diff --git a/Makefile b/Makefile
index cf78903b..6920eeac 100644
--- a/Makefile
+++ b/Makefile
@@ -27,9 +27,11 @@ shell:
 	# Open a bash session in a standalone container (no stack required)
 	docker run -it $(IMAGE_NAME) bash
 
+# make test              - full suite
+# make test k=<pattern>  - filter by name, e.g. make test k=test_name
 test:
-	@echo "-> Run the test suite"
-	${MANAGE} test --noinput --parallel auto
+	${EXEC} web pip install --find-links=thirdparty/dist/ --no-index --no-cache-dir '.[dev]'
+	${MANAGE} test --noinput --parallel auto $(if $(k),-k $(k),)
 
 migrations:
 	@echo "-> Creates new database migrations"
diff --git a/component_catalog/api.py b/component_catalog/api.py
index abd8705f..e37e6ac4 100644
--- a/component_catalog/api.py
+++ b/component_catalog/api.py
@@ -436,8 +436,8 @@ class ComponentFilterSet(DataspacedAPIFilterSet):
         field_name="affected_by_vulnerabilities",
     )
     affected_by = django_filters.CharFilter(
-        field_name="affected_by_vulnerabilities__vulnerability_id",
-        label="Affected by (vulnerability_id)",
+        field_name="affected_by_vulnerabilities__advisory_id",
+        label="Affected by (advisory_id)",
     )
 
     class Meta:
@@ -630,7 +630,8 @@ class PackageSerializer(
         read_only=True,
         many=True,
         fields=[
-            "vulnerability_id",
+            "advisory_uid",
+            "advisory_id",
             "api_url",
             "uuid",
         ],
@@ -809,8 +810,8 @@ class PackageAPIFilterSet(DataspacedAPIFilterSet):
         field_name="affected_by_vulnerabilities",
     )
     affected_by = django_filters.CharFilter(
-        field_name="affected_by_vulnerabilities__vulnerability_id",
-        label="Affected by (vulnerability_id)",
+        field_name="affected_by_vulnerabilities__advisory_id",
+        label="Affected by (advisory_id)",
     )
     risk_score = ScoreRangeFilter(score_ranges=RISK_SCORE_RANGES)
 
diff --git a/component_catalog/filters.py b/component_catalog/filters.py
index 5e08ae09..0ece94d9 100644
--- a/component_catalog/filters.py
+++ b/component_catalog/filters.py
@@ -119,7 +119,7 @@ class ComponentFilterSet(DataspacedFilterSet):
         widget=DropDownRightWidget(link_content='<i class="fas fa-bug"></i>'),
     )
     affected_by = django_filters.CharFilter(
-        field_name="affected_by_vulnerabilities__vulnerability_id",
+        field_name="affected_by_vulnerabilities__advisory_id",
         label=_("Affected by"),
     )
 
@@ -267,7 +267,7 @@ class PackageFilterSet(DataspacedFilterSet):
         widget=DropDownRightWidget(link_content='<i class="fas fa-bug"></i>'),
     )
     affected_by = django_filters.CharFilter(
-        field_name="affected_by_vulnerabilities__vulnerability_id",
+        field_name="affected_by_vulnerabilities__advisory_id",
         label=_("Affected by"),
     )
     affected_by_last_modified_date = django_filters.DateRangeFilter(
diff --git a/component_catalog/templates/component_catalog/tabs/tab_vulnerabilities.html b/component_catalog/templates/component_catalog/tabs/tab_vulnerabilities.html
index 9fa439bd..1613caa8 100644
--- a/component_catalog/templates/component_catalog/tabs/tab_vulnerabilities.html
+++ b/component_catalog/templates/component_catalog/tabs/tab_vulnerabilities.html
@@ -51,11 +51,11 @@
           <strong>
             {% if vulnerability.resource_url %}
               <a href="{{ vulnerability.resource_url }}" target="_blank">
-                {{ vulnerability.vulnerability_id }}
+                {{ vulnerability.advisory_id }}
                 <i class="fa-solid fa-up-right-from-square mini"></i>
               </a>
             {% else %}
-              {{ vulnerability.vulnerability_id }}
+              {{ vulnerability.advisory_id }}
             {% endif %}
           </strong>
           <div class="mt-2">
diff --git a/component_catalog/tests/test_api.py b/component_catalog/tests/test_api.py
index afd60a0a..7ad52a2a 100644
--- a/component_catalog/tests/test_api.py
+++ b/component_catalog/tests/test_api.py
@@ -1350,17 +1350,17 @@ def test_api_package_endpoint_vulnerabilities_features(self):
         results = response.data["results"]
         self.assertEqual("9.0", results[0]["risk_score"])
         self.assertEqual(
-            vulnerability1.vulnerability_id,
-            results[0]["affected_by_vulnerabilities"][0]["vulnerability_id"],
+            vulnerability1.advisory_id,
+            results[0]["affected_by_vulnerabilities"][0]["advisory_id"],
         )
 
-        data = {"affected_by": vulnerability1.vulnerability_id}
+        data = {"affected_by": vulnerability1.advisory_id}
         response = self.client.get(self.package_list_url, data)
         self.assertEqual(1, response.data["count"])
         self.assertContains(response, self.package1_detail_url)
         self.assertNotContains(response, self.package2_detail_url)
 
-        data = {"affected_by": vulnerability2.vulnerability_id}
+        data = {"affected_by": vulnerability2.advisory_id}
         response = self.client.get(self.package_list_url, data)
         self.assertEqual(0, response.data["count"])
         self.assertNotContains(response, self.package1_detail_url)
diff --git a/component_catalog/tests/test_filters.py b/component_catalog/tests/test_filters.py
index 82827d65..c496a7de 100644
--- a/component_catalog/tests/test_filters.py
+++ b/component_catalog/tests/test_filters.py
@@ -406,6 +406,6 @@ def test_package_filterset_affected_by_filter(self):
         self.assertIn(package1, filterset.qs)
         self.assertIn(package2, filterset.qs)
 
-        data = {"affected_by": vulnerability1.vulnerability_id}
+        data = {"affected_by": vulnerability1.advisory_id}
         filterset = PackageFilterSet(dataspace=self.dataspace, data=data)
         self.assertQuerySetEqual(filterset.qs, [package1])
diff --git a/component_catalog/tests/test_views.py b/component_catalog/tests/test_views.py
index 5efafcb1..40ec4f16 100644
--- a/component_catalog/tests/test_views.py
+++ b/component_catalog/tests/test_views.py
@@ -1054,7 +1054,7 @@ def test_component_details_view_tab_vulnerabilities(self):
         )
         self.assertContains(response, expected)
         self.assertContains(response, 'id="tab_vulnerabilities"')
-        self.assertContains(response, vulnerability1.vcid)
+        self.assertContains(response, vulnerability1.advisory_id)
 
     def test_component_catalog_component_create_ajax_view(self):
         component_create_ajax_url = reverse("component_catalog:component_add_ajax")
@@ -3020,7 +3020,7 @@ def test_package_details_view_tab_vulnerabilities(self):
         )
         self.assertContains(response, expected)
         self.assertContains(response, 'id="tab_vulnerabilities"')
-        self.assertContains(response, self.vulnerability1.vcid)
+        self.assertContains(response, self.vulnerability1.advisory_id)
 
     def test_vulnerablecode_get_plain_purls(self):
         purls = get_plain_purls(packages=[])
@@ -3056,65 +3056,34 @@ def test_vulnerablecode_get_vulnerable_purls(self):
         with mock.patch(
             "dejacode_toolkit.vulnerablecode.VulnerableCode.bulk_search_by_purl"
         ) as bulk_search:
-            bulk_search.return_value = []
+            bulk_search.return_value = {"count": 0, "results": []}
             vulnerable_purls = vulnerablecode.get_vulnerable_purls(packages=[self.package1])
             self.assertEqual([], vulnerable_purls)
 
-            bulk_search.return_value = ["pkg:pypi/django@2.1"]
+            bulk_search.return_value = {"count": 1, "results": ["pkg:pypi/django@2.1"]}
             vulnerable_purls = vulnerablecode.get_vulnerable_purls(packages=[self.package1])
             self.assertEqual(["pkg:pypi/django@2.1"], vulnerable_purls)
 
-    def test_vulnerablecode_get_vulnerable_cpes(self):
-        vulnerablecode = VulnerableCode(self.dataspace)
-        vulnerable_cpes = vulnerablecode.get_vulnerable_cpes(components=[])
-        self.assertEqual([], vulnerable_cpes)
-
-        components = [self.component1, self.component2]
-        vulnerable_cpes = vulnerablecode.get_vulnerable_cpes(components=components)
-        self.assertEqual([], vulnerable_cpes)
-
-        self.component1.cpe = "cpe:2.3:a:djangoproject:django:0.95:*:*:*:*:*:*:*"
-        self.component1.save()
-
-        with mock.patch(
-            "dejacode_toolkit.vulnerablecode.VulnerableCode.bulk_search_by_cpes"
-        ) as bulk_search:
-            bulk_search.return_value = [
-                {
-                    "vulnerability_id": "VCID-188m-1bke-aaae",
-                    "summary": "The administrative interface in django.contrib.admin ",
-                    "references": [
-                        {"reference_id": ""},
-                    ],
-                }
-            ]
-            vulnerable_cpes = vulnerablecode.get_vulnerable_cpes(components=components)
-            self.assertEqual([], vulnerable_cpes)
-
-            bulk_search.return_value[0]["references"] = [{"reference_id": self.component1.cpe}]
-            vulnerable_cpes = vulnerablecode.get_vulnerable_cpes(components=components)
-            self.assertEqual([self.component1.cpe], vulnerable_cpes)
-
-    @mock.patch("dejacode_toolkit.vulnerablecode.VulnerableCode.request_get")
-    def test_vulnerablecode_get_vulnerabilities_cache(self, mock_request_get):
+    @mock.patch("dejacode_toolkit.vulnerablecode.VulnerableCode.bulk_search_by_purl")
+    def test_vulnerablecode_get_vulnerabilities_cache(self, mock_bulk_search):
         vulnerablecode = VulnerableCode(self.dataspace)
 
         self.package1.set_package_url("pkg:pypi/django@2.1")
         self.package1.save()
 
-        mock_request_get.return_value = {
+        mock_bulk_search.return_value = {
             "count": 1,
             "results": True,
         }
 
         results = vulnerablecode.get_vulnerabilities_by_purl(self.package1.package_url)
-        self.assertEqual(1, mock_request_get.call_count)
+        self.assertEqual(1, mock_bulk_search.call_count)
         self.assertTrue(results)
 
         results = vulnerablecode.get_vulnerabilities_by_purl(self.package1.package_url)
-        # request.get was only called once since the results are returned from the cached
+        # bulk_search_by_purl was only called once since the results are returned from the cache
         # on the second call of `get_vulnerabilities_by_purl`.
-        self.assertEqual(1, mock_request_get.call_count)
+        self.assertEqual(1, mock_bulk_search.call_count)
         self.assertTrue(results)
 
     def test_send_scan_notification(self):
diff --git a/dejacode/settings.py b/dejacode/settings.py
index fb026ceb..11a586db 100644
--- a/dejacode/settings.py
+++ b/dejacode/settings.py
@@ -717,6 +717,7 @@ def get_fake_redis_connection(config, use_strict_redis):
 
 # Default to 5 seconds.
 DEJACODE_INTEGRATION_REQUESTS_TIMEOUT = env.int("DEJACODE_INTEGRATION_REQUESTS_TIMEOUT", default=5)
+VULNERABLECODE_USER_AGENT = env.str("VULNERABLECODE_USER_AGENT", default="VCIO_API_AGENT")
 
 if IS_TESTS:
     # Silent the django-axes logging during tests
diff --git a/dejacode/static/css/dejacode_bootstrap.css b/dejacode/static/css/dejacode_bootstrap.css
index b45e3019..4f0b48fb 100644
--- a/dejacode/static/css/dejacode_bootstrap.css
+++ b/dejacode/static/css/dejacode_bootstrap.css
@@ -395,7 +395,7 @@ table.packages-table .column-primary_language {
 }
 
 /* -- Vulnerability List -- */
-table.vulnerabilities-table .column-vulnerability_id {
+table.vulnerabilities-table .column-advisory_uid {
   width: 220px;
 }
 table.vulnerabilities-table .column-aliases {
@@ -413,7 +413,7 @@ table.vulnerabilities-table .column-summary {
 }
 
 /* -- Vulnerability tab -- */
-#tab_vulnerabilities .column-vulnerability_id {
+#tab_vulnerabilities .column-advisory_uid {
   width: 230px;
 }
 #tab_vulnerabilities .column-affected_packages {
diff --git a/dejacode_toolkit/__init__.py b/dejacode_toolkit/__init__.py
index aa246c63..f6f43760 100644
--- a/dejacode_toolkit/__init__.py
+++ b/dejacode_toolkit/__init__.py
@@ -27,7 +27,7 @@ def get_settings(var_name, default=None):
 def is_service_available(label, session, url, raise_exceptions):
     """Check if a configured integration service is available."""
     try:
-        response = session.head(url, timeout=REQUESTS_TIMEOUT)
+        response = session.head(url, allow_redirects=True, timeout=REQUESTS_TIMEOUT)
         response.raise_for_status()
     except requests.exceptions.RequestException as request_exception:
         logger.debug(f"{label} is_available() error: {request_exception}")
@@ -43,6 +43,7 @@ class BaseService:
     settings_prefix = None
     url_field_name = None
     api_key_field_name = None
+    api_version = None
     default_timeout = REQUESTS_TIMEOUT
 
     def __init__(self, dataspace):
@@ -71,6 +72,9 @@ def __init__(self, dataspace):
 
         self.api_url = f"{self.service_url.rstrip('/')}/api/"
 
+        if self.api_version:
+            self.api_url = f"{self.api_url}{self.api_version.rstrip('/')}/"
+
     def get_session(self):
         session = requests.Session()
 
diff --git a/dejacode_toolkit/vulnerablecode.py b/dejacode_toolkit/vulnerablecode.py
index 34980dcf..8a0bad69 100644
--- a/dejacode_toolkit/vulnerablecode.py
+++ b/dejacode_toolkit/vulnerablecode.py
@@ -9,6 +9,7 @@
 from django.core.cache import caches
 
 from dejacode_toolkit import BaseService
+from dejacode_toolkit import get_settings
 from dejacode_toolkit import logger
 
 cache = caches["vulnerabilities"]
@@ -19,90 +20,54 @@ class VulnerableCode(BaseService):
     settings_prefix = "VULNERABLECODE"
     url_field_name = "vulnerablecode_url"
     api_key_field_name = "vulnerablecode_api_key"
+    api_version = "v3"
+    user_agent = get_settings("VULNERABLECODE_USER_AGENT", default="VCIO_API_AGENT")
 
-    def get_vulnerabilities(
+    def get_session(self):
+        session = super().get_session()
+        session.headers.update({"User-Agent": self.user_agent})
+        return session
+
+    def get_vulnerabilities_by_purl(
         self,
-        url,
-        field_name,
-        field_value,
+        purl,
         timeout=None,
     ):
-        """Get list of vulnerabilities."""
-        cached_results = cache.get(field_value)
+        """Get list of vulnerabilities providing a package `purl`."""
+        plain_purl = get_plain_purl(purl)
+
+        cached_results = cache.get(plain_purl)
         if cached_results:
             return cached_results
 
-        payload = {field_name: field_value}
-
-        response = self.request_get(url=url, params=payload, timeout=timeout)
+        response = self.bulk_search_by_purl(purls=[plain_purl], timeout=timeout)
         if response and response.get("count"):
             results = response["results"]
-            cache.set(field_value, results)
+            cache.set(plain_purl, results)
             return results
 
-    def get_vulnerabilities_by_purl(
-        self,
-        purl,
-        timeout=None,
-    ):
-        """Get list of vulnerabilities providing a package `purl`."""
-        return self.get_vulnerabilities(
-            url=f"{self.api_url}packages/",
-            field_name="purl",
-            field_value=get_plain_purl(purl),
-            timeout=timeout,
-        )
-
-    def get_vulnerabilities_by_cpe(
-        self,
-        cpe,
-        timeout=None,
-    ):
-        """Get list of vulnerabilities providing a package or component `cpe`."""
-        return self.get_vulnerabilities(
-            url=f"{self.api_url}cpes/",
-            field_name="cpe",
-            field_value=cpe,
-            timeout=timeout,
-        )
-
     def bulk_search_by_purl(
         self,
         purls,
-        purl_only,
+        details=True,
         timeout=None,
     ):
         """Bulk search of vulnerabilities using the provided list of `purls`."""
-        url = f"{self.api_url}packages/bulk_search"
+        url = f"{self.api_url}packages"
 
         data = {
             "purls": purls,
-            "purl_only": purl_only,
-            "plain_purl": True,
+            "details": details,
         }
 
         logger.debug(f"VulnerableCode: url={url} purls_count={len(purls)}")
         return self.request_post(url=url, json=data, timeout=timeout)
 
-    def bulk_search_by_cpes(
-        self,
-        cpes,
-        timeout=None,
-    ):
-        """Bulk search of vulnerabilities using the provided list of `cpes`."""
-        url = f"{self.api_url}cpes/bulk_search"
-
-        data = {
-            "cpes": cpes,
-        }
-
-        logger.debug(f"VulnerableCode: url={url} cpes_count={len(cpes)}")
-        return self.request_post(url, json=data, timeout=timeout)
-
-    def get_vulnerable_purls(self, packages, purl_only=True, timeout=10):
+    def get_vulnerable_purls(self, packages, details=False, timeout=10):
         """
         Return a list of PURLs for which at least one `affected_by_vulnerabilities`
         was found in the VulnerableCodeDB for the given list of `packages`.
+        Returns None when the API call fails (e.g. timeout or network error).
         """
         plain_purls = get_plain_purls(packages)
 
@@ -110,62 +75,20 @@ def get_vulnerable_purls(self, packages, purl_only=True, timeout=10):
             return []
 
         vulnerable_purls = self.bulk_search_by_purl(
-            plain_purls,
-            purl_only=purl_only,
+            purls=plain_purls,
+            details=details,
             timeout=timeout,
         )
-        return vulnerable_purls or []
-
-    def get_vulnerable_cpes(self, components):
-        """
-        Return a list of vulnerable CPEs found in the VulnerableCodeDB for the given
-        list of `components`.
-        """
-        cpes = [component.cpe for component in components if component.cpe]
-
-        if not cpes:
-            return []
-
-        search_results = self.bulk_search_by_cpes(cpes)
-        if not search_results:
-            return []
-
-        vulnerable_cpes = [
-            reference.get("reference_id")
-            for entry in search_results
-            for reference in entry.get("references")
-            if reference.get("reference_id").startswith("cpe")
-        ]
-
-        return list(set(vulnerable_cpes))
+        if vulnerable_purls is None:
+            return None
+        return vulnerable_purls.get("results") or []
 
     def get_package_url_available_types(self):
-        # Replace by fetching the endpoint once available.
-        # https://github.com/aboutcode-org/vulnerablecode/issues/1561#issuecomment-2298764730
-        return [
-            "alpine",
-            "alpm",
-            "apache",
-            "cargo",
-            "composer",
-            "conan",
-            "deb",
-            "gem",
-            "generic",
-            "github",
-            "golang",
-            "hex",
-            "mattermost",
-            "maven",
-            "mozilla",
-            "nginx",
-            "npm",
-            "nuget",
-            "openssl",
-            "pypi",
-            "rpm",
-            "ruby",
-        ]
+        """Return the list of supported package types from the VulnerableCode API."""
+        response = self.request_get(f"{self.api_url}package-types")
+        if isinstance(response, list):
+            return response
+        return []
 
 
 def get_plain_purl(purl_str):
diff --git a/dje/outputs.py b/dje/outputs.py
index d5b93624..77bf6ec1 100644
--- a/dje/outputs.py
+++ b/dje/outputs.py
@@ -297,7 +297,7 @@ def get_csaf_product_tree(product):
 
 
 def get_csaf_vulnerability_ids(vulnerability):
-    ids = [csaf.Id(system_name="VulnerableCode", text=vulnerability.vulnerability_id)]
+    ids = [csaf.Id(system_name="VulnerableCode", text=vulnerability.advisory_id)]
 
     for alias in vulnerability.aliases:
         prefix = alias.split("-")[0]
@@ -399,7 +399,7 @@ def get_openvex_timestamp():
 
 def get_openvex_vulnerability(vulnerability):
     return openvex.Vulnerability(
-        name=vulnerability.vulnerability_id,
+        name=vulnerability.advisory_id,
         field_id=vulnerability.resource_url,
         description=vulnerability.summary,
         aliases=vulnerability.aliases,
diff --git a/dje/tests/test_outputs.py b/dje/tests/test_outputs.py
index b71f9282..b3b29f25 100644
--- a/dje/tests/test_outputs.py
+++ b/dje/tests/test_outputs.py
@@ -52,18 +52,18 @@ def setUp(self):
         make_product_package(self.product1, package3)
         vulnerability1 = make_vulnerability(
             self.dataspace,
-            vulnerability_id="VCID-0001",
-            resource_url="https://public.vulnerablecode.io/vulnerabilities/VCID-0001",
+            advisory_id="ID-0001",
+            resource_url="https://public.vulnerablecode.io/vulnerabilities/ID-0001",
             aliases=["CVE-1984-1010"],
             affecting=[package1],
         )
         vulnerability2 = make_vulnerability(
             self.dataspace,
-            vulnerability_id="VCID-0002",
-            resource_url="https://public.vulnerablecode.io/vulnerabilities/VCID-0002",
+            advisory_id="ID-0002",
+            resource_url="https://public.vulnerablecode.io/vulnerabilities/ID-0002",
             affecting=[package2],
         )
-        make_vulnerability(self.dataspace, vulnerability_id="VCID-0003", affecting=[package3])
+        make_vulnerability(self.dataspace, advisory_id="ID-0003", affecting=[package3])
 
         make_vulnerability_analysis(
             product_package1,
@@ -166,7 +166,7 @@ def test_outputs_get_cyclonedx_bom_include_vex(self):
         )
         self.assertIsInstance(bom, cyclonedx_bom.Bom)
         self.assertEqual(4, len(bom.vulnerabilities))
-        self.assertEqual(vulnerability1.vulnerability_id, bom.vulnerabilities[0].id)
+        self.assertEqual(vulnerability1.advisory_id, bom.vulnerabilities[0].id)
         self.assertIsNone(bom.vulnerabilities[0].analysis)
 
         analysis1 = make_vulnerability_analysis(product_package1, vulnerability1)
diff --git a/dje/tests/testfiles/outputs/csaf_security_advisory.csaf.json b/dje/tests/testfiles/outputs/csaf_security_advisory.csaf.json
index 7dc0f09d..fe5832dc 100644
--- a/dje/tests/testfiles/outputs/csaf_security_advisory.csaf.json
+++ b/dje/tests/testfiles/outputs/csaf_security_advisory.csaf.json
@@ -53,7 +53,7 @@
       "ids": [
         {
           "system_name": "VulnerableCode",
-          "text": "VCID-0001"
+          "text": "ID-0001"
         },
         {
           "system_name": "Common Vulnerabilities and Exposures",
@@ -85,7 +85,7 @@
       "ids": [
         {
           "system_name": "VulnerableCode",
-          "text": "VCID-0002"
+          "text": "ID-0002"
         }
       ],
       "notes": [
@@ -113,7 +113,7 @@
       "ids": [
         {
           "system_name": "VulnerableCode",
-          "text": "VCID-0003"
+          "text": "ID-0003"
         }
       ],
       "notes": [
diff --git a/dje/tests/testfiles/outputs/openvex_document.json b/dje/tests/testfiles/outputs/openvex_document.json
index 455557d1..83bdfa84 100644
--- a/dje/tests/testfiles/outputs/openvex_document.json
+++ b/dje/tests/testfiles/outputs/openvex_document.json
@@ -7,8 +7,8 @@
   "statements": [
     {
       "vulnerability": {
-        "name": "VCID-0001",
-        "@id": "https://public.vulnerablecode.io/vulnerabilities/VCID-0001",
+        "name": "ID-0001",
+        "@id": "https://public.vulnerablecode.io/vulnerabilities/ID-0001",
         "description": "",
         "aliases": [
           "CVE-1984-1010"
@@ -27,8 +27,8 @@
     },
     {
       "vulnerability": {
-        "name": "VCID-0002",
-        "@id": "https://public.vulnerablecode.io/vulnerabilities/VCID-0002",
+        "name": "ID-0002",
+        "@id": "https://public.vulnerablecode.io/vulnerabilities/ID-0002",
         "description": "",
         "aliases": []
       },
@@ -45,7 +45,7 @@
     },
     {
       "vulnerability": {
-        "name": "VCID-0003",
+        "name": "ID-0003",
         "@id": "",
         "description": "",
         "aliases": []
diff --git a/docs/reference-vulnerability-management.rst b/docs/reference-vulnerability-management.rst
index 34d95c1c..f4a61c74 100644
--- a/docs/reference-vulnerability-management.rst
+++ b/docs/reference-vulnerability-management.rst
@@ -117,8 +117,8 @@ The **Vulnerability** model in DejaCode provides detailed information about soft
 vulnerabilities. Each field captures specific aspects of a vulnerability, enabling
 accurate assessment and management. Below is a description of the key fields:
 
-- **vulnerability_id**:
-  A unique identifier for the vulnerability. For example, **"VCID-2024-0001"**.
+- **advisory_id**:
+  A unique identifier for the vulnerability. For example, **"PYSEC-2020-2233"**.
 
