Skip to content

Question: Significant increase in Debian OSV affected entries and modified records over the last month #5587

Description

@SURENKUMAR-0212

Hi OSV team,

While monitoring the Debian OSV dataset, We noticed a significant increase over the past month in both the number of newly published Debian records and, more noticeably, the number of modified records and affected entries.

For example, there are several days with unusually large spikes:

  • 2026-06-15: 30,531 modified records, ~3.7M affected rows
  • 2026-06-16: 781 modified records, ~765K affected rows
  • 2026-06-24: 282 new records, ~168K affected rows
  • 2026-06-25: 243 new records, ~98K affected rows
  • 2026-06-04: 382 new records, ~392K affected rows

Over the last three months (2026-04-02 → 2026-06-30), my summary is:

  • New Debian OSV records: 5,188
  • Modified records: 47,776
  • New affected rows: 2,284,189
  • Modified affected rows: 5,308,942

In previous months, these counts were generally much lower, so we wonder whether this increase is expected.

Is there any particular reason for these spikes? For example:

  • Was there a large backfill or migration of Debian vulnerability data?
  • Has the Debian importer or affected-version generation logic changed recently?
  • Were package/version expansions or bulk metadata updates performed?
  • Or is this simply the expected result of a change in the upstream Debian data source?

I'm mainly trying to understand whether this represents a one-time bulk update or whether higher update volumes should now be expected going forward.

For reference, I generated these statistics by scanning the Debian OSV JSON files and grouping records by their published and modified timestamps, while counting Debian affected entries. Will add below

Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions