The 'aliases' field is out of sync (not symmetric)

[mpihelgas]

Describe the bug

• The aliases field is out of sync (not symmetric between aliases).
• Also, web UI is not in sync with the raw JSON data from the API.

To Reproduce
Steps to reproduce the behaviour:

1. Go to https://osv.dev/vulnerability/GHSA-g78f-6xq7-rrhq
2. Observe the aliases: CVE-2017-18885, GO-2025-4200
3. Click on 'JSON Data' -> https://api.osv.dev/v1/vulns/GHSA-g78f-6xq7-rrhq
4. Observe the aliases field: "aliases":["CVE-2017-18885"]
5. Note the difference between web UI and API data.
6. Repeat the same for GO-2025-4200 to see that the GO record has the aliases properly populated: "aliases":["CVE-2017-18885","GHSA-g78f-6xq7-rrhq"]
7. Note the out of sync (not symmetric) aliases field.

Expected behaviour

• I would expect the aliases field to be symmetric as specified in OSV docs.
• I would expect the data between the UI and the API to be in sync.

Additional context
I did not thoroughly check if there are other records with the same specific issue.

[ashmod]

Looks in-sync here: https://api.test.osv.dev/v1/vulns/GHSA-g78f-6xq7-rrhq

[jess-lowe]

This is weird, but should be hopefully fixed with today's release. We recently moved the alias computation from Python to Go, so it may be a transient error from that migration.

[michaelkedar]

Not really sure what's happened there, but I've forced GHSA-g78f-6xq7-rrhq and CVE-2017-18885 to update and they now have the GO-2025-4200 alias

[mpihelgas]

Thanks everyone for the prompt reaction!
I confirm that this record is fixed 🙏. It just leaves me wondering whether there are other records with the same issue.