quote
 
 import requests
+from packageurl import PackageURL
 
 from vulntotal.validator import DataSource
 from vulntotal.validator import VendorData
@@ -41,7 +42,7 @@ def datasource_advisory(self, purl) -> Iterable[VendorData]:
                     fetched_advisory = self.fetch_json_response(advisory_payload)
                     self._raw_dump.append(fetched_advisory)
                     if fetched_advisory:
-                        return parse_advisory(fetched_advisory)
+                        return parse_advisory(fetched_advisory, purl)
 
     @classmethod
     def supported_ecosystem(cls):
@@ -56,11 +57,12 @@ def supported_ecosystem(cls):
         }
 
 
-def parse_advisory(advisory) -> Iterable[VendorData]:
+def parse_advisory(advisory, purl) -> Iterable[VendorData]:
     package = advisory["packages"][0]
     affected_versions = [event["version"] for event in package["versionsAffected"]]
     fixed_versions = [event["version"] for event in package["versionsUnaffected"]]
     yield VendorData(
+        purl=PackageURL(purl.type, purl.namespace, purl.name),
         aliases=sorted(set(advisory["aliases"])),
         affected_versions=sorted(set(affected_versions)),
         fixed_versions=sorted(set(fixed_versions)),
diff --git a/vulntotal/datasources/github.py b/vulntotal/datasources/github.py
index 95c5deba2..3311665c4 100644
--- a/vulntotal/datasources/github.py
+++ b/vulntotal/datasources/github.py
@@ -10,9 +10,14 @@
 import logging
 from typing import Iterable
 
+from dotenv import load_dotenv
+from packageurl import PackageURL
+
 from vulnerabilities import utils
 from vulntotal.validator import DataSource
+from vulntotal.validator import InvalidCVEError
 from vulntotal.validator import VendorData
+from vulntotal.vulntotal_utils import get_item
 from vulntotal.vulntotal_utils import github_constraints_satisfied
 
 logger = logging.getLogger(__name__)
@@ -23,21 +28,49 @@ class GithubDataSource(DataSource):
     license_url = "TODO"
 
     def fetch_github(self, graphql_query):
+        """
+        Requires GitHub API key in .env file.
+        For example::
+
+                GH_TOKEN="your-github-token"
+        """
+        load_dotenv()
         return utils.fetch_github_graphql_query(graphql_query)
 
     def datasource_advisory(self, purl) -> Iterable[VendorData]:
         end_cursor = ""
         interesting_edges = []
         while True:
-            queryset = generate_graphql_payload(purl, end_cursor)
+            queryset = generate_graphql_payload_from_purl(purl, end_cursor)
             response = self.fetch_github(queryset)
             self._raw_dump.append(response)
-            security_advisories = response["data"]["securityVulnerabilities"]
+            security_advisories = get_item(response, "data", "securityVulnerabilities")
             interesting_edges.extend(extract_interesting_edge(security_advisories["edges"], purl))
-            end_cursor = security_advisories["pageInfo"]["endCursor"]
+            end_cursor = get_item(security_advisories, "pageInfo", "endCursor")
             if not security_advisories["pageInfo"]["hasNextPage"]:
                 break
-        return parse_advisory(interesting_edges)
+        return parse_advisory(interesting_edges, purl)
+
+    def datasource_advisory_from_cve(self, cve: str) -> Iterable[VendorData]:
+        if not cve.upper().startswith("CVE-"):
+            raise InvalidCVEError
+
+        queryset = generate_graphql_payload_from_cve(cve)
+        response = self.fetch_github(queryset)
+        self._raw_dump = [response]
+        grouped_advisory = group_advisory_by_package(response, cve)
+
+        for advisory in grouped_advisory:
+            ecosystem = get_item(advisory, "package", "ecosystem")
+            ecosystem = get_purl_type(ecosystem)
+            package_name = get_item(advisory, "package", "name")
+            purl = PackageURL.from_string(f"pkg:{ecosystem}/{package_name}")
+            yield VendorData(
+                purl=purl,
+                aliases=sorted(list(set(advisory.get("identifiers", None)))),
+                affected_versions=sorted(list(set(advisory.get("firstPatchedVersion", None)))),
+                fixed_versions=sorted(list(set(advisory.get("vulnerableVersionRange", None)))),
+            )
 
     @classmethod
     def supported_ecosystem(cls):
@@ -48,19 +81,32 @@ def supported_ecosystem(cls):
             "pypi": "PIP",
             "gem": "RUBYGEMS",
             "golang": "GO",
-            "rust": "RUST",
+            "cargo": "RUST",
             "npm": "NPM",
-            "erlang": "ERLANG",
+            "hex": "ERLANG",
+            "pub": "PUB",
         }
 
 
-def parse_advisory(interesting_edges) -> Iterable[VendorData]:
+def parse_advisory(interesting_edges, purl) -> Iterable[VendorData]:
+    """
+    Parse the GraphQL response and yield VendorData instances.
+
+    Parameters:
+        interesting_edges (list): List of edges containing security advisory.
+        purl (PackageURL): PURL to be included in VendorData.
+
+    Yields:
+        VendorData instance containing purl, aliases, affected_versions and fixed_versions.
+    """
     for edge in interesting_edges:
         node = edge["node"]
-        aliases = [aliase["value"] for aliase in node["advisory"]["identifiers"]]
+        aliases = [aliase["value"] for aliase in get_item(node, "advisory", "identifiers")]
         affected_versions = node["vulnerableVersionRange"].strip().replace(" ", "").split(",")
-        fixed_versions = [node["firstPatchedVersion"]["identifier"]]
+        parsed_fixed_versions = get_item(node, "firstPatchedVersion", "identifier")
+        fixed_versions = [parsed_fixed_versions] if parsed_fixed_versions else []
         yield VendorData(
+            purl=PackageURL(purl.type, purl.namespace, purl.name),
             aliases=sorted(list(set(aliases))),
             affected_versions=sorted(list(set(affected_versions))),
             fixed_versions=sorted(list(set(fixed_versions))),
@@ -75,38 +121,48 @@ def extract_interesting_edge(edges, purl):
     return interesting_edges
 
 
-def generate_graphql_payload(purl, end_cursor):
+def generate_graphql_payload_from_purl(purl, end_cursor=""):
+    """
+    Generate a GraphQL payload for querying security vulnerabilities related to a PURL.
+
+    Parameters:
+        purl (PackageURL): The PURL to search for vulnerabilities.
+        end_cursor (str): An optional end cursor to use for pagination.
+
+    Returns:
+        dict: A dictionary containing the GraphQL query string with ecosystem and package.
+    """
     GRAPHQL_QUERY_TEMPLATE = """
     query{
         securityVulnerabilities(first: 100, ecosystem: %s, package: "%s", %s){
             edges {
-            node {
-                advisory {
-                    identifiers {
-                        type
-                        value
+                node {
+                    advisory {
+                        identifiers {
+                            type
+                            value
+                        }
+                        summary
+                        references {
+                            url
+                        }
+                        severity
+                        publishedAt
                     }
-                    summary
-                    references {
-                        url
+                    firstPatchedVersion{
+                        identifier
                     }
-                    severity
-                    publishedAt
-                }
-                firstPatchedVersion{
-                    identifier
-                }
-                package {
-                    name
+                    package {
+                        name
+                    }
+                    vulnerableVersionRange
                 }
-                vulnerableVersionRange
+            }
+            pageInfo {
+                hasNextPage
+                endCursor
             }
         }
-        pageInfo {
-            hasNextPage
-            endCursor
-        }
-    }
     }
     """
 
