How is it possible that a Greenbone test is published months prior to the respective CVE?
. We begin working on vulnerability tests as soon as we are aware of a vulnerability. This may be measured in days, however we’ve also experienced delays in months of time until the official CVE publication. We can often link a reserved, yet unpublished CVE, however there are also cases where not even a CVE exists but is reserved and the test is in our Feed. We maintain our tests so that once a CVE exists, they are linked in our tests.
Example: CVE-2022-1232 (Google Chrome) was first discussed in April 2022, but the official CVE publication was in July 2022. The first Greenbone tests date April 2022, further followed in May 2022.