 - **resource_url**:
   The URL of the data source providing details about the vulnerability.
diff --git a/product_portfolio/api.py b/product_portfolio/api.py
index a84d3439..c1ea0ea6 100644
--- a/product_portfolio/api.py
+++ b/product_portfolio/api.py
@@ -196,8 +196,8 @@ class ProductFilterSet(DataspacedAPIFilterSet):
         field_name="packages__affected_by_vulnerabilities",
     )
     affected_by = django_filters.CharFilter(
-        field_name="packages__affected_by_vulnerabilities__vulnerability_id",
-        label="Affected by (vulnerability_id)",
+        field_name="packages__affected_by_vulnerabilities__advisory_id",
+        label="Affected by (advisory_id)",
     )
 
     class Meta:
@@ -751,8 +751,8 @@ class ProductPackageFilterSet(DataspacedAPIFilterSet):
         field_name="package__affected_by_vulnerabilities",
     )
     affected_by = django_filters.CharFilter(
-        field_name="package__affected_by_vulnerabilities__vulnerability_id",
-        label="Affected by (vulnerability_id)",
+        field_name="package__affected_by_vulnerabilities__advisory_id",
+        label="Affected by (advisory_id)",
     )
 
     class Meta:
diff --git a/product_portfolio/filters.py b/product_portfolio/filters.py
index c3ad11e8..98f6f369 100644
--- a/product_portfolio/filters.py
+++ b/product_portfolio/filters.py
@@ -138,7 +138,7 @@ class ProductFilterSet(DataspacedFilterSet):
         widget=DropDownRightWidget(link_content='<i class="fas fa-bug"></i>'),
     )
     affected_by = django_filters.CharFilter(
-        field_name="packages__affected_by_vulnerabilities__vulnerability_id",
+        field_name="packages__affected_by_vulnerabilities__advisory_id",
         label=_("Affected by"),
     )
     productpackage_licenses = django_filters.CharFilter(
diff --git a/product_portfolio/templates/product_portfolio/compliance/compliance_panels.html b/product_portfolio/templates/product_portfolio/compliance/compliance_panels.html
index 43ce4e46..92c0fe29 100644
--- a/product_portfolio/templates/product_portfolio/compliance/compliance_panels.html
+++ b/product_portfolio/templates/product_portfolio/compliance/compliance_panels.html
@@ -192,7 +192,7 @@ <h3 class="fs-6 fw-medium mb-0">{% trans "Security compliance" %}</h3>
             {% endif %}
           </span>
           <a href="{{ vulnerability.resource_url }}" target="_blank" class="font-monospace small text-decoration-none" style="min-width: fit-content;">
-            {{ vulnerability.vulnerability_id }}
+            {{ vulnerability.advisory_id }}
           </a>
           <span class="flex-grow-1 d-none d-md-inline small">{{ vulnerability.summary|truncatechars:70 }}</span>
         </div>
diff --git a/product_portfolio/templates/product_portfolio/compliance/compliance_vulnerabilities_card.html b/product_portfolio/templates/product_portfolio/compliance/compliance_vulnerabilities_card.html
index 60089149..190ac720 100644
--- a/product_portfolio/templates/product_portfolio/compliance/compliance_vulnerabilities_card.html
+++ b/product_portfolio/templates/product_portfolio/compliance/compliance_vulnerabilities_card.html
@@ -15,18 +15,18 @@ <h2 class="card-header fw-bold px-2 h6 d-flex justify-content-between align-item
         <div class="d-flex justify-content-between align-items-start">
           {% if vulnerability.resource_url %}
             <a class="fw-semibold" href="{{ vulnerability.resource_url }}" target="_blank">
-              {{ vulnerability.vulnerability_id }}
+              {{ vulnerability.advisory_id }}
               <i class="fa-solid fa-up-right-from-square mini"></i>
             </a>
           {% else %}
-            {{ vulnerability.vulnerability_id }}
+            {{ vulnerability.advisory_id }}
           {% endif %}
           {% if vulnerability.risk_level == 'critical' %}
-            <a href="{{ compliance_dashboard_url }}?affected_by={{ vulnerability.vulnerability_id }}" class="badge bg-danger-subtle text-danger-emphasis">
+            <a href="{{ compliance_dashboard_url }}?affected_by={{ vulnerability.advisory_id }}" class="badge bg-danger-subtle text-danger-emphasis">
               {{ vulnerability.product_count }} product{{ vulnerability.product_count|pluralize }}
             </a>
           {% else %}
-            <a href="{{ compliance_dashboard_url }}?affected_by={{ vulnerability.vulnerability_id }}" class="badge bg-warning-orange-subtle text-warning-orange">
+            <a href="{{ compliance_dashboard_url }}?affected_by={{ vulnerability.advisory_id }}" class="badge bg-warning-orange-subtle text-warning-orange">
               {{ vulnerability.product_count }} product{{ vulnerability.product_count|pluralize }}
             </a>
           {% endif %}
diff --git a/product_portfolio/templates/product_portfolio/compliance/compliance_watchlist_card.html b/product_portfolio/templates/product_portfolio/compliance/compliance_watchlist_card.html
index 2e1bdb4d..73ad45c3 100644
--- a/product_portfolio/templates/product_portfolio/compliance/compliance_watchlist_card.html
+++ b/product_portfolio/templates/product_portfolio/compliance/compliance_watchlist_card.html
@@ -44,7 +44,7 @@ <h2 class="card-header fw-bold px-2 h6 d-flex justify-content-between align-item
               <a href="{{ product_url }}?vulnerabilities-weighted_risk_score=low#vulnerabilities" class="badge bg-info-subtle text-info-emphasis{% if product.critical_count or product.high_count or product.medium_count %} ms-1{% endif %}">{{ product.low_count }} low</a>
             {% endif %}
             {% if not product.critical_count and not product.high_count and not product.medium_count and not product.low_count %}
-              <span class="text-body-tertiary">None</span>
+              <span class="text-body-tertiary small">None</span>
             {% endif %}
           </div>
         </div>
diff --git a/product_portfolio/templates/product_portfolio/modals/vulnerability_analysis_modal.html b/product_portfolio/templates/product_portfolio/modals/vulnerability_analysis_modal.html
index 1f716ec7..e1e268c2 100644
--- a/product_portfolio/templates/product_portfolio/modals/vulnerability_analysis_modal.html
+++ b/product_portfolio/templates/product_portfolio/modals/vulnerability_analysis_modal.html
@@ -7,7 +7,7 @@
           <h5>
             <i class="fas fa-bug vulnerability"></i>
             Vulnerability analysis:
-            <strong id="analysis-vulnerability-id"></strong>
+            <strong id="analysis-advisory-uid"></strong>
           </h5>
           <div>
             <i class="fa fa-archive"></i>
diff --git a/product_portfolio/templates/product_portfolio/product_details.html b/product_portfolio/templates/product_portfolio/product_details.html
index 7af09625..cfe9dbeb 100644
--- a/product_portfolio/templates/product_portfolio/product_details.html
+++ b/product_portfolio/templates/product_portfolio/product_details.html
@@ -292,11 +292,11 @@
           let button = $(event.relatedTarget); // Button that triggered the modal
           // Extract info from data-* attributes
           let edit_url = button.data('edit-url');
-          let vulnerability_id = button.data('vulnerability-id');
+          let advisory_uid = button.data('advisory-uid');
           let package_identifier = button.data('package-identifier');
 
           $('#submit-vulnerability-analysis-form').data('edit-url', edit_url);
-          $('#vulnerability-analysis-modal #analysis-vulnerability-id').text(vulnerability_id);
+          $('#vulnerability-analysis-modal #analysis-advisory-uid').text(advisory_uid);
           $('#vulnerability-analysis-modal #analysis-package-identifier').text(package_identifier);
 
           $.ajax({
diff --git a/product_portfolio/templates/product_portfolio/tabs/tab_packages_vulnerabilities.html b/product_portfolio/templates/product_portfolio/tabs/tab_packages_vulnerabilities.html
index 211d25d0..43ed66a3 100644
--- a/product_portfolio/templates/product_portfolio/tabs/tab_packages_vulnerabilities.html
+++ b/product_portfolio/templates/product_portfolio/tabs/tab_packages_vulnerabilities.html
@@ -44,11 +44,11 @@
               <strong>
                 {% if vulnerability.resource_url %}
                   <a href="{{ vulnerability.resource_url }}" target="_blank">
-                    {{ vulnerability.vulnerability_id }}
+                    {{ vulnerability.advisory_id }}
                     <i class="fa-solid fa-up-right-from-square mini"></i>
                   </a>
                 {% else %}
-                  {{ vulnerability.vulnerability_id }}
+                  {{ vulnerability.advisory_id }}
                 {% endif %}
                 {% if vulnerability.summary %}
                   <span class="float-end" data-bs-toggle="popover" data-bs-placement="right" data-bs-trigger="hover focus" data-bs-html="true" data-bs-content="{{ vulnerability.summary|linebreaksbr }}">
@@ -102,9 +102,9 @@
             <td class="p-1">
               <span data-bs-toggle="modal"
                     data-bs-target="#vulnerability-analysis-modal"
-                    data-vulnerability-id="{{ vulnerability.vulnerability_id }}"
+                    data-advisory-uid="{{ vulnerability.advisory_uid }}"
                     data-package-identifier="{{ product_package.package.identifier }}"
-                    data-edit-url="{% url 'product_portfolio:vulnerability_analysis_form' product_package.uuid vulnerability.vulnerability_id %}"
+                    data-edit-url="{% url 'product_portfolio:vulnerability_analysis_form' product_package.uuid vulnerability.advisory_uid %}"
               >
                 <button type="button" data-bs-toggle="tooltip" title="Edit" class="btn btn-link p-0" aria-label="Edit">
                   <i class="far fa-edit fa-sm"></i>
diff --git a/product_portfolio/tests/test_api.py b/product_portfolio/tests/test_api.py
index 88b50bcd..0afaee9e 100644
--- a/product_portfolio/tests/test_api.py
+++ b/product_portfolio/tests/test_api.py
@@ -1157,7 +1157,7 @@ def test_api_productpackage_endpoint_vulnerabilities_features(self):
 
         response = self.client.get(self.pp1_detail_url)
         response_analysis = response.data["vulnerability_analyses"][0]
-        self.assertEqual(vulnerability1.vulnerability_id, response_analysis["vulnerability_id"])
+        self.assertEqual(vulnerability1.advisory_uid, response_analysis["advisory_uid"])
         self.assertEqual(analysis1.state, response_analysis["state"])
         self.assertEqual(analysis1.justification, response_analysis["justification"])
 
@@ -1171,12 +1171,12 @@ def test_api_productpackage_endpoint_vulnerabilities_features(self):
         self.assertEqual(1, response.data["count"])
         self.assertContains(response, self.pp1_detail_url)
 
-        data = {"affected_by": vulnerability1.vulnerability_id}
+        data = {"affected_by": vulnerability1.advisory_id}
         response = self.client.get(self.productpackage_list_url, data)
         self.assertEqual(1, response.data["count"])
         self.assertContains(response, self.pp1_detail_url)
 
-        data = {"affected_by": vulnerability2.vulnerability_id}
+        data = {"affected_by": vulnerability2.advisory_id}
         response = self.client.get(self.productpackage_list_url, data)
         self.assertEqual(0, response.data["count"])
         self.assertNotContains(response, self.pp1_detail_url)
@@ -1189,7 +1189,7 @@ def test_api_product_endpoint_vulnerabilities_features(self):
 
         response = self.client.get(self.product1_detail_url)
         response_analysis = response.data["vulnerability_analyses"][0]
-        self.assertEqual(vulnerability1.vulnerability_id, response_analysis["vulnerability_id"])
+        self.assertEqual(vulnerability1.advisory_uid, response_analysis["advisory_uid"])
         self.assertEqual(analysis1.state, response_analysis["state"])
         self.assertEqual(analysis1.justification, response_analysis["justification"])
 
@@ -1205,13 +1205,13 @@ def test_api_product_endpoint_vulnerabilities_features(self):
         self.assertContains(response, self.product1_detail_url)
         self.assertNotContains(response, self.product2_detail_url)
 
-        data = {"affected_by": vulnerability1.vulnerability_id}
+        data = {"affected_by": vulnerability1.advisory_id}
         response = self.client.get(self.product_list_url, data)
         self.assertEqual(1, response.data["count"])
         self.assertContains(response, self.product1_detail_url)
         self.assertNotContains(response, self.product2_detail_url)
 