@@ -138,3 +194,146 @@ def generate_graphql_payload(purl, end_cursor):
         package_name = f"{purl.namespace}/{purl.name}"
 
     return {"query": GRAPHQL_QUERY_TEMPLATE % (ecosystem, package_name, end_cursor_exp)}
+
+
+def generate_graphql_payload_from_cve(cve: str):
+    """
+    Generate a GraphQL payload for querying security advisories related to a CVE.
+
+    Parameters:
+    - cve (str): CVE identifier string to search for.
+
+    Returns:
+    - dict: Dictionary containing the GraphQL query string with the CVE identifier substituted in.
+    """
+    GRAPHQL_QUERY_TEMPLATE = """
+    query {
+      securityAdvisories(first: 100, identifier: { type: CVE, value: "%s" }) {
+        nodes {
+          vulnerabilities(first: 100) {
+            nodes {
+              package {
+                ecosystem
+                name
+              }
+              advisory {
+                identifiers {
+                  type
+                  value
+                }
+              }
+              firstPatchedVersion {
+                identifier
+              }
+              vulnerableVersionRange
+            }
+          }
+        }
+      }
+    }
+    """
+    return {"query": GRAPHQL_QUERY_TEMPLATE % (cve)}
+
+
+def get_purl_type(github_ecosystem):
+    """
+    Return the corresponding purl type for a given GitHub ecosystem string.
+
+    Parameters:
+        github_ecosystem (str): The GitHub ecosystem string.
+
+    Returns:
+        str or None: The corresponding purl type string, or None if the ecosystem is not supported.
+    """
+    ecosystems = GithubDataSource.supported_ecosystem()
+    for key, val in ecosystems.items():
+        if val == github_ecosystem.upper():
+            return key.lower()
+    return None
+
+
+def group_advisory_by_package(advisories_dict, cve):
+    """
+    Extract security advisory information from a dictionary and groups them by package.
+
+    Parameters:
+        advisories_dict (dict): Dictionary containing security advisory. The dictionary
+            should have the following structure:
+            {
+              "data":{
+                "securityAdvisories":{
+                  "nodes":[
+                    {
+                      "vulnerabilities":{
+                        "nodes":[
+                          {
+                            "package": {
+                                "ecosystem": str,
+                                "name": str
+                            },
+                            "advisory":{
+                              "identifiers":[
+                                { "value": str },
+                                ...
+                              ]
+                            },
+                            "firstPatchedVersion":{
+                              "identifier": str
+                            },
+                            "vulnerableVersionRange": str
+                          },
+                          ...
+                        ]
+                      }
+                    },
+                    ...
+                  ]
+                }
+              }
+            }
+
+        cve (str): Used for filtering out advisory non maching CVEs.
+
+    Returns:
+        list: List of dict containing advisory for package. Each dict
+            in the list represents advisory for a package and has the following keys:
+
+            package (dict): Dict containing ecosystem and package name.
+            identifiers (list of str): List of identifiers CVE and GHSA.
+            firstPatchedVersion (list of str): List of first patched versions.
+            vulnerableVersionRange (list of str): List of vulnerable version ranges.
+    """
+    advisories = advisories_dict["data"]["securityAdvisories"]["nodes"]
+    output = []
+
+    for advisory in advisories:
+        for vulnerability in advisory["vulnerabilities"]["nodes"]:
+            package = vulnerability["package"]
+            advisory_ids = [
+                identifier["value"] for identifier in vulnerability["advisory"]["identifiers"]
+            ]
+
+            # Skip advisory if required CVE is not present in advisory.
+            # GraphQL query for `CVE-2022-2922` may also include advisory for `CVE-2022-29221`
+            # `CVE-2022-29222` and `CVE-2022-29229`
+            if cve not in advisory_ids:
+                continue
+            first_patched_version = vulnerability["firstPatchedVersion"]["identifier"]
+            vulnerable_version_range = vulnerability["vulnerableVersionRange"]
+
+            # Check if a vulnerability for the same package is already in the output list
+            existing_vulnerability = next((v for v in output if v["package"] == package), None)
+            if existing_vulnerability:
+                existing_vulnerability["identifiers"] += advisory_ids
+                existing_vulnerability["firstPatchedVersion"].append(first_patched_version)
+                existing_vulnerability["vulnerableVersionRange"].append(vulnerable_version_range)
+            else:
+                output.append(
+                    {
+                        "package": package,
+                        "identifiers": advisory_ids,
+                        "firstPatchedVersion": [first_patched_version],
+                        "vulnerableVersionRange": [vulnerable_version_range],
+                    }
+                )
+    return output
diff --git a/vulntotal/datasources/gitlab.py b/vulntotal/datasources/gitlab.py
index 5818156de..55aaa5b99 100644
--- a/vulntotal/datasources/gitlab.py
+++ b/vulntotal/datasources/gitlab.py
@@ -17,6 +17,7 @@
 import requests
 import saneyaml
 from fetchcode import fetch
+from packageurl import PackageURL
 
 from vulntotal.validator import DataSource
 from vulntotal.validator import VendorData
@@ -39,7 +40,7 @@ def datasource_advisory(self, purl) -> Iterable[VendorData]:
             location = download_subtree(casesensitive_package_slug)
         if location:
             interesting_advisories = parse_interesting_advisories(
-                location, purl.version, delete_download=True
+                location, purl, delete_download=True
             )
             return interesting_advisories
         clear_download(location)
@@ -151,7 +152,8 @@ def get_casesensitive_slug(path, package_slug):
         hasnext = paginated_tree["pageInfo"]["hasNextPage"]
 
 
-def parse_interesting_advisories(location, version, delete_download=False) -> Iterable[VendorData]:
+def parse_interesting_advisories(location, purl, delete_download=False) -> Iterable[VendorData]:
+    version = purl.version
     path = Path(location)
     glob = "**/*.yml"
     files = (p for p in path.glob(glob) if p.is_file())
@@ -161,6 +163,7 @@ def parse_interesting_advisories(location, version, delete_download=False) -> It
         affected_range = gitlab_advisory["affected_range"]
         if gitlab_constraints_satisfied(affected_range, version):
             yield VendorData(
+                purl=PackageURL(purl.type, purl.namespace, purl.name),
                 aliases=gitlab_advisory["identifiers"],
                 affected_versions=[affected_range],
                 fixed_versions=gitlab_advisory["fixed_versions"],
diff --git a/vulntotal/datasources/oss_index.py b/vulntotal/datasources/oss_index.py
index 3ff6e3057..d00454304 100644
--- a/vulntotal/datasources/oss_index.py
+++ b/vulntotal/datasources/oss_index.py
@@ -12,6 +12,7 @@
 from typing import Iterable
 
 import requests
+from packageurl import PackageURL
 
 from vulntotal.validator import DataSource
 from vulntotal.validator import VendorData
@@ -57,7 +58,7 @@ def datasource_advisory(self, purl) -> Iterable[VendorData]:
         response = self.fetch_json_response([str(purl)])
         if response:
             self._raw_dump.append(response)
-            return parse_advisory(response)
+            return parse_advisory(response, purl)
 
     @classmethod
     def supported_ecosystem(cls):
@@ -79,7 +80,7 @@ def supported_ecosystem(cls):
         }
 
