There is already a discussion on GitHub about it, but I wanted to make it a formal PROJQUAY ticket, too, for tracking purposes.

This can be really crucial for things like Log4Shell. For example, when someone wants to know if they are affected by CVE-2022-44228, they will be looking for CVE-2022-44228 instead of GHSA-jfh8-c2jp-5v3q.

OSV does tend to have aliases, which can prove to be useful. However, there are examples where this can get a bit messy. See the GitHub discussion for more information.