-        data = {"affected_by": vulnerability2.vulnerability_id}
+        data = {"affected_by": vulnerability2.advisory_id}
         response = self.client.get(self.product_list_url, data)
         self.assertEqual(0, response.data["count"])
         self.assertNotContains(response, self.product1_detail_url)
diff --git a/product_portfolio/tests/test_importers.py b/product_portfolio/tests/test_importers.py
index f6cbe077..c4983b69 100644
--- a/product_portfolio/tests/test_importers.py
+++ b/product_portfolio/tests/test_importers.py
@@ -1381,7 +1381,7 @@ def test_product_portfolio_import_packages_from_scio_importer_vex(
         created, existing, errors = importer.save()
         created_package = self.product1.packages.get()
         vulnerability = created_package.affected_by_vulnerabilities.get()
-        self.assertEqual(vulnerability_data["id"], vulnerability.vulnerability_id)
+        self.assertEqual(vulnerability_data["id"], vulnerability.advisory_id)
         self.assertEqual(vulnerability_data["summary"], vulnerability.summary)
 
         analysis = vulnerability.vulnerability_analyses.get()
diff --git a/product_portfolio/tests/test_views.py b/product_portfolio/tests/test_views.py
index c4eb4ba2..c047fab0 100644
--- a/product_portfolio/tests/test_views.py
+++ b/product_portfolio/tests/test_views.py
@@ -328,9 +328,9 @@ def test_product_portfolio_tab_vulnerability_view_packages_row_rendering(self):
         expected = f"""
         <span data-bs-toggle="modal"
               data-bs-target="#vulnerability-analysis-modal"
-              data-vulnerability-id="{vulnerability1.vcid}"
+              data-advisory-uid="{vulnerability1.advisory_uid}"
               data-package-identifier="{p1}"
-              data-edit-url="/products/vulnerability_analysis/{pp1.uuid}/{vulnerability1.vcid}/"
+              data-edit-url="/products/vulnerability_analysis/{pp1.uuid}/{vulnerability1.advisory_uid}/"
         >
         <button type="button" data-bs-toggle="tooltip" title="Edit" class="btn btn-link p-0"
                 aria-label="Edit">
@@ -375,15 +375,15 @@ def test_product_portfolio_tab_vulnerability_risk_threshold(self):
 
         url = product1.get_url("tab_vulnerabilities")
         response = self.client.get(url)
-        self.assertContains(response, vulnerability1.vcid)
-        self.assertContains(response, vulnerability2.vcid)
+        self.assertContains(response, vulnerability1.advisory_id)
+        self.assertContains(response, vulnerability2.advisory_id)
         self.assertContains(response, "2 results")
         self.assertNotContains(response, "A risk threshold filter at")
 
         product1.update(vulnerabilities_risk_threshold=3.0)
         response = self.client.get(url)
-        self.assertNotContains(response, vulnerability1.vcid)
-        self.assertContains(response, vulnerability2.vcid)
+        self.assertNotContains(response, vulnerability1.advisory_id)
+        self.assertContains(response, vulnerability2.advisory_id)
         self.assertContains(response, "1 results")
         self.assertContains(response, 'A risk threshold filter at "3.0" is currently applied.')
 
@@ -3130,7 +3130,7 @@ def test_product_portfolio_product_export_cyclonedx_view(self):
         response = self.client.get(export_cyclonedx_url, data={"content": "vex"})
         response_str = str(response.getvalue())
         self.assertIn("vulnerabilities", response_str)
-        self.assertIn(vulnerability1.vulnerability_id, response_str)
+        self.assertIn(vulnerability1.advisory_id, response_str)
 
     def test_product_portfolio_product_export_openvex_view(self):
         self.client.login(username=self.super_user.username, password="secret")
@@ -3384,7 +3384,7 @@ def test_product_portfolio_vulnerability_analysis_form_view(self):
 
         url = reverse(
             "product_portfolio:vulnerability_analysis_form",
-            args=[pp1.uuid, vulnerability1.vulnerability_id],
+            args=[pp1.uuid, vulnerability1.advisory_uid],
         )
 
         response = self.client.get(url)
@@ -4129,7 +4129,7 @@ def test_product_portfolio_product_security_compliance_export_view_csv(self):
             "Reference URL"
         )
         self.assertIn(expected_header, content)
-        self.assertIn(vulnerability.vulnerability_id, content)
+        self.assertIn(vulnerability.advisory_id, content)
         # Aliases must be flattened to a comma-joined string, not a Python list repr.
         self.assertIn('"CVE-2024-42005, GHSA-pv4p-cwwg-4rph, PYSEC-2024-70"', content)
         self.assertNotIn("['CVE-2024-42005'", content)
@@ -4153,7 +4153,7 @@ def test_product_portfolio_product_security_compliance_export_view_json(self):
 
         data = json.loads(response.content)
         self.assertEqual(1, len(data))
-        self.assertEqual(vulnerability.vulnerability_id, data[0]["vulnerability_id"])
+        self.assertEqual(vulnerability.advisory_uid, data[0]["advisory_uid"])
         # Aliases stay a real list in JSON, not a comma-joined string.
         self.assertEqual(
             ["CVE-2024-42005", "GHSA-pv4p-cwwg-4rph", "PYSEC-2024-70"],
@@ -4215,8 +4215,8 @@ def test_product_portfolio_product_security_compliance_export_view_yaml(self):
         self.assertIn(".yaml", response["Content-Disposition"])
 
         content = response.content.decode()
-        self.assertIn(vulnerability.vulnerability_id, content)
-        self.assertIn("vulnerability_id", content)
+        self.assertIn(vulnerability.advisory_uid, content)
+        self.assertIn("advisory_uid", content)
 
     def test_product_portfolio_product_security_compliance_export_view_respects_permissions(self):
         self.client.login(username=self.basic_user.username, password="secret")
@@ -4239,5 +4239,5 @@ def test_product_portfolio_product_security_compliance_export_view_respects_perm
         response = self.client.get(url + "?export=json")
         self.assertEqual(200, response.status_code)
         data = json.loads(response.content)
-        vulnerability_ids = [entry["vulnerability_id"] for entry in data]
-        self.assertIn(vulnerability.vulnerability_id, vulnerability_ids)
+        advisory_ids = [entry["advisory_id"] for entry in data]
+        self.assertIn(vulnerability.advisory_id, advisory_ids)
diff --git a/product_portfolio/urls.py b/product_portfolio/urls.py
index 56a4b57f..1c84b51f 100644
--- a/product_portfolio/urls.py
+++ b/product_portfolio/urls.py
@@ -117,7 +117,7 @@ def product_path(path_segment, view):
         name="edit_productrelation_ajax",
     ),
     path(
-        "vulnerability_analysis/<uuid:productpackage_uuid>/<str:vulnerability_id>/",
+        "vulnerability_analysis/<uuid:productpackage_uuid>/<path:advisory_uid>/",
         vulnerability_analysis_form_view,
         name="vulnerability_analysis_form",
     ),
diff --git a/product_portfolio/views.py b/product_portfolio/views.py
index 5bcd9d09..f41d46e7 100644
--- a/product_portfolio/views.py
+++ b/product_portfolio/views.py
@@ -1208,7 +1208,7 @@ class ProductTabVulnerabilitiesView(
         Header("affected_packages", _("Package"), help_text="Affected product packages"),
         Header("weighted_risk_score", _("Risk"), filter="weighted_risk_score"),
         Header(
-            "vulnerability_id",
+            "advisory_uid",
             _("Vulnerabilities"),
             help_text="Vulnerabilities affecting the product package",
         ),
@@ -2658,7 +2658,7 @@ def improve_packages_from_purldb_view(request, dataspace, name, version=""):
 
 
 @login_required
-def vulnerability_analysis_form_view(request, productpackage_uuid, vulnerability_id):
+def vulnerability_analysis_form_view(request, productpackage_uuid, advisory_uid):
     user = request.user
     dataspace = user.dataspace
     form_class = VulnerabilityAnalysisForm
@@ -2670,7 +2670,7 @@ def vulnerability_analysis_form_view(request, productpackage_uuid, vulnerability
     vulnerability_analysis_qs = VulnerabilityAnalysis.objects.scope(dataspace)
 
     product_package = get_object_or_404(product_package_qs, uuid=productpackage_uuid)
-    vulnerability = get_object_or_404(vulnerability_qs, vulnerability_id=vulnerability_id)
+    vulnerability = get_object_or_404(vulnerability_qs, advisory_uid=advisory_uid)
 
     # Fetch the existing Analysis values for each affected products
     product_analysis = vulnerability_analysis_qs.filter(
@@ -3180,7 +3180,7 @@ def get_context_data(self, **kwargs):
                 ),
             )
             .filter(product_count__gt=0)
-            .order_by("-risk_score", "-product_count", "vulnerability_id")
+            .order_by("-risk_score", "-product_count", "advisory_id")
         )
 
         context["vulnerabilities_qs"] = vulnerabilities[: self.limit]
@@ -3232,7 +3232,7 @@ class ProductSecurityComplianceExportView(
 
     export_filename = "security_compliance"
     export_fields = {
-        "vulnerability_id": "Vulnerability ID",
+        "advisory_id": "Vulnerability ID",
         "aliases": "Aliases",
         "summary": "Summary",
         "risk_level": "Risk level",
diff --git a/vulnerabilities/api.py b/vulnerabilities/api.py
index b1c62f9e..b8be931b 100644
--- a/vulnerabilities/api.py
+++ b/vulnerabilities/api.py
@@ -36,14 +36,17 @@ class Meta:
         fields = (
             "api_url",
             "uuid",
-            "vulnerability_id",
+            "advisory_uid",
+            "advisory_id",
             "resource_url",
             "summary",
             "aliases",
-            "references",
             "exploitability",
             "weighted_severity",
             "risk_score",
+            "risk_level",
+            "fixed_packages",
+            "ssvc_trees",
             "affected_packages",
             "affected_products",
         )
@@ -105,7 +108,7 @@ class VulnerabilityViewSet(ExtraPermissionsViewSetMixin, viewsets.ReadOnlyModelV
     lookup_field = "uuid"
     filterset_class = VulnerabilityFilterSet
     extra_permissions = (TabPermission,)
-    search_fields = ("vulnerability_id", "aliases")
+    search_fields = ("advisory_uid", "aliases")
     ordering_fields = (
         "exploitability",
         "weighted_severity",
@@ -130,7 +133,7 @@ def get_queryset(self):
 
 
 class VulnerabilityAnalysisSerializer(DataspacedSerializer, serializers.ModelSerializer):
-    vulnerability_id = serializers.ReadOnlyField(source="vulnerability.vulnerability_id")
+    advisory_uid = serializers.ReadOnlyField(source="vulnerability.advisory_uid")
 
     class Meta:
         model = VulnerabilityAnalysis
@@ -139,7 +142,7 @@ class Meta:
             "uuid",
             "product_package",
             "vulnerability",
-            "vulnerability_id",
+            "advisory_uid",
             "state",
             "justification",
             "responses",
diff --git a/vulnerabilities/fetch.py b/vulnerabilities/fetch.py
index 7f286ed0..0ccd095a 100644
--- a/vulnerabilities/fetch.py
+++ b/vulnerabilities/fetch.py
@@ -6,31 +6,46 @@
 # See https://aboutcode.org for more information about AboutCode FOSS projects.
 #
 
+import json
+import logging
 from timeit import default_timer as timer
 
 from django.contrib.contenttypes.models import ContentType
 from django.contrib.humanize.templatetags.humanize import intcomma
-from django.core.management.base import CommandError
 from django.urls import reverse
 from django.utils import timezone
 
+from packageurl import PackageURL
+
 from component_catalog.models import PACKAGE_URL_FIELDS
 from component_catalog.models import Package
+from component_catalog.models import PackageAffectedByVulnerability
 from dejacode_toolkit.vulnerablecode import VulnerableCode
+from dejacode_toolkit.vulnerablecode import get_plain_purls
 from dje.models import DejacodeUser
 from dje.utils import chunked_queryset
 from dje.utils import humanize_time
 from notification.models import find_and_fire_hook
 from vulnerabilities.models import Vulnerability
 
+logger = logging.getLogger("dje")
+
 
-def fetch_from_vulnerablecode(dataspace, batch_size, update, timeout, log_func=None):
+def fetch_from_vulnerablecode(
+    dataspace, batch_size, update, timeout, log_func=None, err_func=None, verbosity=1
+):
+    """Fetch vulnerability data from VulnerableCode for all eligible packages in ``dataspace``."""
     start_time = timer()
     vulnerablecode = VulnerableCode(dataspace)
     if not vulnerablecode.is_configured():
+        if log_func:
+            log_func("VulnerableCode is not configured.")
         return
 
     available_types = vulnerablecode.get_package_url_available_types()
+    if not available_types:
+        raise ValueError("VulnerableCode did not return any supported package types.")
+
     package_qs = (
         Package.objects.scope(dataspace)
         .has_package_url()
@@ -49,6 +64,8 @@ def fetch_from_vulnerablecode(dataspace, batch_size, update, timeout, log_func=N
         update=update,
         timeout=timeout,
         log_func=log_func,
+        err_func=err_func,
+        verbosity=verbosity,
     )
 
     run_time = timer() - start_time
@@ -64,7 +81,14 @@ def fetch_from_vulnerablecode(dataspace, batch_size, update, timeout, log_func=N
 
 
 def fetch_for_packages(
-    queryset, dataspace, batch_size=50, update=True, timeout=None, log_func=None
+    queryset,
+    dataspace,
+    batch_size=50,
+    update=True,
+    timeout=None,
+    log_func=None,
+    err_func=None,
+    verbosity=1,
 ):
     from product_portfolio.models import ProductPackage
 