 
-def parse_advisory(component) -> Iterable[VendorData]:
+def parse_advisory(component, purl) -> Iterable[VendorData]:
     response = component[0]
     vulnerabilities = response.get("vulnerabilities") or []
     for vuln in vulnerabilities:
@@ -89,6 +90,7 @@ def parse_advisory(component) -> Iterable[VendorData]:
         version_ranges = vuln.get("versionRanges") or []
         affected_versions.extend(version_ranges)
         yield VendorData(
+            purl=PackageURL(purl.type, purl.namespace, purl.name),
             aliases=aliases,
             affected_versions=affected_versions,
             fixed_versions=fixed_versions,
diff --git a/vulntotal/datasources/osv.py b/vulntotal/datasources/osv.py
index 3f388cdcc..e7360cc24 100644
--- a/vulntotal/datasources/osv.py
+++ b/vulntotal/datasources/osv.py
@@ -11,6 +11,7 @@
 from typing import Iterable
 
 import requests
+from packageurl import PackageURL
 
 from vulntotal.ecosystem.nuget import search_closest_nuget_package_name
 from vulntotal.validator import DataSource
@@ -40,7 +41,7 @@ def datasource_advisory(self, purl) -> Iterable[VendorData]:
             return
         advisory = self.fetch_advisory(payload)
         self._raw_dump.append(advisory)
-        return parse_advisory(advisory)
+        return parse_advisory(advisory, purl)
 
     @classmethod
     def supported_ecosystem(cls):
@@ -51,18 +52,18 @@ def supported_ecosystem(cls):
             "golang": "Go",
             "nuget": "NuGet",
             "pypi": "PyPI",
-            "rubygems": "RubyGems",
-            "crates.io": "crates.io",
+            "gem": "RubyGems",
+            "cargo": "crates.io",
             "composer": "Packagist",
             "linux": "Linux",
             "oss-fuzz": "OSS-Fuzz",
-            "debian": "Debian",
+            "deb": "Debian",
             "hex": "Hex",
             "android": "Android",
         }
 
 
-def parse_advisory(response) -> Iterable[VendorData]:
+def parse_advisory(response, purl) -> Iterable[VendorData]:
     """
     Parse response from OSV API and yield VendorData
     """
@@ -91,6 +92,7 @@ def parse_advisory(response) -> Iterable[VendorData]:
             pass
 
         yield VendorData(
+            purl=PackageURL(purl.type, purl.namespace, purl.name),
             aliases=sorted(list(set(aliases))),
             affected_versions=sorted(list(set(affected_versions))),
             fixed_versions=sorted(list(set(fixed))),
diff --git a/vulntotal/datasources/snyk.py b/vulntotal/datasources/snyk.py
index 145be8560..4b1a173f8 100644
--- a/vulntotal/datasources/snyk.py
+++ b/vulntotal/datasources/snyk.py
@@ -13,6 +13,7 @@
 
 import requests
 from bs4 import BeautifulSoup
+from packageurl import PackageURL
 
 from vulntotal.validator import DataSource
 from vulntotal.validator import VendorData
@@ -46,7 +47,7 @@ def datasource_advisory(self, purl) -> Iterable[VendorData]:
                     advisory_html = self.fetch(advisory_payload)
                     self._raw_dump.append(advisory_html)
                     if advisory_html:
-                        yield parse_html_advisory(advisory_html, snyk_id, affected)
+                        yield parse_html_advisory(advisory_html, snyk_id, affected, purl)
 
     @classmethod
     def supported_ecosystem(cls):
@@ -60,7 +61,7 @@ def supported_ecosystem(cls):
             "npm": "npm",
             "nuget": "nuget",
             "pypi": "pip",
-            "rubygems": "rubygems",
+            "gem": "rubygems",
             # any purl.type not in supported_ecosystem shall implicitly be treated as unmanaged type
             "unmanaged": "unmanaged",
         }
@@ -124,7 +125,7 @@ def extract_html_json_advisories(package_advisories):
     return vulnerablity
 
 
-def parse_html_advisory(advisory_html, snyk_id, affected) -> VendorData:
+def parse_html_advisory(advisory_html, snyk_id, affected, purl) -> VendorData:
     aliases = []
     fixed_versions = []
 
@@ -145,6 +146,7 @@ def parse_html_advisory(advisory_html, snyk_id, affected) -> VendorData:
             fixed_versions = "".join(fixed[lower + 1 : upper]).split(",")
     aliases.append(snyk_id)
     return VendorData(
+        purl=PackageURL(purl.type, purl.namespace, purl.name),
         aliases=aliases,
         affected_versions=affected,
         fixed_versions=fixed_versions,
diff --git a/vulntotal/datasources/vulnerablecode.py b/vulntotal/datasources/vulnerablecode.py
index db3e51c01..7fa4c2709 100644
--- a/vulntotal/datasources/vulnerablecode.py
+++ b/vulntotal/datasources/vulnerablecode.py
@@ -53,7 +53,7 @@ def datasource_advisory(self, purl) -> Iterable[VendorData]:
             for advisory in metadata_advisories[0]["affected_by_vulnerabilities"]:
                 fetched_advisory = self.fetch_get_json(advisory["url"])
                 self._raw_dump.append(fetched_advisory)
-                yield parse_advisory(fetched_advisory)
+                yield parse_advisory(fetched_advisory, purl)
 
     @classmethod
     def supported_ecosystem(cls):
@@ -74,16 +74,23 @@ def supported_ecosystem(cls):
         }
 
 
-def parse_advisory(fetched_advisory) -> VendorData:
+def parse_advisory(fetched_advisory, purl) -> VendorData:
     aliases = [aliase["alias"] for aliase in fetched_advisory["aliases"]]
     affected_versions = []
     fixed_versions = []
     for instance in fetched_advisory["affected_packages"]:
-        affected_versions.append(PackageURL.from_string(instance["purl"]).version)
+        affected_purl = PackageURL.from_string(instance["purl"])
+        if affected_purl.type == purl.type:
+            affected_versions.append(affected_purl.version)
     for instance in fetched_advisory["fixed_packages"]:
-        fixed_versions.append(PackageURL.from_string(instance["purl"]).version)
+        fixed_purl = PackageURL.from_string(instance["purl"])
+        if fixed_purl.type == purl.type:
+            fixed_versions.append(fixed_purl.version)
     return VendorData(
-        aliases=aliases, affected_versions=affected_versions, fixed_versions=fixed_versions
+        purl=PackageURL(purl.type, purl.namespace, purl.name),
+        aliases=aliases,
+        affected_versions=affected_versions,
+        fixed_versions=fixed_versions,
     )
 
