Temp: difference between GHSA schema and Vunnel schema

temp.md

sqlite3 data/github/results/results.db "select record from results where id like '%GHSA-v7hc-87jc-qrrr%';" | jq . produces:

{
  "schema": "https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/github-security-advisory/schema-1.0.1.json",
  "identifier": "github:go/ghsa-v7hc-87jc-qrrr",
  "item": {
    "Vulnerability": {},
    "Advisory": {
      "Classification": "GENERAL",
      "Severity": "Low",
      "FixedIn": [
        {
          "name": "knative.dev/eventing-github",
          "identifier": "0.39.1",
          "ecosystem": "go",
          "namespace": "github:go",
          "range": "< 0.39.1"
        }
      ],
      "Summary": "eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations",
      "url": "https://github.com/advisories/GHSA-v7hc-87jc-qrrr",
      "CVE": [],
      "Metadata": {
        "CVE": []
      },
      "ghsaId": "GHSA-v7hc-87jc-qrrr",
      "published": "2023-12-06T19:19:35Z",
      "updated": "2023-12-06T19:19:36Z",
      "withdrawn": null,
      "namespace": "github:go"
    }
  }
}

But

gh api \
  -H "Accept: application/vnd.github+json" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  /advisories/GHSA-v7hc-87jc-qrrr | jq .

produces:

{
  "ghsa_id": "GHSA-v7hc-87jc-qrrr",
  "cve_id": null,
  "url": "https://api.github.com/advisories/GHSA-v7hc-87jc-qrrr",
  "html_url": "https://github.com/advisories/GHSA-v7hc-87jc-qrrr",
  "summary": "eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations",
  "description": "### Impact\n\nThe eventing-github cluster-local server doesn't set `ReadHeaderTimeout`‬‭ which could lead do a DDoS‬ ‭attack, where a large group of users send requests to the server causing the server to hang‬ ‭for long enough to deny it from being available to other users, also know as a Slowloris‬ ‭attack.\n\n### Patches\n\nFix in `v1.12.1` and `v1.11.3`\n\n### Credits\n\nThe vulnerability was reported by Ada Logics during an ongoing security audit of Knative involving Ada Logics, the Knative maintainers, OSTIF and CNCF.\n",
  "type": "reviewed",
  "severity": "low",
  "repository_advisory_url": "https://api.github.com/repos/knative-extensions/eventing-github/security-advisories/GHSA-v7hc-87jc-qrrr",
  "source_code_location": "https://github.com/knative-extensions/eventing-github",
  "identifiers": [
    {
      "value": "GHSA-v7hc-87jc-qrrr",
      "type": "GHSA"
    }
  ],
  "references": [
    "https://github.com/knative-extensions/eventing-github/security/advisories/GHSA-v7hc-87jc-qrrr",
    "https://github.com/knative-extensions/eventing-github/pull/442",
    "https://github.com/knative-extensions/eventing-github/pull/446",
    "https://github.com/knative-extensions/eventing-github/pull/447",
    "https://github.com/knative-extensions/eventing-github/commit/ea5cb8b25fc3410dde45ce2eb95454e4cfe77c40",
    "https://github.com/advisories/GHSA-v7hc-87jc-qrrr"
  ],
  "published_at": "2023-12-06T19:19:35Z",
  "updated_at": "2023-12-06T19:19:36Z",
  "github_reviewed_at": "2023-12-06T19:19:35Z",
  "nvd_published_at": null,
  "withdrawn_at": null,
  "vulnerabilities": [
    {
      "package": {
        "ecosystem": "go",
        "name": "knative.dev/eventing-github"
      },
      "vulnerable_version_range": "< 0.39.1",
      "first_patched_version": "0.39.1",
      "vulnerable_functions": []
    }
  ],
  "cvss": {
    "vector_string": null,
    "score": null
  },
  "cwes": [
    {
      "cwe_id": "CWE-400",
      "name": "Uncontrolled Resource Consumption"
    }
  ],
  "credits": []
}