@@ -75,61 +99,194 @@ def fetch_for_packages(
         return results
 
     vulnerablecode = VulnerableCode(dataspace)
+    # Tracks advisory_uids created during this run to avoid re-updating them in later batches.
+    created_advisory_uids = set()
 
     for index, batch in enumerate(chunked_queryset(queryset, batch_size), start=1):
+        batch_start = timer()
+        progress_count = min(index * batch_size, object_count)
         if log_func:
-            progress_count = index * batch_size
-            if progress_count > object_count:
-                progress_count = object_count
             log_func(f"Progress: {intcomma(progress_count)}/{intcomma(object_count)}")
 
         batch_affected_packages = []
-        vc_entries = vulnerablecode.get_vulnerable_purls(batch, purl_only=False, timeout=timeout)
-        for vc_entry in vc_entries:
-            affected_by_vulnerabilities = vc_entry.get("affected_by_vulnerabilities")
-            if not affected_by_vulnerabilities:
-                continue
-
-            affected_packages = queryset.filter(
-                type=vc_entry.get("type"),
-                namespace=vc_entry.get("namespace") or "",
-                name=vc_entry.get("name"),
-                version=vc_entry.get("version") or "",
+        batch_results = {"created": 0, "updated": 0}
+
+        api_start = timer()
+        vc_entries = vulnerablecode.get_vulnerable_purls(batch, details=True, timeout=timeout)
+        api_elapsed = timer() - api_start
+
+        if vc_entries is None:
+            failed_purls = get_plain_purls(batch)
+            payload = json.dumps({"purls": failed_purls, "details": True}, indent=4)
+            error_msg = (
+                f"VulnerableCode API call failed for batch {index} "
+                f"({len(failed_purls)} purls, "
+                f"progress: {intcomma(progress_count)}/{intcomma(object_count)}).\n{payload}"
+            )
+            logger.error(error_msg)
+            if err_func:
+                err_func(error_msg)
+            elif log_func:
+                log_func(f"  API call failed for batch {index} - skipping.")
+            continue
+
+        if log_func and verbosity >= 2:
+            log_func(
+                f"  API call: {humanize_time(api_elapsed)} ({len(vc_entries)} vulnerable purls)"
             )
-            if not affected_packages:
-                raise CommandError("Could not find package!")
-
-            # Store all packages of that batch to then trigger the update_weighted_risk_score
-            batch_affected_packages.extend(affected_packages)
 
-            for vulnerability_data in affected_by_vulnerabilities:
-                create_or_update_vulnerability(
-                    vulnerability_data, dataspace, affected_packages, update, results
-                )
+        # One SELECT for all advisory_uids in this batch instead of one per vulnerability.
+        all_advisory_uids = [
+            vulnerability_data["advisory_uid"]
+            for vc_entry in vc_entries
+            for vulnerability_data in (vc_entry.get("affected_by_vulnerabilities") or [])
+        ]
+        vulnerability_cache = {
+            vulnerability.advisory_uid: vulnerability
+            for vulnerability in Vulnerability.objects.scope(dataspace).filter(
+                advisory_uid__in=all_advisory_uids
+            )
+        }
 
-            if package_risk_score := vc_entry.get("risk_score"):
-                affected_packages.update(risk_score=package_risk_score)
+        for vc_entry in vc_entries:
+            affected_packages = process_vc_entry(
+                vc_entry,
+                queryset,
+                dataspace,
+                update,
+                batch_results,
+                vulnerability_cache,
+                created_advisory_uids,
+                log_func,
+                verbosity,
+            )
+            batch_affected_packages.extend(affected_packages)
 
         product_package_qs = ProductPackage.objects.filter(package__in=batch_affected_packages)
         product_package_qs.update_weighted_risk_score()
 
+        results["created"] += batch_results["created"]
+        results["updated"] += batch_results["updated"]
+
+        if log_func and verbosity >= 2:
+            batch_elapsed = timer() - batch_start
+            db_elapsed = batch_elapsed - api_elapsed
+            log_func(
+                f"  Batch done: {batch_results['created']} created, "
+                f"{batch_results['updated']} updated "
+                f"(API: {humanize_time(api_elapsed)}, processing: {humanize_time(db_elapsed)}, "
+                f"total: {humanize_time(batch_elapsed)})"
+            )
+
     return results
 
 
-def create_or_update_vulnerability(
-    vulnerability_data, dataspace, affected_packages, update, results
+def batch_add_affected(affected_packages, vulnerabilities):
+    """
+    Link all ``vulnerabilities`` to all ``affected_packages`` using two queries:
+    one SELECT to find existing relationships, one bulk INSERT for the missing ones.
+
+    Replaces N*M individual ``get_or_create`` calls from ``add_affected_by``.
+    """
+    existing_pairs = set(
+        PackageAffectedByVulnerability.objects.filter(
+            package__in=affected_packages,
+            vulnerability__in=vulnerabilities,
+        ).values_list("package_id", "vulnerability_id")
+    )
+    to_create = [
+        PackageAffectedByVulnerability(
+            package=package,
+            vulnerability=vulnerability,
+            dataspace_id=package.dataspace_id,
+        )
+        for package in affected_packages
+        for vulnerability in vulnerabilities
+        if (package.pk, vulnerability.pk) not in existing_pairs
+    ]
+    if to_create:
+        PackageAffectedByVulnerability.objects.bulk_create(to_create, ignore_conflicts=True)
+
+
+def process_vc_entry(
+    vc_entry,
+    queryset,
+    dataspace,
+    update,
+    results,
+    vulnerability_cache,
+    created_advisory_uids,
+    log_func=None,
+    verbosity=1,
 ):
-    vulnerability_id = vulnerability_data["vulnerability_id"]
-    vulnerability_qs = Vulnerability.objects.scope(dataspace)
-    vulnerability = vulnerability_qs.get_or_none(vulnerability_id=vulnerability_id)
+    """
+    Process a single VulnerableCode purl entry: find matching packages, create or update
+    linked vulnerabilities, and apply the API-provided risk score.
+
+    Returns the affected packages as a list, or an empty list if the entry has no
+    vulnerabilities. The ``results`` dict is updated in-place.
+    """
+    affected_by_vulnerabilities = vc_entry.get("affected_by_vulnerabilities")
+    if not affected_by_vulnerabilities:
+        return []
+
+    purl = PackageURL.from_string(vc_entry.get("purl"))
+    # Evaluate to a list immediately: packages_qs.update() below clears the QS cache,
+    # which would cause a re-SELECT when the caller iterates the return value.
+    packages_qs = queryset.filter(
+        type=purl.type,
+        namespace=purl.namespace or "",
+        name=purl.name,
+        version=purl.version,
+    )
+    affected_packages = list(packages_qs)
+    if not affected_packages:
+        if log_func:
+            log_func(f"  Warning: no packages found for {purl}, skipping.")
+        return []
+
+    if log_func and verbosity >= 2:
+        advisory_count = len(affected_by_vulnerabilities)
+        label = "advisory" if advisory_count == 1 else "advisories"
+        log_func(f"  {purl}: {advisory_count} {label}")
+
+    vulnerabilities = []
+    for vulnerability_data in affected_by_vulnerabilities:
+        advisory_uid = vulnerability_data["advisory_uid"]
+        vulnerability = create_or_update_vulnerability(
+            vulnerability_data,
+            dataspace,
+            update,
+            results,
+            created_advisory_uids,
+            vulnerability=vulnerability_cache.get(advisory_uid),
+        )
+        vulnerability_cache[advisory_uid] = vulnerability
+        vulnerabilities.append(vulnerability)
+
+    # Link packages to vulnerabilities: 1 SELECT + 1 bulk INSERT instead of N*M get_or_create.
+    batch_add_affected(affected_packages, vulnerabilities)
+
+    # Update risk_score without triggering Package.save() (which carries handle_assigned_licenses).
+    if package_risk_score := vc_entry.get("risk_score"):
+        packages_qs.update(risk_score=package_risk_score)
 
+    return affected_packages
+
+
+def create_or_update_vulnerability(
+    vulnerability_data, dataspace, update, results, created_advisory_uids, vulnerability=None
+):
+    """Create or update a Vulnerability from ``vulnerability_data``."""
+    advisory_uid = vulnerability_data["advisory_uid"]
     if not vulnerability:
         vulnerability = Vulnerability.create_from_data(
             dataspace=dataspace,
             data=vulnerability_data,
         )
         results["created"] += 1
-    elif update:
+        created_advisory_uids.add(advisory_uid)
+    elif update and advisory_uid not in created_advisory_uids:
         updated_fields = vulnerability.update_from_data(
             user=None,
             data=vulnerability_data,
@@ -138,7 +295,6 @@ def create_or_update_vulnerability(
         if updated_fields:
             results["updated"] += 1
 
-    vulnerability.add_affected(affected_packages)
     return vulnerability
 
 
diff --git a/vulnerabilities/filters.py b/vulnerabilities/filters.py
index e63a20a2..6cc5dd6b 100644
--- a/vulnerabilities/filters.py
+++ b/vulnerabilities/filters.py
@@ -75,7 +75,7 @@ class VulnerabilityFilterSet(DataspacedFilterSet):
     ]
     q = SearchFilter(
         label=_("Search"),
-        search_fields=["vulnerability_id", "aliases"],
+        search_fields=["advisory_uid", "aliases"],
     )
     sort = NullsLastOrderingFilter(
         label=_("Sort"),
diff --git a/vulnerabilities/management/commands/fetchvulnerabilities.py b/vulnerabilities/management/commands/fetchvulnerabilities.py
index bb4d4f2b..416cf4d5 100644
--- a/vulnerabilities/management/commands/fetchvulnerabilities.py
+++ b/vulnerabilities/management/commands/fetchvulnerabilities.py
@@ -14,14 +14,18 @@
 
 
 class Command(DataspacedCommand):
-    help = "Fetch vulnerabilities for the provided Dataspace"
+    help = (
+        "Fetch vulnerabilities for the provided Dataspace. "
+        "Progress is written to stdout; API errors (timeouts, network failures) go to stderr. "
+        "To capture errors separately: ./manage.py fetchvulnerabilities 2>errors.log"
+    )
 
     def add_arguments(self, parser):
         super().add_arguments(parser)
         parser.add_argument(
             "--batch-size",
             type=int,
-            default=50,
+            default=100,
             help="Specifies the number of objects per requests to the VulnerableCode service",
         )
         parser.add_argument(
@@ -48,13 +52,18 @@ def handle(self, *args, **options):
         if not vulnerablecode.is_configured():
             raise CommandError("VulnerableCode is not configured.")
 
-        fetch.fetch_from_vulnerablecode(
-            self.dataspace,
-            batch_size=batch_size,
-            update=True,
-            timeout=timeout,
-            log_func=self.stdout.write,
-        )
+        try:
+            fetch.fetch_from_vulnerablecode(
+                self.dataspace,
+                batch_size=batch_size,
+                update=True,
+                timeout=timeout,
+                log_func=self.stdout.write,
+                err_func=self.stderr.write,
+                verbosity=options["verbosity"],
+            )
+        except ValueError as error:
+            raise CommandError(error) from error
 