 
diff --git a/vulntotal/tests/test_data/deps/parse_advisory-expected.json b/vulntotal/tests/test_data/deps/parse_advisory-expected.json
index 4494c2c2d..0a57fead1 100644
--- a/vulntotal/tests/test_data/deps/parse_advisory-expected.json
+++ b/vulntotal/tests/test_data/deps/parse_advisory-expected.json
@@ -1,5 +1,6 @@
 [
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [
       "2.0",
       "2.0rc1",
diff --git a/vulntotal/tests/test_data/github/graphql_cve-2022-2922_response.json b/vulntotal/tests/test_data/github/graphql_cve-2022-2922_response.json
new file mode 100644
index 000000000..2d88f0187
--- /dev/null
+++ b/vulntotal/tests/test_data/github/graphql_cve-2022-2922_response.json
@@ -0,0 +1,186 @@
+{
+  "data":{
+    "securityAdvisories":{
+      "nodes":[
+        {
+          "vulnerabilities":{
+            "nodes":[
+              {
+                "package":{
+                  "ecosystem":"GO",
+                  "name":"github.com/pion/dtls/v2"
+                },
+                "advisory":{
+                  "identifiers":[
+                    {
+                      "type":"GHSA",
+                      "value":"GHSA-w45j-f832-hxvh"
+                    },
+                    {
+                      "type":"CVE",
+                      "value":"CVE-2022-29222"
+                    }
+                  ]
+                },
+                "firstPatchedVersion":{
+                  "identifier":"2.1.5"
+                },
+                "vulnerableVersionRange":"< 2.1.5"
+              },
+              {
+                "package":{
+                  "ecosystem":"GO",
+                  "name":"github.com/pion/dtls"
+                },
+                "advisory":{
+                  "identifiers":[
+                    {
+                      "type":"GHSA",
+                      "value":"GHSA-w45j-f832-hxvh"
+                    },
+                    {
+                      "type":"CVE",
+                      "value":"CVE-2022-29222"
+                    }
+                  ]
+                },
+                "firstPatchedVersion":{
+                  "identifier":"2.1.5"
+                },
+                "vulnerableVersionRange":"< 2.1.5"
+              }
+            ]
+          }
+        },
+        {
+          "vulnerabilities":{
+            "nodes":[
+              {
+                "package":{
+                  "ecosystem":"NUGET",
+                  "name":"DotNetNuke.Web"
+                },
+                "advisory":{
+                  "identifiers":[
+                    {
+                      "type":"GHSA",
+                      "value":"GHSA-9w72-2f23-57gm"
+                    },
+                    {
+                      "type":"CVE",
+                      "value":"CVE-2022-2922"
+                    }
+                  ]
+                },
+                "firstPatchedVersion":{
+                  "identifier":"9.11.0"
+                },
+                "vulnerableVersionRange":"< 9.11.0"
+              },
+              {
+                "package":{
+                  "ecosystem":"NUGET",
+                  "name":"DotNetNuke.Core"
+                },
+                "advisory":{
+                  "identifiers":[
+                    {
+                      "type":"GHSA",
+                      "value":"GHSA-9w72-2f23-57gm"
+                    },
+                    {
+                      "type":"CVE",
+                      "value":"CVE-2022-2922"
+                    }
+                  ]
+                },
+                "firstPatchedVersion":{
+                  "identifier":"9.11.0"
+                },
+                "vulnerableVersionRange":"< 9.11.0"
+              }
+            ]
+          }
+        },
+        {
+          "vulnerabilities":{
+            "nodes":[
+              {
+                "package":{
+                  "ecosystem":"NPM",
+                  "name":"cassproject"
+                },
+                "advisory":{
+                  "identifiers":[
+                    {
+                      "type":"GHSA",
+                      "value":"GHSA-7qcx-4p32-qcmx"
+                    },
+                    {
+                      "type":"CVE",
+                      "value":"CVE-2022-29229"
+                    }
+                  ]
+                },
+                "firstPatchedVersion":{
+                  "identifier":"1.5.8"
+                },
+                "vulnerableVersionRange":"< 1.5.8"
+              }
+            ]
+          }
+        },
+        {
+          "vulnerabilities":{
+            "nodes":[
+              {
+                "package":{
+                  "ecosystem":"COMPOSER",
+                  "name":"smarty/smarty"
+                },
+                "advisory":{
+                  "identifiers":[
+                    {
+                      "type":"GHSA",
+                      "value":"GHSA-634x-pc3q-cf4c"
+                    },
+                    {
+                      "type":"CVE",
+                      "value":"CVE-2022-29221"
+                    }
+                  ]
+                },
+                "firstPatchedVersion":{
+                  "identifier":"4.1.1"
+                },
+                "vulnerableVersionRange":">= 4.0.0, < 4.1.1"
+              },
+              {
+                "package":{
+                  "ecosystem":"COMPOSER",
+                  "name":"smarty/smarty"
+                },
+                "advisory":{
+                  "identifiers":[
+                    {
+                      "type":"GHSA",
+                      "value":"GHSA-634x-pc3q-cf4c"
+                    },
+                    {
+                      "type":"CVE",
+                      "value":"CVE-2022-29221"
+                    }
+                  ]
+                },
+                "firstPatchedVersion":{
+                  "identifier":"3.1.45"
+                },
+                "vulnerableVersionRange":"< 3.1.45"
+              }
+            ]
+          }
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/vulntotal/tests/test_data/github/graphql_payload-expected.json b/vulntotal/tests/test_data/github/graphql_payload-expected.json
index 6203de0d9..a1a437cf0 100644
--- a/vulntotal/tests/test_data/github/graphql_payload-expected.json
+++ b/vulntotal/tests/test_data/github/graphql_payload-expected.json
@@ -1,29 +1,29 @@
 [
   {
-    "query": "\n    query{\n        securityVulnerabilities(first: 100, ecosystem: PIP, package: \"jinja2\", ){\n            edges {\n            node {\n                advisory {\n                    identifiers {\n                        type\n                        value\n                    }\n                    summary\n                    references {\n                        url\n                    }\n                    severity\n                    publishedAt\n                }\n                firstPatchedVersion{\n                    identifier\n                }\n                package {\n                    name\n                }\n                vulnerableVersionRange\n            }\n        }\n        pageInfo {\n            hasNextPage\n            endCursor\n        }\n    }\n    }\n    "
+    "query": "\n    query{\n        securityVulnerabilities(first: 100, ecosystem: PIP, package: \"jinja2\", ){\n            edges {\n                node {\n                    advisory {\n                        identifiers {\n                            type\n                            value\n                        }\n                        summary\n                        references {\n                            url\n                        }\n                        severity\n                        publishedAt\n                    }\n                    firstPatchedVersion{\n                        identifier\n                    }\n                    package {\n                        name\n                    }\n                    vulnerableVersionRange\n                }\n            }\n            pageInfo {\n                hasNextPage\n                endCursor\n            }\n        }\n    }\n    "
   },
   {
-    "query": "\n    query{\n        securityVulnerabilities(first: 100, ecosystem: MAVEN, package: \"org.apache.tomcat:tomcat\", ){\n            edges {\n            node {\n                advisory {\n                    identifiers {\n                        type\n                        value\n                    }\n                    summary\n                    references {\n                        url\n                    }\n                    severity\n                    publishedAt\n                }\n                firstPatchedVersion{\n                    identifier\n                }\n                package {\n                    name\n                }\n                vulnerableVersionRange\n            }\n        }\n        pageInfo {\n            hasNextPage\n            endCursor\n        }\n    }\n    }\n    "
+    "query": "\n    query{\n        securityVulnerabilities(first: 100, ecosystem: MAVEN, package: \"org.apache.tomcat:tomcat\", ){\n            edges {\n                node {\n                    advisory {\n                        identifiers {\n                            type\n                            value\n                        }\n                        summary\n                        references {\n                            url\n                        }\n                        severity\n                        publishedAt\n                    }\n                    firstPatchedVersion{\n                        identifier\n                    }\n                    package {\n                        name\n                    }\n                    vulnerableVersionRange\n                }\n            }\n            pageInfo {\n                hasNextPage\n                endCursor\n            }\n        }\n    }\n    "
   },
   {
-    "query": "\n    query{\n        securityVulnerabilities(first: 100, ecosystem: NUGET, package: \"moment.js\", ){\n            edges {\n            node {\n                advisory {\n                    identifiers {\n                        type\n                        value\n                    }\n                    summary\n                    references {\n                        url\n                    }\n                    severity\n                    publishedAt\n                }\n                firstPatchedVersion{\n                    identifier\n                }\n                package {\n                    name\n                }\n                vulnerableVersionRange\n            }\n        }\n        pageInfo {\n            hasNextPage\n            endCursor\n        }\n    }\n    }\n    "
+    "query": "\n    query{\n        securityVulnerabilities(first: 100, ecosystem: NUGET, package: \"moment.js\", ){\n            edges {\n                node {\n                    advisory {\n                        identifiers {\n                            type\n                            value\n                        }\n                        summary\n                        references {\n                            url\n                        }\n                        severity\n                        publishedAt\n                    }\n                    firstPatchedVersion{\n                        identifier\n                    }\n                    package {\n                        name\n                    }\n                    vulnerableVersionRange\n                }\n            }\n            pageInfo {\n                hasNextPage\n                endCursor\n            }\n        }\n    }\n    "
   },
   {
-    "query": "\n    query{\n        securityVulnerabilities(first: 100, ecosystem: NPM, package: \"semver-regex\", ){\n            edges {\n            node {\n                advisory {\n                    identifiers {\n                        type\n                        value\n                    }\n                    summary\n                    references {\n                        url\n                    }\n                    severity\n                    publishedAt\n                }\n                firstPatchedVersion{\n                    identifier\n                }\n                package {\n                    name\n                }\n                vulnerableVersionRange\n            }\n        }\n        pageInfo {\n            hasNextPage\n            endCursor\n        }\n    }\n    }\n    "
+    "query": "\n    query{\n        securityVulnerabilities(first: 100, ecosystem: NPM, package: \"semver-regex\", ){\n            edges {\n                node {\n                    advisory {\n                        identifiers {\n                            type\n                            value\n                        }\n                        summary\n                        references {\n                            url\n                        }\n                        severity\n                        publishedAt\n                    }\n                    firstPatchedVersion{\n                        identifier\n                    }\n                    package {\n                        name\n                    }\n                    vulnerableVersionRange\n                }\n            }\n            pageInfo {\n                hasNextPage\n                endCursor\n            }\n        }\n    }\n    "
   },
   {
-    "query": "\n    query{\n        securityVulnerabilities(first: 100, ecosystem: GO, package: \"github.com/cloudflare/cfrpki\", ){\n            edges {\n            node {\n                advisory {\n                    identifiers {\n                        type\n                        value\n                    }\n                    summary\n                    references {\n                        url\n                    }\n                    severity\n                    publishedAt\n                }\n                firstPatchedVersion{\n                    identifier\n                }\n                package {\n                    name\n                }\n                vulnerableVersionRange\n            }\n        }\n        pageInfo {\n            hasNextPage\n            endCursor\n        }\n    }\n    }\n    "
+    "query": "\n    query{\n        securityVulnerabilities(first: 100, ecosystem: GO, package: \"github.com/cloudflare/cfrpki\", ){\n            edges {\n                node {\n                    advisory {\n                        identifiers {\n                            type\n                            value\n                        }\n                        summary\n                        references {\n                            url\n                        }\n                        severity\n                        publishedAt\n                    }\n                    firstPatchedVersion{\n                        identifier\n                    }\n                    package {\n                        name\n                    }\n                    vulnerableVersionRange\n                }\n            }\n            pageInfo {\n                hasNextPage\n                endCursor\n            }\n        }\n    }\n    "
   },
   {
-    "query": "\n    query{\n        securityVulnerabilities(first: 100, ecosystem: COMPOSER, package: \"symfony/symfony\", ){\n            edges {\n            node {\n                advisory {\n                    identifiers {\n                        type\n                        value\n                    }\n                    summary\n                    references {\n                        url\n                    }\n                    severity\n                    publishedAt\n                }\n                firstPatchedVersion{\n                    identifier\n                }\n                package {\n                    name\n                }\n                vulnerableVersionRange\n            }\n        }\n        pageInfo {\n            hasNextPage\n            endCursor\n        }\n    }\n    }\n    "
