Inconsistent `wolfictl advisory list` return if CVE alias is used

[philroche]

Description

CVE GHSA-vrpq-qp53-qv56 and CVE-2025-4949 are the same CVE - see GHSA-vrpq-qp53-qv56 but when I run wolfictl advisory list I get different results depending on the CVE identifier I use

➜  wolfictl advisory list --advisories-repo-dir "/home/philroche/Working/advisories/" --package "gradle-8" --vuln "CVE-2025-4949" --output json  | jq
[
  {
    "packageName": "gradle-8",
    "id": "CGA-2h3q-7r7p-cmjc",
    "aliases": [
      "CVE-2025-4949",
      "GHSA-vrpq-qp53-qv56"
    ],
    "events": [
      {
        "timestamp": "2025-05-23T07:20:07Z",
        "type": "detection",
        "data": {
          "type": "scan/v1",
          "data": {
            "SubpackageName": "gradle-8",
            "ComponentID": "9ea55c9375ff6d99",
            "ComponentName": "org.eclipse.jgit",
            "ComponentVersion": "5.13.3.202401111512-r",
            "ComponentType": "java-archive",
            "ComponentLocation": "/usr/share/java/gradle/lib/plugins/org.eclipse.jgit-5.13.3.202401111512-r.jar",
            "Scanner": "grype"
          }
        }
      }
    ]
  }
]
➜  git:(main) wolfictl advisory list --advisories-repo-dir "/home/philroche/Working/advisories/" --package "gradle-8" --vuln "GHSA-vrpq-qp53-qv56" --output json  | jq
[
  {
    "packageName": "gradle-8",
    "id": "CGA-2h3q-7r7p-cmjc",
    "aliases": [
      "CVE-2025-4949",
      "GHSA-vrpq-qp53-qv56"
    ],
    "events": [
      {
        "timestamp": "2025-05-27T20:15:11Z",
        "type": "fixed",
        "data": {
          "fixedVersion": "8.14.1-r1"
        }
      }
    ]
  }
]

Should this always return the fixed event as defined @ https://github.com/wolfi-dev/advisories/blob/de7ba85385188796b35cdcb4c4da90098a042236/gradle-8.advisories.yaml#L24