         if not options["no_notification"]:
             fetch.notify_vulnerability_data_update(self.dataspace)
diff --git a/vulnerabilities/migrations/0008_api_v3_new_fields.py b/vulnerabilities/migrations/0008_api_v3_new_fields.py
new file mode 100644
index 00000000..0f657cb2
--- /dev/null
+++ b/vulnerabilities/migrations/0008_api_v3_new_fields.py
@@ -0,0 +1,33 @@
+# Generated by Django 6.0.6 on 2026-06-15 14:51
+
+import dje.fields
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('vulnerabilities', '0007_vulnerability_vulnerabili_exploit_f83324_idx_and_more'),
+    ]
+
+    operations = [
+        migrations.RemoveIndex(
+            model_name='vulnerability',
+            name='vulnerabili_vulnera_92f044_idx',
+        ),
+        migrations.AddField(
+            model_name='vulnerability',
+            name='advisory_id',
+            field=models.CharField(help_text='An advisory is a vulnerability identifier in some database, such as PYSEC-2020-2233', max_length=200, null=True),
+        ),
+        migrations.AddField(
+            model_name='vulnerability',
+            name='advisory_uid',
+            field=models.CharField(help_text='Unique ID for the datasource used for this advisory .e.g.: pysec_importer_v2/PYSEC-2020-2233', max_length=250, null=True),
+        ),
+        migrations.AddField(
+            model_name='vulnerability',
+            name='ssvc_trees',
+            field=dje.fields.JSONListField(blank=True, default=list, help_text='A list of SSVC decision trees for this vulnerability.'),
+        ),
+    ]
diff --git a/vulnerabilities/migrations/0009_api_v3_data_migrations.py b/vulnerabilities/migrations/0009_api_v3_data_migrations.py
new file mode 100644
index 00000000..cc965ce2
--- /dev/null
+++ b/vulnerabilities/migrations/0009_api_v3_data_migrations.py
@@ -0,0 +1,42 @@
+# Generated by Django 6.0.6 on 2026-06-15 14:53
+
+from django.db import migrations
+from django.db.models import F
+
+
+def migrate_and_purge_vulnerabilities(apps, schema_editor):
+    """
+    Migrate vulnerability_id to advisory_id/advisory_uid for vulnerabilities
+    linked to a VulnerabilityAnalysis, then purge the rest.
+    vulnerability_id was unique so using it directly as both fields is safe.
+    """
+    Vulnerability = apps.get_model("vulnerabilities", "Vulnerability")
+    VulnerabilityAnalysis = apps.get_model("vulnerabilities", "VulnerabilityAnalysis")
+
+    linked_ids = VulnerabilityAnalysis.objects.values_list(
+        "vulnerability_id", flat=True
+    ).distinct()
+
+    Vulnerability.objects.filter(id__in=linked_ids).update(
+        advisory_id=F("vulnerability_id"),
+        advisory_uid=F("vulnerability_id"),
+    )
+
+    Vulnerability.objects.exclude(id__in=linked_ids).delete()
+
+
+def purge_vulnerabilities(apps, schema_editor):
+    """Purge all vulnerabilities on reverse, data cannot be recovered."""
+    Vulnerability = apps.get_model("vulnerabilities", "Vulnerability")
+    Vulnerability.objects.all().delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('vulnerabilities', '0008_api_v3_new_fields'),
+    ]
+
+    operations = [
+        migrations.RunPython(migrate_and_purge_vulnerabilities, purge_vulnerabilities),
+    ]
diff --git a/vulnerabilities/migrations/0010_api_v3_remove_old_fields.py b/vulnerabilities/migrations/0010_api_v3_remove_old_fields.py
new file mode 100644
index 00000000..3cf2c483
--- /dev/null
+++ b/vulnerabilities/migrations/0010_api_v3_remove_old_fields.py
@@ -0,0 +1,44 @@
+# Generated by Django 6.0.6 on 2026-06-15 14:56
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dje', '0015_alter_dataspaceconfiguration_purldb_api_key_and_more'),
+        ('vulnerabilities', '0009_api_v3_data_migrations'),
+    ]
+
+    operations = [
+        migrations.AlterUniqueTogether(
+            name='vulnerability',
+            unique_together={('dataspace', 'advisory_uid'), ('dataspace', 'uuid')},
+        ),
+        migrations.AlterField(
+            model_name='vulnerability',
+            name='advisory_id',
+            field=models.CharField(help_text='An advisory is a vulnerability identifier in some database, such as PYSEC-2020-2233', max_length=200),
+        ),
+        migrations.AlterField(
+            model_name='vulnerability',
+            name='advisory_uid',
+            field=models.CharField(help_text='Unique ID for the datasource used for this advisory .e.g.: pysec_importer_v2/PYSEC-2020-2233', max_length=250),
+        ),
+        migrations.AddIndex(
+            model_name='vulnerability',
+            index=models.Index(fields=['advisory_uid'], name='vulnerabili_advisor_8c2f81_idx'),
+        ),
+        migrations.AddIndex(
+            model_name='vulnerability',
+            index=models.Index(fields=['advisory_id'], name='vulnerabili_advisor_7de61b_idx'),
+        ),
+        migrations.RemoveField(
+            model_name='vulnerability',
+            name='references',
+        ),
+        migrations.RemoveField(
+            model_name='vulnerability',
+            name='vulnerability_id',
+        ),
+    ]
diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py
index a1b54aa0..0c82ee21 100644
--- a/vulnerabilities/models.py
+++ b/vulnerabilities/models.py
@@ -6,7 +6,6 @@
 # See https://aboutcode.org for more information about AboutCode FOSS projects.
 #
 
-import decimal
 import logging
 
 from django.contrib.postgres.fields import ArrayField
@@ -82,7 +81,7 @@ class Vulnerability(HistoryDateFieldsMixin, DataspacedModel):
     """
     A software vulnerability with a unique identifier and alternate aliases.
 
-    Adapted from the VulnerableCode models at
+    Adapted from the VulnerableCode AdvisoryV2 model at
     https://github.com/nexB/vulnerablecode/blob/main/vulnerabilities/models.py
 
     Note that this model implements the HistoryDateFieldsMixin but not the
@@ -90,12 +89,17 @@ class Vulnerability(HistoryDateFieldsMixin, DataspacedModel):
     automatically on object addition or during schedule tasks.
     """
 
-    # The first set of fields are storing data as fetched from VulnerableCode
-    vulnerability_id = models.CharField(
-        max_length=20,
+    advisory_uid = models.CharField(
+        max_length=250,
         help_text=_(
-            "A unique identifier for the vulnerability, prefixed with 'VCID-'. "
-            "For example, 'VCID-2024-0001'."
+            "Unique ID for the datasource used for this advisory ."
+            "e.g.: pysec_importer_v2/PYSEC-2020-2233"
+        ),
+    )
+    advisory_id = models.CharField(
+        max_length=200,
+        help_text=_(
+            "An advisory is a vulnerability identifier in some database, such as PYSEC-2020-2233"
         ),
     )
     resource_url = models.URLField(
@@ -115,13 +119,6 @@ class Vulnerability(HistoryDateFieldsMixin, DataspacedModel):
             "(e.g., 'CVE-2017-1000136')."
         ),
     )
-    references = JSONListField(
-        blank=True,
-        help_text=_(
-            "A list of references for this vulnerability. Each reference includes a "
-            "URL, an optional reference ID, scores, and the URL for further details. "
-        ),
-    )
     fixed_packages = JSONListField(
         blank=True,
         help_text=_("A list of packages that are not affected by this vulnerability."),
@@ -131,6 +128,10 @@ class Vulnerability(HistoryDateFieldsMixin, DataspacedModel):
         output_field=models.IntegerField(),
         db_persist=True,
     )
+    ssvc_trees = JSONListField(
+        blank=True,
+        help_text=_("A list of SSVC decision trees for this vulnerability."),
+    )
     EXPLOITABILITY_CHOICES = [
         (0.5, _("No exploits known")),
         (1.0, _("Potential exploits")),
@@ -188,9 +189,10 @@ class Vulnerability(HistoryDateFieldsMixin, DataspacedModel):
 
     class Meta:
         verbose_name_plural = "Vulnerabilities"
-        unique_together = (("dataspace", "vulnerability_id"), ("dataspace", "uuid"))
+        unique_together = (("dataspace", "advisory_uid"), ("dataspace", "uuid"))
         indexes = [
-            models.Index(fields=["vulnerability_id"]),
+            models.Index(fields=["advisory_uid"]),
+            models.Index(fields=["advisory_id"]),
             models.Index(fields=["exploitability"]),
             models.Index(fields=["weighted_severity"]),
             models.Index(fields=["risk_score"]),
@@ -198,11 +200,7 @@ class Meta:
         ]
 
     def __str__(self):
-        return self.vulnerability_id
-
-    @property
-    def vcid(self):
-        return self.vulnerability_id
+        return self.advisory_id
 
     @property
     def cve(self):
@@ -210,13 +208,13 @@ def cve(self):
             if alias.startswith("CVE-"):
                 return alias
 
-    def add_affected(self, instances):
+    def add_affected(self, instances, update_score=True):
         """Assign the ``instances`` (Package or Product) as affected by this vulnerability."""
         if not isinstance(instances, (list, tuple, models.QuerySet)):
             instances = [instances]
 
         for instance in instances:
-            instance.add_affected_by(vulnerability=self)
+            instance.add_affected_by(vulnerability=self, update_score=update_score)
 
     @classmethod
     def create_from_data(cls, dataspace, data, validate=False, affecting=None):
@@ -233,14 +231,18 @@ def get_or_create_from_data(cls, dataspace, data, validate=False):
         """Get or create a Vulnerability from provided ``data``."""
         vulnerability_qs = Vulnerability.objects.scope(dataspace)
 
-        # Support for CycloneDX data structure
         data = data.copy()
-        vulnerability_id = data.get("vulnerability_id") or data.pop("id", None)
-        if not vulnerability_id:
+        # CycloneDX uses "id" where we expect advisory_id and advisory_uid.
+        if "id" in data:
+            cyclonedx_id = data.pop("id")
+            data.setdefault("advisory_id", cyclonedx_id)
+            data.setdefault("advisory_uid", cyclonedx_id)
+
+        advisory_uid = data.get("advisory_uid")
+        if not advisory_uid:
             return
-        data["vulnerability_id"] = vulnerability_id
 
-        vulnerability = vulnerability_qs.get_or_none(vulnerability_id=vulnerability_id)
+        vulnerability = vulnerability_qs.get_or_none(advisory_uid=advisory_uid)
         if not vulnerability:
             vulnerability = cls.create_from_data(
                 dataspace=dataspace,
@@ -263,51 +265,11 @@ def as_cyclonedx(self, affected_instances, analysis=None):
             url=self.resource_url,
         )
 
-        references = []
-        ratings = []
-        for reference in self.references:
-            reference_source = cdx_vulnerability.VulnerabilitySource(
-                url=reference.get("reference_url"),
-            )
-            references.append(
-                cdx_vulnerability.VulnerabilityReference(
-                    id=reference.get("reference_id"),
-                    source=reference_source,
-                )
-            )
-
-            for score_entry in reference.get("scores", []):
-                # CycloneDX only support a float value for the score field,
-                # where on the VulnerableCode data it can be either a score float value
-                # or a severity string value.
-                score_value = score_entry.get("value")
-                try:
-                    score = decimal.Decimal(score_value)
-                    severity = None
-                except decimal.DecimalException:
-                    score = None
-                    severity = getattr(
-                        cdx_vulnerability.VulnerabilitySeverity,
-                        score_value.upper(),
-                        None,
-                    )
-
-                ratings.append(
-                    cdx_vulnerability.VulnerabilityRating(
-                        source=reference_source,
-                        score=score,
-                        severity=severity,
-                        vector=score_entry.get("scoring_elements"),
-                    )
-                )
-
         return cdx_vulnerability.Vulnerability(
-            id=self.vulnerability_id,
+            id=self.advisory_id,
             source=source,
             description=self.summary,
             affects=affects,
-            references=sorted(references),
-            ratings=ratings,
             analysis=analysis,
         )
 
@@ -472,11 +434,12 @@ def update_risk_score(self):
         self.save(update_fields=["risk_score"])
         return self.risk_score
 
-    def add_affected_by(self, vulnerability):
+    def add_affected_by(self, vulnerability, update_score=True):
         """Add ``vulnerability`` as affecting this instance."""
         through_defaults = {"dataspace_id": self.dataspace_id}
         self.affected_by_vulnerabilities.add(vulnerability, through_defaults=through_defaults)
-        self.update_risk_score()
+        if update_score:
+            self.update_risk_score()
 
     def get_entry_for_package(self, vulnerablecode):
         if not self.package_url:
@@ -491,16 +454,7 @@ def get_entry_for_package(self, vulnerablecode):
             affected_by_vulnerabilities = vulnerable_packages[0].get("affected_by_vulnerabilities")
             return affected_by_vulnerabilities
 
-    def get_entry_for_component(self, vulnerablecode):
-        if not self.cpe:
-            return
-
-        # Support for Component is paused as the CPES endpoint do not work properly.
-        # https://github.com/aboutcode-org/vulnerablecode/issues/1557
-        # vulnerabilities = vulnerablecode.get_vulnerabilities_by_cpe(self.cpe, timeout=10)
-
     def get_entry_from_vulnerablecode(self):
-        from component_catalog.models import Component
         from component_catalog.models import Package
         from dejacode_toolkit.vulnerablecode import VulnerableCode
 
@@ -516,8 +470,6 @@ def get_entry_from_vulnerablecode(self):
         if not is_vulnerablecode_enabled:
             return
 