+    "query": "\n    query{\n        securityVulnerabilities(first: 100, ecosystem: COMPOSER, package: \"symfony/symfony\", ){\n            edges {\n                node {\n                    advisory {\n                        identifiers {\n                            type\n                            value\n                        }\n                        summary\n                        references {\n                            url\n                        }\n                        severity\n                        publishedAt\n                    }\n                    firstPatchedVersion{\n                        identifier\n                    }\n                    package {\n                        name\n                    }\n                    vulnerableVersionRange\n                }\n            }\n            pageInfo {\n                hasNextPage\n                endCursor\n            }\n        }\n    }\n    "
   },
   {
-    "query": "\n    query{\n        securityVulnerabilities(first: 100, ecosystem: RUST, package: \"slice-deque\", ){\n            edges {\n            node {\n                advisory {\n                    identifiers {\n                        type\n                        value\n                    }\n                    summary\n                    references {\n                        url\n                    }\n                    severity\n                    publishedAt\n                }\n                firstPatchedVersion{\n                    identifier\n                }\n                package {\n                    name\n                }\n                vulnerableVersionRange\n            }\n        }\n        pageInfo {\n            hasNextPage\n            endCursor\n        }\n    }\n    }\n    "
+    "query": "\n    query{\n        securityVulnerabilities(first: 100, ecosystem: RUST, package: \"slice-deque\", ){\n            edges {\n                node {\n                    advisory {\n                        identifiers {\n                            type\n                            value\n                        }\n                        summary\n                        references {\n                            url\n                        }\n                        severity\n                        publishedAt\n                    }\n                    firstPatchedVersion{\n                        identifier\n                    }\n                    package {\n                        name\n                    }\n                    vulnerableVersionRange\n                }\n            }\n            pageInfo {\n                hasNextPage\n                endCursor\n            }\n        }\n    }\n    "
   },
   {
-    "query": "\n    query{\n        securityVulnerabilities(first: 100, ecosystem: ERLANG, package: \"alchemist.vim\", ){\n            edges {\n            node {\n                advisory {\n                    identifiers {\n                        type\n                        value\n                    }\n                    summary\n                    references {\n                        url\n                    }\n                    severity\n                    publishedAt\n                }\n                firstPatchedVersion{\n                    identifier\n                }\n                package {\n                    name\n                }\n                vulnerableVersionRange\n            }\n        }\n        pageInfo {\n            hasNextPage\n            endCursor\n        }\n    }\n    }\n    "
+    "query": "\n    query{\n        securityVulnerabilities(first: 100, ecosystem: ERLANG, package: \"alchemist.vim\", ){\n            edges {\n                node {\n                    advisory {\n                        identifiers {\n                            type\n                            value\n                        }\n                        summary\n                        references {\n                            url\n                        }\n                        severity\n                        publishedAt\n                    }\n                    firstPatchedVersion{\n                        identifier\n                    }\n                    package {\n                        name\n                    }\n                    vulnerableVersionRange\n                }\n            }\n            pageInfo {\n                hasNextPage\n                endCursor\n            }\n        }\n    }\n    "
   },
   {
-    "query": "\n    query{\n        securityVulnerabilities(first: 100, ecosystem: RUBYGEMS, package: \"ftpd\", ){\n            edges {\n            node {\n                advisory {\n                    identifiers {\n                        type\n                        value\n                    }\n                    summary\n                    references {\n                        url\n                    }\n                    severity\n                    publishedAt\n                }\n                firstPatchedVersion{\n                    identifier\n                }\n                package {\n                    name\n                }\n                vulnerableVersionRange\n            }\n        }\n        pageInfo {\n            hasNextPage\n            endCursor\n        }\n    }\n    }\n    "
+    "query": "\n    query{\n        securityVulnerabilities(first: 100, ecosystem: RUBYGEMS, package: \"ftpd\", ){\n            edges {\n                node {\n                    advisory {\n                        identifiers {\n                            type\n                            value\n                        }\n                        summary\n                        references {\n                            url\n                        }\n                        severity\n                        publishedAt\n                    }\n                    firstPatchedVersion{\n                        identifier\n                    }\n                    package {\n                        name\n                    }\n                    vulnerableVersionRange\n                }\n            }\n            pageInfo {\n                hasNextPage\n                endCursor\n            }\n        }\n    }\n    "
   }
 ]
\ No newline at end of file
diff --git a/vulntotal/tests/test_data/github/graphql_pyaload_cve-expected.json b/vulntotal/tests/test_data/github/graphql_pyaload_cve-expected.json
new file mode 100644
index 000000000..b7af802f4
--- /dev/null
+++ b/vulntotal/tests/test_data/github/graphql_pyaload_cve-expected.json
@@ -0,0 +1,3 @@
+{
+  "query": "\n    query {\n      securityAdvisories(first: 100, identifier: { type: CVE, value: \"CVE-2022-2922\" }) {\n        nodes {\n          vulnerabilities(first: 100) {\n            nodes {\n              package {\n                ecosystem\n                name\n              }\n              advisory {\n                identifiers {\n                  type\n                  value\n                }\n              }\n              firstPatchedVersion {\n                identifier\n              }\n              vulnerableVersionRange\n            }\n          }\n        }\n      }\n    }\n    "
+}
\ No newline at end of file
diff --git a/vulntotal/tests/test_data/github/group_advisory_by_package-expected.json b/vulntotal/tests/test_data/github/group_advisory_by_package-expected.json
new file mode 100644
index 000000000..3729b5895
--- /dev/null
+++ b/vulntotal/tests/test_data/github/group_advisory_by_package-expected.json
@@ -0,0 +1,34 @@
+[
+  {
+    "package": {
+      "ecosystem": "NUGET",
+      "name": "DotNetNuke.Web"
+    },
+    "identifiers": [
+      "GHSA-9w72-2f23-57gm",
+      "CVE-2022-2922"
+    ],
+    "firstPatchedVersion": [
+      "9.11.0"
+    ],
+    "vulnerableVersionRange": [
+      "< 9.11.0"
+    ]
+  },
+  {
+    "package": {
+      "ecosystem": "NUGET",
+      "name": "DotNetNuke.Core"
+    },
+    "identifiers": [
+      "GHSA-9w72-2f23-57gm",
+      "CVE-2022-2922"
+    ],
+    "firstPatchedVersion": [
+      "9.11.0"
+    ],
+    "vulnerableVersionRange": [
+      "< 9.11.0"
+    ]
+  }
+]
\ No newline at end of file
diff --git a/vulntotal/tests/test_data/github/parse_advisory-expected.json b/vulntotal/tests/test_data/github/parse_advisory-expected.json
index c335c280b..60979f260 100644
--- a/vulntotal/tests/test_data/github/parse_advisory-expected.json
+++ b/vulntotal/tests/test_data/github/parse_advisory-expected.json
@@ -1,5 +1,6 @@
 [
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [
       "<2.7.2"
     ],
@@ -12,6 +13,7 @@
     ]
   },
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [
       "<2.11.3"
     ],
@@ -24,6 +26,7 @@
     ]
   },
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [
       "<2.8.1"
     ],
@@ -36,6 +39,7 @@
     ]
   },
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [
       "<2.10.1"
     ],
diff --git a/vulntotal/tests/test_data/gitlab/parsed_advisory-expected.json b/vulntotal/tests/test_data/gitlab/parsed_advisory-expected.json
index e3598ecea..1a4e4a024 100644
--- a/vulntotal/tests/test_data/gitlab/parsed_advisory-expected.json
+++ b/vulntotal/tests/test_data/gitlab/parsed_advisory-expected.json
@@ -1,5 +1,6 @@
 [
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [
       "<=2.7.1"
     ],
@@ -11,6 +12,7 @@
     ]
   },
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [
       "<2.8.1"
     ],
@@ -23,6 +25,7 @@
     ]
   },
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [
       "<2.10.1"
     ],
@@ -34,6 +37,7 @@
     ]
   },
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [
       "<2.11.3"
     ],
diff --git a/vulntotal/tests/test_data/oss_index/parse_advisory-expected.json b/vulntotal/tests/test_data/oss_index/parse_advisory-expected.json
index fa2708551..096d498f0 100644
--- a/vulntotal/tests/test_data/oss_index/parse_advisory-expected.json
+++ b/vulntotal/tests/test_data/oss_index/parse_advisory-expected.json
@@ -1,5 +1,6 @@
 [
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [],
     "fixed_versions": [],
     "aliases": [
@@ -7,6 +8,7 @@
     ]
   },
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [],
     "fixed_versions": [],
     "aliases": [
@@ -14,6 +16,7 @@
     ]
   },
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [],
     "fixed_versions": [],
     "aliases": [
@@ -21,6 +24,7 @@
     ]
   },
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [],
     "fixed_versions": [],
     "aliases": [
@@ -28,6 +32,7 @@
     ]
   },
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [],
     "fixed_versions": [],
     "aliases": [
@@ -35,6 +40,7 @@
     ]
   },
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [],
     "fixed_versions": [],
     "aliases": [
@@ -42,6 +48,7 @@
     ]
   },
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [],
     "fixed_versions": [],
     "aliases": [
@@ -49,6 +56,7 @@
     ]
   },
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [],
     "fixed_versions": [],
     "aliases": [
@@ -56,6 +64,7 @@
     ]
   },
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [],
     "fixed_versions": [],
     "aliases": [
diff --git a/vulntotal/tests/test_data/osv/parse_advisory_data-expected.json b/vulntotal/tests/test_data/osv/parse_advisory_data-expected.json
index c7bfc490c..d25ec7179 100644
--- a/vulntotal/tests/test_data/osv/parse_advisory_data-expected.json
+++ b/vulntotal/tests/test_data/osv/parse_advisory_data-expected.json
@@ -1,5 +1,6 @@
 [
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [
       "0",
       "2.0",
@@ -31,6 +32,7 @@
     ]
   },
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [
       "0",
       "2.0",
@@ -63,6 +65,7 @@
     ]
   },
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [
       "0",
       "2.0",
@@ -107,6 +110,7 @@
     ]
   },
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [
       "0",
       "2.0",
@@ -142,6 +146,7 @@
     ]
   },
   {
+    "purl": "pkg:generic/namespace/test",
     "affected_versions": [
       "0",
       "2.0",
diff --git a/vulntotal/tests/test_data/snyk/html/0.html-expected.json b/vulntotal/tests/test_data/snyk/html/0.html-expected.json
index d97c5390c..bc858e01b 100644
--- a/vulntotal/tests/test_data/snyk/html/0.html-expected.json
+++ b/vulntotal/tests/test_data/snyk/html/0.html-expected.json
@@ -1,4 +1,5 @@
 {
+  "purl": "pkg:generic/namespace/test",
   "affected_versions": [
     "TEST-AFFECTED"
   ],
diff --git a/vulntotal/tests/test_data/snyk/html/1.html-expected.json b/vulntotal/tests/test_data/snyk/html/1.html-expected.json
index c231f1c2a..7ef633f3b 100644
--- a/vulntotal/tests/test_data/snyk/html/1.html-expected.json
+++ b/vulntotal/tests/test_data/snyk/html/1.html-expected.json
@@ -1,4 +1,5 @@
 {
+  "purl": "pkg:generic/namespace/test",
   "affected_versions": [
     "TEST-AFFECTED"
   ],
diff --git a/vulntotal/tests/test_data/snyk/html/2.html-expected.json b/vulntotal/tests/test_data/snyk/html/2.html-expected.json
index 8e1d42876..ffff11b74 100644
--- a/vulntotal/tests/test_data/snyk/html/2.html-expected.json
+++ b/vulntotal/tests/test_data/snyk/html/2.html-expected.json
@@ -1,4 +1,5 @@
 {
+  "purl": "pkg:generic/namespace/test",
   "affected_versions": [
     "TEST-AFFECTED"
   ],
diff --git a/vulntotal/tests/test_data/snyk/html/3.html-expected.json b/vulntotal/tests/test_data/snyk/html/3.html-expected.json
index 8740cbfc4..ed1142993 100644
--- a/vulntotal/tests/test_data/snyk/html/3.html-expected.json
+++ b/vulntotal/tests/test_data/snyk/html/3.html-expected.json
@@ -1,4 +1,5 @@
 {
+  "purl": "pkg:generic/namespace/test",
   "affected_versions": [
     "TEST-AFFECTED"
   ],
diff --git a/vulntotal/tests/test_data/vulnerablecode/parse_advisory-expected.json b/vulntotal/tests/test_data/vulnerablecode/parse_advisory-expected.json
index 4c04506df..76407e6f2 100644
--- a/vulntotal/tests/test_data/vulnerablecode/parse_advisory-expected.json
+++ b/vulntotal/tests/test_data/vulnerablecode/parse_advisory-expected.json
@@ -1,5 +1,6 @@
 [
   {
+    "purl": "pkg:maven/org.apache.tomcat/tomcat",
     "affected_versions": [
       "8.5.50",
       "9.0.30",
@@ -109,6 +110,7 @@
     ]
   },
   {
+    "purl": "pkg:maven/org.apache.tomcat/tomcat",
     "affected_versions": [
       "7.0.0",
       "7.0.81",
diff --git a/vulntotal/tests/test_deps.py b/vulntotal/tests/test_deps.py
index d676aefb3..b39258f99 100644
--- a/vulntotal/tests/test_deps.py
+++ b/vulntotal/tests/test_deps.py
@@ -55,6 +55,9 @@ def test_parse_advisory(self):
         advisory_file = self.get_test_loc("advisory.json")
         with open(advisory_file) as f:
             advisory = json.load(f)
-        results = [adv.to_dict() for adv in deps.parse_advisory(advisory)]
+        results = [
+            adv.to_dict()
+            for adv in deps.parse_advisory(advisory, PackageURL("generic", "namespace", "test"))
+        ]
         expected_file = self.get_test_loc("parse_advisory-expected.json", must_exist=False)
         util_tests.check_results_against_json(results, expected_file)
diff --git a/vulntotal/tests/test_github.py b/vulntotal/tests/test_github.py
index 5c48a6457..005b6cb47 100644
--- a/vulntotal/tests/test_github.py
+++ b/vulntotal/tests/test_github.py
@@ -20,7 +20,7 @@
 class TestGithub(testcase.FileBasedTesting):
     test_data_dir = str(Path(__file__).resolve().parent / "test_data" / "github")
 
