Hi OSV team,
While monitoring the Debian OSV dataset, We noticed a significant increase over the past month in both the number of newly published Debian records and, more noticeably, the number of modified records and affected entries.
For example, there are several days with unusually large spikes:
- 2026-06-15: 30,531 modified records, ~3.7M affected rows
- 2026-06-16: 781 modified records, ~765K affected rows
- 2026-06-24: 282 new records, ~168K affected rows
- 2026-06-25: 243 new records, ~98K affected rows
- 2026-06-04: 382 new records, ~392K affected rows
Over the last three months (2026-04-02 → 2026-06-30), my summary is:
- New Debian OSV records: 5,188
- Modified records: 47,776
- New affected rows: 2,284,189
- Modified affected rows: 5,308,942
In previous months, these counts were generally much lower, so we wonder whether this increase is expected.
Is there any particular reason for these spikes? For example:
- Was there a large backfill or migration of Debian vulnerability data?
- Has the Debian importer or affected-version generation logic changed recently?
- Were package/version expansions or bulk metadata updates performed?
- Or is this simply the expected result of a change in the upstream Debian data source?
I'm mainly trying to understand whether this represents a one-time bulk update or whether higher update volumes should now be expected going forward.
For reference, I generated these statistics by scanning the Debian OSV JSON files and grouping records by their published and modified timestamps, while counting Debian affected entries. Will add below
Thanks!
Hi OSV team,
While monitoring the Debian OSV dataset, We noticed a significant increase over the past month in both the number of newly published Debian records and, more noticeably, the number of modified records and affected entries.
For example, there are several days with unusually large spikes:
Over the last three months (2026-04-02 → 2026-06-30), my summary is:
In previous months, these counts were generally much lower, so we wonder whether this increase is expected.
Is there any particular reason for these spikes? For example:
I'm mainly trying to understand whether this represents a one-time bulk update or whether higher update volumes should now be expected going forward.
For reference, I generated these statistics by scanning the Debian OSV JSON files and grouping records by their
publishedandmodifiedtimestamps, while counting Debianaffectedentries. Will add belowThanks!