-        if isinstance(self, Component):
-            return self.get_entry_for_component(vulnerablecode)
         elif isinstance(self, Package):
             return self.get_entry_for_package(vulnerablecode)
 
diff --git a/vulnerabilities/templates/vulnerabilities/tables/vulnerability_list_table.html b/vulnerabilities/templates/vulnerabilities/tables/vulnerability_list_table.html
index 4b5aae94..f6a6dc02 100644
--- a/vulnerabilities/templates/vulnerabilities/tables/vulnerability_list_table.html
+++ b/vulnerabilities/templates/vulnerabilities/tables/vulnerability_list_table.html
@@ -12,11 +12,11 @@
         <strong>
           {% if vulnerability.resource_url %}
             <a href="{{ vulnerability.resource_url }}" target="_blank">
-              {{ vulnerability.vulnerability_id }}
+              {{ vulnerability.advisory_id }}
               <i class="fa-solid fa-up-right-from-square mini"></i>
             </a>
           {% else %}
-            {{ vulnerability.vulnerability_id }}
+            {{ vulnerability.advisory_id }}
           {% endif %}
         </strong>
         <div class="mt-2">
@@ -46,7 +46,7 @@
       </td>
       <td>
         {% if vulnerability.affected_products_count %}
-          <a href="{% url 'product_portfolio:product_list' %}?affected_by={{ vulnerability.vulnerability_id }}">
+          <a href="{% url 'product_portfolio:product_list' %}?affected_by={{ vulnerability.advisory_id }}">
             {{ vulnerability.affected_products_count }}
           </a>
         {% else %}
@@ -55,7 +55,7 @@
       </td>
       <td>
         {% if vulnerability.affected_packages_count %}
-          <a href="{% url 'component_catalog:package_list' %}?affected_by={{ vulnerability.vulnerability_id }}">
+          <a href="{% url 'component_catalog:package_list' %}?affected_by={{ vulnerability.advisory_id }}">
             {{ vulnerability.affected_packages_count }}
           </a>
         {% else %}
diff --git a/vulnerabilities/tests/__init__.py b/vulnerabilities/tests/__init__.py
index 15888df9..22053099 100644
--- a/vulnerabilities/tests/__init__.py
+++ b/vulnerabilities/tests/__init__.py
@@ -13,8 +13,11 @@
 
 def make_vulnerability(dataspace, affecting=None, **data):
     """Create a vulnerability for test purposes."""
-    if "vulnerability_id" not in data:
-        data["vulnerability_id"] = f"VCID-0000-{make_string(4)}"
+    if "advisory_id" not in data:
+        data["advisory_id"] = f"ID-0000-{make_string(4)}"
+
+    if "advisory_uid" not in data:
+        data["advisory_uid"] = f"importer/{data['advisory_id']}"
 
     vulnerability = Vulnerability.objects.create(
         dataspace=dataspace,
diff --git a/vulnerabilities/tests/data/vulnerabilities/idna_3.6_as_cyclonedx.json b/vulnerabilities/tests/data/vulnerabilities/idna_3.6_as_cyclonedx.json
index bac5f524..621eb7bd 100644
--- a/vulnerabilities/tests/data/vulnerabilities/idna_3.6_as_cyclonedx.json
+++ b/vulnerabilities/tests/data/vulnerabilities/idna_3.6_as_cyclonedx.json
@@ -4,132 +4,10 @@
       "ref": "pkg:type/name@1.9.0"
     }
   ],
-  "description": "Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode",
-  "id": "VCID-j3au-usaz-aaag",
-  "references": [
-    {
-      "id": "",
-      "source": {
-        "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3651.json"
-      }
-    },
-    {
-      "id": "",
-      "source": {
-        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3651"
-      }
-    },
-    {
-      "id": "",
-      "source": {
-        "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
-      }
-    },
-    {
-      "id": "",
-      "source": {
-        "url": "https://github.com/kjd/idna"
-      }
-    },
-    {
-      "id": "",
-      "source": {
-        "url": "https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"
-      }
-    },
-    {
-      "id": "",
-      "source": {
-        "url": "https://github.com/pypa/advisory-database/tree/main/vulns/idna/PYSEC-2024-60.yaml"
-      }
-    },
-    {
-      "id": "",
-      "source": {
-        "url": "https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb"
-      }
-    },
-    {
-      "id": "1069127",
-      "source": {
-        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069127"
-      }
-    },
-    {
-      "id": "2274779",
-      "source": {
-        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274779"
-      }
-    },
-    {
-      "id": "CVE-2024-3651",
-      "source": {
-        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3651"
-      }
-    },
-    {
-      "id": "GHSA-jjg7-2v4v-x38h",
-      "source": {
-        "url": "https://github.com/advisories/GHSA-jjg7-2v4v-x38h"
-      }
-    },
-    {
-      "id": "GHSA-jjg7-2v4v-x38h",
-      "source": {
-        "url": "https://github.com/kjd/idna/security/advisories/GHSA-jjg7-2v4v-x38h"
-      }
-    },
-    {
-      "id": "RHSA-2024:3466",
-      "source": {
-        "url": "https://access.redhat.com/errata/RHSA-2024:3466"
-      }
-    },
-    {
-      "id": "RHSA-2024:3543",
-      "source": {
-        "url": "https://access.redhat.com/errata/RHSA-2024:3543"
-      }
-    },
-    {
-      "id": "RHSA-2024:3552",
-      "source": {
-        "url": "https://access.redhat.com/errata/RHSA-2024:3552"
-      }
-    },
-    {
-      "id": "RHSA-2024:3781",
-      "source": {
-        "url": "https://access.redhat.com/errata/RHSA-2024:3781"
-      }
-    },
-    {
-      "id": "RHSA-2024:3846",
-      "source": {
-        "url": "https://access.redhat.com/errata/RHSA-2024:3846"
-      }
-    },
-    {
-      "id": "RHSA-2024:4260",
-      "source": {
-        "url": "https://access.redhat.com/errata/RHSA-2024:4260"
-      }
-    },
-    {
-      "id": "USN-6780-1",
-      "source": {
-        "url": "https://usn.ubuntu.com/6780-1/"
-      }
-    },
-    {
-      "id": "cpe:2.3:a:kjd:internationalized_domain_names_in_applications:3.6:*:*:*:*:*:*:*",
-      "source": {
-        "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kjd:internationalized_domain_names_in_applications:3.6:*:*:*:*:*:*:*"
-      }
-    }
-  ],
+  "description": "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.",
+  "id": "PYSEC-2024-60",
   "source": {
     "name": "VulnerableCode",
-    "url": "http://public.vulnerablecode.io/vulnerabilities/VCID-j3au-usaz-aaag"
+    "url": "http://public.vulnerablecode.io/advisories/pypa/idna/PYSEC-2024-60"
   }
-}
\ No newline at end of file
+}
diff --git a/vulnerabilities/tests/data/vulnerabilities/idna_3.6_response.json b/vulnerabilities/tests/data/vulnerabilities/idna_3.6_response.json
index 5b53f1fb..e9e0a942 100644
--- a/vulnerabilities/tests/data/vulnerabilities/idna_3.6_response.json
+++ b/vulnerabilities/tests/data/vulnerabilities/idna_3.6_response.json
@@ -4,271 +4,98 @@
     "previous": null,
     "results": [
         {
-            "url": "http://public.vulnerablecode.io/api/packages/844821",
             "purl": "pkg:pypi/idna@3.6",
-            "type": "pypi",
-            "namespace": "",
-            "name": "idna",
-            "version": "3.6",
-            "qualifiers": {},
-            "subpath": "",
-            "is_vulnerable": true,
-            "risk_score": 8.4,
-            "next_non_vulnerable_version": "3.7",
-            "latest_non_vulnerable_version": "3.7",
             "affected_by_vulnerabilities": [
                 {
-                    "url": "http://public.vulnerablecode.io/api/vulnerabilities/525663",
-                    "vulnerability_id": "VCID-j3au-usaz-aaag",
-                    "summary": "Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode",
-                    "exploitability": 2.0,
-                    "weighted_severity": 4.2,
-                    "risk_score": 8.4,
-                    "references": [
-                        {
-                            "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3651.json",
-                            "reference_id": "",
-                            "reference_type": "",
-                            "scores": [
-                                {
-                                    "value": "6.5",
-                                    "scoring_system": "cvssv3",
-                                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
-                                }
-                            ],
-                            "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3651.json"
-                        },
-                        {
-                            "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3651",
-                            "reference_id": "",
-                            "reference_type": "",
-                            "scores": [],
-                            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3651"
-                        },
+                    "advisory_id": "PYSEC-2024-60",
+                    "advisory_uid": "pypa/idna/PYSEC-2024-60",
+                    "aliases": [
+                        "CVE-2024-3651",
+                        "GHSA-jjg7-2v4v-x38h"
+                    ],
+                    "summary": "A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size.",
+                    "weighted_severity": 6.8,
+                    "exploitability": 0.5,
+                    "risk_score": 3.4,
+                    "fixed_by_packages": [
+                        "pkg:pypi/idna@3.7"
+                    ],
+                    "ssvc_trees": [
                         {
-                            "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml",
-                            "reference_id": "",
-                            "reference_type": "",
-                            "scores": [
+                            "vector": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-07T19:07:43Z/",
+                            "decision": "Track",
+                            "options": [
                                 {
-                                    "value": "2.1",
-                                    "scoring_system": "cvssv2",
-                                    "scoring_elements": "AV:N/AC:H/Au:S/C:N/I:P/A:N"
+                                    "Exploitation": "none"
                                 },
                                 {
-                                    "value": "4.4",
-                                    "scoring_system": "cvssv3",
-                                    "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"
+                                    "Automatable": "no"
                                 },
                                 {
-                                    "value": "5.5",
-                                    "scoring_system": "cvssv3.1",
-                                    "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
-                                }
-                            ],
-                            "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"
-                        },
-                        {
-                            "reference_url": "https://github.com/kjd/idna",
-                            "reference_id": "",
-                            "reference_type": "",
-                            "scores": [
-                                {
-                                    "value": "6.2",
-                                    "scoring_system": "cvssv3.1",
-                                    "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+                                    "Technical Impact": "partial"
                                 },
                                 {
-                                    "value": "MODERATE",
-                                    "scoring_system": "generic_textual",
-                                    "scoring_elements": ""
-                                }
-                            ],
-                            "url": "https://github.com/kjd/idna"
-                        },
-                        {
-                            "reference_url": "https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d",
-                            "reference_id": "",
-                            "reference_type": "",
-                            "scores": [
+                                    "Mission Prevalence": "minimal"
+                                },
                                 {
-                                    "value": "7.5",
-                                    "scoring_system": "cvssv3.1",
-                                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+                                    "Public Well-being Impact": "material"
                                 },
                                 {
-                                    "value": "MODERATE",
-                                    "scoring_system": "generic_textual",
-                                    "scoring_elements": ""
+                                    "Mission & Well-being": "medium"
                                 }
                             ],
-                            "url": "https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d"
-                        },
+                            "source_url": "https://github.com/cisagov/vulnrichment/blob/develop/2024/3xxx/CVE-2024-3651.json"
+                        }
+                    ],
+                    "resource_url": "http://public.vulnerablecode.io/advisories/pypa/idna/PYSEC-2024-60"
+                },
+                {
+                    "advisory_id": "GHSA-65pc-fj4g-8rjx",
+                    "advisory_uid": "github_osv/GHSA-65pc-fj4g-8rjx",
+                    "aliases": [
+                        "CVE-2026-45409"
+                    ],
+                    "summary": "Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix\nThis is the same issue as CVE-2024-3651, however the original remediation in 2024 was not a complete fix. Payloads such as `\"\\u0660\" * N` or `\"\\u30fb\" * N + \"\\u6f22\"` utilize the `valid_contexto` function prior to length rejection, and for high values of `N` will take a long time to process.\n\n### Impact\nA specially crafted argument to the `idna.encode()` function could consume significant resources. This may lead to a denial-of-service.\n\n### Patches\nStarting in version 3.14, the function rejects long inputs as soon as practicable prior to any further processing to minimize resource consumption. In version 3.15, this approach was extended to lesser used alternate functions (i.e. per-label conversions and codec support).\n\n### Workarounds\nDomain names cannot exceed 253 characters in length, if this length limit is enforced prior to passing the domain to the `idna.encode()` function it should no longer consume significant resources. This is triggered by arbitrarily large inputs that would not occur in normal usage, but may be passed to the library assuming there is no preliminary input validation by the higher-level application.",
+                    "weighted_severity": 6.2,
+                    "exploitability": 0.5,
+                    "risk_score": 3.1,
+                    "fixed_by_packages": [
+                        "pkg:pypi/idna@3.15"
+                    ],
+                    "ssvc_trees": [
                         {
-                            "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/idna/PYSEC-2024-60.yaml",
-                            "reference_id": "",
-                            "reference_type": "",
-                            "scores": [
+                            "vector": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-06-08T14:30:54Z/",
+                            "decision": "Track",
+                            "options": [
                                 {
-                                    "value": "6.2",
-                                    "scoring_system": "cvssv3.1",
-                                    "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+                                    "Exploitation": "none"
                                 },
                                 {
-                                    "value": "MODERATE",
-                                    "scoring_system": "generic_textual",
-                                    "scoring_elements": ""
-                                }
-                            ],
-                            "url": "https://github.com/pypa/advisory-database/tree/main/vulns/idna/PYSEC-2024-60.yaml"
-                        },
-                        {
-                            "reference_url": "https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb",
-                            "reference_id": "",
-                            "reference_type": "",
-                            "scores": [
-                                {
-                                    "value": "7.5",
-                                    "scoring_system": "cvssv3.1",
-                                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+                                    "Automatable": "yes"
                                 },
                                 {
-                                    "value": "MODERATE",
-                                    "scoring_system": "generic_textual",
-                                    "scoring_elements": ""
-                                }
-                            ],
-                            "url": "https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb"
-                        },
-                        {
-                            "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069127",
-                            "reference_id": "1069127",
-                            "reference_type": "",
-                            "scores": [],
-                            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069127"
-                        },
-                        {
-                            "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274779",
-                            "reference_id": "2274779",
-                            "reference_type": "",
-                            "scores": [],
-                            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274779"
-                        },
-                        {
-                            "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kjd:internationalized_domain_names_in_applications:3.6:*:*:*:*:*:*:*",
-                            "reference_id": "cpe:2.3:a:kjd:internationalized_domain_names_in_applications:3.6:*:*:*:*:*:*:*",
-                            "reference_type": "",
-                            "scores": [],
-                            "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kjd:internationalized_domain_names_in_applications:3.6:*:*:*:*:*:*:*"
-                        },
-                        {
-                            "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3651",
-                            "reference_id": "CVE-2024-3651",
-                            "reference_type": "",
-                            "scores": [
+                                    "Technical Impact": "partial"
+                                },
                                 {
-                                    "value": "7.5",
-                                    "scoring_system": "cvssv3",
-                                    "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
-                                }
-                            ],
-                            "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3651"
-                        },
-                        {
-                            "reference_url": "https://github.com/advisories/GHSA-jjg7-2v4v-x38h",
-                            "reference_id": "GHSA-jjg7-2v4v-x38h",
-                            "reference_type": "",
-                            "scores": [
+                                    "Mission Prevalence": "minimal"
+                                },
                                 {
-                                    "value": "MODERATE",
-                                    "scoring_system": "cvssv3.1_qr",
-                                    "scoring_elements": ""
-                                }
-                            ],
-                            "url": "https://github.com/advisories/GHSA-jjg7-2v4v-x38h"
-                        },
-                        {
-                            "reference_url": "https://github.com/kjd/idna/security/advisories/GHSA-jjg7-2v4v-x38h",
-                            "reference_id": "GHSA-jjg7-2v4v-x38h",
-                            "reference_type": "",
-                            "scores": [
+                                    "Public Well-being Impact": "material"
+                                },
                                 {
-                                    "value": "MODERATE",
-                                    "scoring_system": "cvssv3.1_qr",
-                                    "scoring_elements": ""
+                                    "Mission & Well-being": "medium"
                                 }
                             ],
-                            "url": "https://github.com/kjd/idna/security/advisories/GHSA-jjg7-2v4v-x38h"
-                        },
-                        {
-                            "reference_url": "https://access.redhat.com/errata/RHSA-2024:3466",
-                            "reference_id": "RHSA-2024:3466",
-                            "reference_type": "",
-                            "scores": [],
-                            "url": "https://access.redhat.com/errata/RHSA-2024:3466"
-                        },
-                        {
-                            "reference_url": "https://access.redhat.com/errata/RHSA-2024:3543",
-                            "reference_id": "RHSA-2024:3543",
-                            "reference_type": "",
-                            "scores": [],
-                            "url": "https://access.redhat.com/errata/RHSA-2024:3543"
-                        },
-                        {
-                            "reference_url": "https://access.redhat.com/errata/RHSA-2024:3552",
-                            "reference_id": "RHSA-2024:3552",
-                            "reference_type": "",
-                            "scores": [],
-                            "url": "https://access.redhat.com/errata/RHSA-2024:3552"
-                        },
-                        {
-                            "reference_url": "https://access.redhat.com/errata/RHSA-2024:3781",
-                            "reference_id": "RHSA-2024:3781",
-                            "reference_type": "",
-                            "scores": [],
-                            "url": "https://access.redhat.com/errata/RHSA-2024:3781"
-                        },
-                        {
-                            "reference_url": "https://access.redhat.com/errata/RHSA-2024:3846",
-                            "reference_id": "RHSA-2024:3846",
-                            "reference_type": "",
-                            "scores": [],
-                            "url": "https://access.redhat.com/errata/RHSA-2024:3846"
-                        },
-                        {
-                            "reference_url": "https://access.redhat.com/errata/RHSA-2024:4260",
-                            "reference_id": "RHSA-2024:4260",
-                            "reference_type": "",
-                            "scores": [],
-                            "url": "https://access.redhat.com/errata/RHSA-2024:4260"
-                        },
-                        {
-                            "reference_url": "https://usn.ubuntu.com/6780-1/",
-                            "reference_id": "USN-6780-1",
-                            "reference_type": "",
-                            "scores": [],
-                            "url": "https://usn.ubuntu.com/6780-1/"
+                            "source_url": "https://github.com/cisagov/vulnrichment/blob/develop/2026/45xxx/CVE-2026-45409.json"
                         }
                     ],
-                    "fixed_packages": [
-                        {
-                            "url": "http://public.vulnerablecode.io/api/packages/810901",
-                            "purl": "pkg:pypi/idna@3.7",
-                            "is_vulnerable": false,
-                            "affected_by_vulnerabilities": [],
-                            "resource_url": "http://public.vulnerablecode.io/packages/pkg:pypi/idna@3.7"
-                        }
-                    ],
-                    "aliases": [
-                        "CVE-2024-3651",
-                        "GHSA-jjg7-2v4v-x38h",
-                        "PYSEC-2024-60"
-                    ],
-                    "resource_url": "http://public.vulnerablecode.io/vulnerabilities/VCID-j3au-usaz-aaag"
+                    "resource_url": "http://public.vulnerablecode.io/advisories/github_osv/GHSA-65pc-fj4g-8rjx"
                 }
             ],
             "fixing_vulnerabilities": [],
-            "resource_url": "http://public.vulnerablecode.io/packages/pkg:pypi/idna@3.6"
+            "next_non_vulnerable_version": "3.15",
+            "latest_non_vulnerable_version": "3.15",
+            "risk_score": 3.4
         }
     ]
-}
\ No newline at end of file
+}
diff --git a/vulnerabilities/tests/test_api.py b/vulnerabilities/tests/test_api.py
index 82171c1f..ccae963b 100644
--- a/vulnerabilities/tests/test_api.py
+++ b/vulnerabilities/tests/test_api.py
@@ -63,11 +63,11 @@ def test_api_vulnerabilities_list_endpoint_results(self):
 