-    def test_generate_graphql_payload(self):
+    def test_generate_graphql_payload_from_purl(self):
         purls = [
             "pkg:pypi/jinja2@2.4.1",
             "pkg:maven/org.apache.tomcat/tomcat@10.1.0-M8",
@@ -28,12 +28,13 @@ def test_generate_graphql_payload(self):
             "pkg:npm/semver-regex@3.1.3",
             "pkg:golang/github.com/cloudflare/cfrpki@0.1.0",
             "pkg:composer/symfony/symfony@2.7.1",
-            "pkg:rust/slice-deque@0.1.0",
-            "pkg:erlang/alchemist.vim@1.3.0",
+            "pkg:cargo/slice-deque@0.1.0",
+            "pkg:hex/alchemist.vim@1.3.0",
             "pkg:gem/ftpd@0.0.1",
         ]
         results = [
-            github.generate_graphql_payload(PackageURL.from_string(purl), "") for purl in purls
+            github.generate_graphql_payload_from_purl(PackageURL.from_string(purl), "")
+            for purl in purls
         ]
         expected_file = self.get_test_loc("graphql_payload-expected.json", must_exist=False)
         util_tests.check_results_against_json(results, expected_file)
@@ -54,6 +55,24 @@ def test_parse_advisory(self):
         advisory_file = self.get_test_loc("interesting_edge.json")
         with open(advisory_file) as f:
             advisory = json.load(f)
-        results = [adv.to_dict() for adv in github.parse_advisory(advisory)]
+        results = [
+            adv.to_dict()
+            for adv in github.parse_advisory(advisory, PackageURL("generic", "namespace", "test"))
+        ]
         expected_file = self.get_test_loc("parse_advisory-expected.json", must_exist=False)
         util_tests.check_results_against_json(results, expected_file)
+
+    def test_generate_graphql_payload_from_cve(self):
+        results = github.generate_graphql_payload_from_cve("CVE-2022-2922")
+        expected_file = self.get_test_loc("graphql_pyaload_cve-expected.json", must_exist=False)
+        util_tests.check_results_against_json(results, expected_file)
+
+    def test_group_advisory_by_package(self):
+        file = self.get_test_loc("graphql_cve-2022-2922_response.json")
+        with open(file) as f:
+            response = json.load(f)
+        results = github.group_advisory_by_package(response, "CVE-2022-2922")
+        expected_file = self.get_test_loc(
+            "group_advisory_by_package-expected.json", must_exist=False
+        )
+        util_tests.check_results_against_json(results, expected_file)
diff --git a/vulntotal/tests/test_gitlab.py b/vulntotal/tests/test_gitlab.py
index 5e6f6fe91..e7f38009d 100644
--- a/vulntotal/tests/test_gitlab.py
+++ b/vulntotal/tests/test_gitlab.py
@@ -40,7 +40,9 @@ def test_parse_html_advisory(self):
         )
         results = [
             adv.to_dict()
-            for adv in gitlab.parse_interesting_advisories(advisory_folder, "0.1.1", False)
+            for adv in gitlab.parse_interesting_advisories(
+                advisory_folder, PackageURL("generic", "namespace", "test", "0.1.1"), False
+            )
         ]
         expected_file = self.get_test_loc("parsed_advisory-expected.json", must_exist=False)
         util_tests.check_results_against_json(results, expected_file)
diff --git a/vulntotal/tests/test_oss_index.py b/vulntotal/tests/test_oss_index.py
index 1681c79e3..6ba02e634 100644
--- a/vulntotal/tests/test_oss_index.py
+++ b/vulntotal/tests/test_oss_index.py
@@ -11,6 +11,7 @@
 from pathlib import Path
 
