The GitHub Security Advisory page doesn’t appear to have any way to report inaccurate data, and so I am looking for a way to do so.
There is a problem with the fix version details for GHSA-mh7g-99w9-xpjm. Downstream projects which rely on this data are reporting false positive findings in vulnerability scans because of the issue.
There are 3 fix versions for the package in question; one fix version for each major release supported at the time (5.x, 6.x, and 7.x), however GHSA only reports a single fix version for the highest major release at the time, 7.x, which is incorrect.
I was asked here to report the issue to GHSA, but I see no way to do so.
Any guidance on this will be appreciated.