 from commoncode import testcase
+from packageurl import PackageURL
 
 from vulnerabilities.tests import util_tests
 from vulntotal.datasources import oss_index
@@ -23,6 +24,11 @@ def test_parse_advisory(self):
         advisory_file = self.get_test_loc("advisory.json")
         with open(advisory_file) as f:
             advisory = json.load(f)
-        results = [adv.to_dict() for adv in oss_index.parse_advisory(advisory)]
+        results = [
+            adv.to_dict()
+            for adv in oss_index.parse_advisory(
+                advisory, PackageURL("generic", "namespace", "test")
+            )
+        ]
         expected_file = self.get_test_loc("parse_advisory-expected.json", must_exist=False)
         util_tests.check_results_against_json(results, expected_file)
diff --git a/vulntotal/tests/test_osv.py b/vulntotal/tests/test_osv.py
index 22b7c41d4..8a050cd5a 100644
--- a/vulntotal/tests/test_osv.py
+++ b/vulntotal/tests/test_osv.py
@@ -25,11 +25,11 @@ def test_generate_payload(self):
         purls = [
             "pkg:pypi/jinja2@2.4.1",
             "pkg:android/System@10",
-            "pkg:debian:8/davical@1.1.3-1",
+            "pkg:deb:8/davical@1.1.3-1",
             "pkg:maven/org.apache.tomcat/tomcat@10.1.0-M8",
             "pkg:linux/Kernel@v5.4.195",
             "pkg:packagist/dolibarr/dolibarr@12.0.5",
-            "pkg:crates.io/sha2@0.9.7",
+            "pkg:cargo/sha2@0.9.7",
             "pkg:npm/semver-regex@3.1.3",
             "pkg:golang/github.com/cloudflare/cfrpki@1.1.0",
         ]
@@ -58,7 +58,10 @@ def test_parse_advisory(self):
         advisory_page = self.get_test_loc("advisory.txt")
         with open(advisory_page) as f:
             advisory = json.load(f)
-        results = [adv.to_dict() for adv in osv.parse_advisory(advisory)]
+        results = [
+            adv.to_dict()
+            for adv in osv.parse_advisory(advisory, PackageURL("generic", "namespace", "test"))
+        ]
         expected_file = self.get_test_loc("parse_advisory_data-expected.json", must_exist=False)
         util_tests.check_results_against_json(results, expected_file)
 
@@ -66,7 +69,7 @@ def test_parse_advisory(self):
 @pytest.mark.webtest
 class TestOSVLive(testcase.FileBasedTesting):
     def test_generate_payload_nuget_with_api_call(self):
-        # this test makes like API calls
+        # this test makes live API calls
         purl = PackageURL.from_string("pkg:nuget/moment.js@2.18.0")
         results = osv.generate_payload(purl)
         expected = {"package": {"ecosystem": "NuGet", "name": "Moment.js"}, "version": "2.18.0"}
diff --git a/vulntotal/tests/test_snyk.py b/vulntotal/tests/test_snyk.py
index 31b8e6e20..f4f221b39 100644
--- a/vulntotal/tests/test_snyk.py
+++ b/vulntotal/tests/test_snyk.py
@@ -30,7 +30,7 @@ def test_generate_package_advisory_url(self):
             "pkg:nuget/moment.js@2.18.0",
             "pkg:cocoapods/ffmpeg@0.2",
             "pkg:hex/coherence@0.2.1",
-            "pkg:rubygems/log4j-jars@0.2",
+            "pkg:gem/log4j-jars@0.2",
             "pkg:unmanaged/firefox@8.9.1",
         ]
         results = [
@@ -56,7 +56,9 @@ def test_parse_html_advisory_0(self):
         file = self.get_test_loc("html/0.html")
         with open(file) as f:
             page = f.read()
-        result = snyk.parse_html_advisory(page, "TEST-SNYKID", ["TEST-AFFECTED"]).to_dict()
+        result = snyk.parse_html_advisory(
+            page, "TEST-SNYKID", ["TEST-AFFECTED"], PackageURL("generic", "namespace", "test")
+        ).to_dict()
         expected_file = f"{file}-expected.json"
         util_tests.check_results_against_json(result, expected_file)
 
@@ -64,7 +66,9 @@ def test_parse_html_advisory_1(self):
         file = self.get_test_loc("html/1.html")
         with open(file) as f:
             page = f.read()
-        result = snyk.parse_html_advisory(page, "TEST-SNYKID", ["TEST-AFFECTED"]).to_dict()
+        result = snyk.parse_html_advisory(
+            page, "TEST-SNYKID", ["TEST-AFFECTED"], PackageURL("generic", "namespace", "test")
+        ).to_dict()
         expected_file = f"{file}-expected.json"
         util_tests.check_results_against_json(result, expected_file)
 
@@ -72,7 +76,9 @@ def test_parse_html_advisory_2(self):
         file = self.get_test_loc("html/2.html")
         with open(file) as f:
             page = f.read()
-        result = snyk.parse_html_advisory(page, "TEST-SNYKID", ["TEST-AFFECTED"]).to_dict()
+        result = snyk.parse_html_advisory(
+            page, "TEST-SNYKID", ["TEST-AFFECTED"], PackageURL("generic", "namespace", "test")
+        ).to_dict()
         expected_file = f"{file}-expected.json"
         util_tests.check_results_against_json(result, expected_file)
 
@@ -80,6 +86,8 @@ def test_parse_html_advisory_3(self):
         file = self.get_test_loc("html/3.html")
         with open(file) as f:
             page = f.read()
-        result = snyk.parse_html_advisory(page, "TEST-SNYKID", ["TEST-AFFECTED"]).to_dict()
+        result = snyk.parse_html_advisory(
+            page, "TEST-SNYKID", ["TEST-AFFECTED"], PackageURL("generic", "namespace", "test")
+        ).to_dict()
         expected_file = f"{file}-expected.json"
         util_tests.check_results_against_json(result, expected_file)
diff --git a/vulntotal/tests/test_vulnerablecode.py b/vulntotal/tests/test_vulnerablecode.py
index 410be53a2..c17fb1728 100644
--- a/vulntotal/tests/test_vulnerablecode.py
+++ b/vulntotal/tests/test_vulnerablecode.py
@@ -11,6 +11,7 @@
 from pathlib import Path
 
 from commoncode import testcase
+from packageurl import PackageURL
 
 from vulnerabilities.tests import util_tests
 from vulntotal.datasources import vulnerablecode
@@ -23,6 +24,7 @@ def test_parse_advisory(self):
         advisory_file = self.get_test_loc("advisory.json")
         with open(advisory_file) as f:
             advisory = json.load(f)
-        results = [vulnerablecode.parse_advisory(adv).to_dict() for adv in advisory]
+        input_purl = PackageURL.from_string("pkg:maven/org.apache.tomcat/tomcat@10.1.0-M5")
+        results = [vulnerablecode.parse_advisory(adv, input_purl).to_dict() for adv in advisory]
         expected_file = self.get_test_loc("parse_advisory-expected.json", must_exist=False)
         util_tests.check_results_against_json(results, expected_file)
diff --git a/vulntotal/validator.py b/vulntotal/validator.py
index 4601390cd..415678ba1 100644
--- a/vulntotal/validator.py
+++ b/vulntotal/validator.py
@@ -11,29 +11,48 @@
 from typing import Iterable
 from typing import List
 
+from packageurl import PackageURL
+
 
 @dataclasses.dataclass(order=True)
 class VendorData:
+    purl: PackageURL
     aliases: List[str] = dataclasses.field(default_factory=list)
     affected_versions: List[str] = dataclasses.field(default_factory=list)
     fixed_versions: List[str] = dataclasses.field(default_factory=list)
 
     def to_dict(self):
         return {
+            "purl": str(self.purl),
             "affected_versions": self.affected_versions,
             "fixed_versions": self.fixed_versions,
             "aliases": self.aliases,
         }
 
 
+class InvalidCVEError(Exception):
+    def __init__(self, message="CVE identifier must start with 'CVE-'"):
+        self.message = message
+        super().__init__(self.message)
+
+
 class DataSource:
     def __init__(self):
         self._raw_dump = []
 
-    def datasource_advisory(self, purl) -> Iterable[VendorData]:
+    def datasource_advisory(self, purl: PackageURL) -> Iterable[VendorData]:
+        """
+        Yield VendorData object for crossponding PURL.
+        """
+        return NotImplementedError
+
+    def datasource_advisory_from_cve(self, cve: str) -> Iterable[VendorData]:
         """
-        Yield VendorData object corresponding to DataSource
+        Yield VendorData objects for a given CVE identifier.
         """
+        if not cve.upper().startswith("CVE-"):
+            raise InvalidCVEError
+
         return NotImplementedError
 
     @classmethod
diff --git a/vulntotal/vulntotal_utils.py b/vulntotal/vulntotal_utils.py
index f2a0ebbf6..787ff9d92 100644
--- a/vulntotal/vulntotal_utils.py
+++ b/vulntotal/vulntotal_utils.py
@@ -145,6 +145,8 @@ def gitlab_constraints_satisfied(gitlab_constrain, version):
     for constraint in constraints:
         is_constraint_satisfied = True
         for subcontraint in constraint.strip().split(delimiter):
+            if not subcontraint:
+                continue
             gitlab_comparator, gitlab_version = parse_constraint(subcontraint.strip())
             if not gitlab_version:
                 continue