         # Ordered by risk_score
         expected = [
-            self.vulnerability3.vulnerability_id,
-            self.vulnerability2.vulnerability_id,
-            self.vulnerability1.vulnerability_id,
+            self.vulnerability3.advisory_uid,
+            self.vulnerability2.advisory_uid,
+            self.vulnerability1.advisory_uid,
         ]
-        self.assertEqual(expected, [entry["vulnerability_id"] for entry in results])
+        self.assertEqual(expected, [entry["advisory_uid"] for entry in results])
 
         self.assertEqual(str(self.package1), results[2]["affected_packages"][0]["display_name"])
         self.assertEqual(str(self.product1), results[2]["affected_products"][0]["display_name"])
@@ -75,12 +75,12 @@ def test_api_vulnerabilities_list_endpoint_results(self):
     def test_api_vulnerabilities_list_endpoint_search(self):
         self.client.login(username="super_user", password="secret")
 
-        data = {"search": self.vulnerability1.vulnerability_id}
+        data = {"search": self.vulnerability1.advisory_uid}
         response = self.client.get(self.vulnerabilities_list_url, data)
         self.assertEqual(1, response.data["count"])
-        self.assertContains(response, self.vulnerability1.vulnerability_id)
-        self.assertNotContains(response, self.vulnerability2.vulnerability_id)
-        self.assertNotContains(response, self.vulnerability3.vulnerability_id)
+        self.assertContains(response, self.vulnerability1.advisory_uid)
+        self.assertNotContains(response, self.vulnerability2.advisory_uid)
+        self.assertNotContains(response, self.vulnerability3.advisory_uid)
 
     def test_api_vulnerabilities_list_endpoint_filters(self):
         self.client.login(username="super_user", password="secret")
@@ -88,9 +88,9 @@ def test_api_vulnerabilities_list_endpoint_filters(self):
         data = {"risk_score": "critical"}
         response = self.client.get(self.vulnerabilities_list_url, data)
         self.assertEqual(1, response.data["count"])
-        self.assertNotContains(response, self.vulnerability1.vulnerability_id)
-        self.assertNotContains(response, self.vulnerability2.vulnerability_id)
-        self.assertContains(response, self.vulnerability3.vulnerability_id)
+        self.assertNotContains(response, self.vulnerability1.advisory_id)
+        self.assertNotContains(response, self.vulnerability2.advisory_id)
+        self.assertContains(response, self.vulnerability3.advisory_id)
 
     def test_api_vulnerabilities_detail_endpoint(self):
         detail_url = reverse("api_v2:vulnerability-detail", args=[self.vulnerability1.uuid])
@@ -101,7 +101,7 @@ def test_api_vulnerabilities_detail_endpoint(self):
 
         self.assertContains(response, detail_url)
         self.assertIn(detail_url, response.data["api_url"])
-        self.assertEqual(self.vulnerability1.vulnerability_id, response.data["vulnerability_id"])
+        self.assertEqual(self.vulnerability1.advisory_uid, response.data["advisory_uid"])
         self.assertEqual(str(self.vulnerability1.uuid), response.data["uuid"])
         self.assertEqual("0.0", response.data["risk_score"])
         self.assertEqual(1, len(response.data["affected_packages"]))
@@ -126,14 +126,14 @@ def test_api_vulnerability_analysis_list_endpoint_filters(self):
         data = {"is_reachable": "yes"}
         response = self.client.get(self.analysis_list_url, data)
         self.assertEqual(1, response.data["count"])
-        self.assertContains(response, self.vulnerability1.vulnerability_id)
-        self.assertNotContains(response, self.vulnerability2.vulnerability_id)
+        self.assertContains(response, self.vulnerability1.advisory_id)
+        self.assertNotContains(response, self.vulnerability2.advisory_id)
 
         data = {"is_reachable": "no"}
         response = self.client.get(self.analysis_list_url, data)
         self.assertEqual(0, response.data["count"])
-        self.assertNotContains(response, self.vulnerability1.vulnerability_id)
-        self.assertNotContains(response, self.vulnerability2.vulnerability_id)
+        self.assertNotContains(response, self.vulnerability1.advisory_id)
+        self.assertNotContains(response, self.vulnerability2.advisory_id)
 
     def test_api_vulnerability_analysis_detail_endpoint(self):
         self.client.login(username="super_user", password="secret")
@@ -150,7 +150,7 @@ def test_api_vulnerability_analysis_detail_endpoint(self):
 
         self.assertContains(response, detail_url)
         self.assertIn(detail_url, response.data["api_url"])
-        self.assertEqual(self.vulnerability1.vulnerability_id, response.data["vulnerability_id"])
+        self.assertEqual(self.vulnerability1.advisory_uid, response.data["advisory_uid"])
         self.assertEqual(str(analysis1.uuid), response.data["uuid"])
         self.assertTrue(response.data["is_reachable"])
 
@@ -185,7 +185,7 @@ def test_api_vulnerability_analysis_endpoint_create(self):
         self.assertEqual(status.HTTP_201_CREATED, response.status_code)
         self.assertIn(product_package1_detail_url, response.data["product_package"])
         self.assertIn(vulnerability1_detail_url, response.data["vulnerability"])
-        self.assertEqual(self.vulnerability1.vulnerability_id, response.data["vulnerability_id"])
+        self.assertEqual(self.vulnerability1.advisory_uid, response.data["advisory_uid"])
         self.assertEqual("resolved", response.data["state"])
         self.assertEqual("code_not_present", response.data["justification"])
         self.assertEqual("detail", response.data["detail"])
diff --git a/vulnerabilities/tests/test_fetch.py b/vulnerabilities/tests/test_fetch.py
index 239931c2..ccdbc9c9 100644
--- a/vulnerabilities/tests/test_fetch.py
+++ b/vulnerabilities/tests/test_fetch.py
@@ -35,14 +35,16 @@ def setUp(self):
         self.dataspace = Dataspace.objects.create(name="nexB")
 
     @mock.patch("vulnerabilities.fetch.fetch_for_packages")
+    @mock.patch("dejacode_toolkit.vulnerablecode.VulnerableCode.get_package_url_available_types")
     @mock.patch("dejacode_toolkit.vulnerablecode.VulnerableCode.is_configured")
     def test_vulnerabilities_fetch_from_vulnerablecode(
-        self, mock_is_configured, mock_fetch_for_packages
+        self, mock_is_configured, mock_get_available_types, mock_fetch_for_packages
     ):
         buffer = io.StringIO()
         make_package(self.dataspace, package_url="pkg:pypi/idna@3.6")
         make_package(self.dataspace, package_url="pkg:pypi/idna@2.0")
         mock_is_configured.return_value = True
+        mock_get_available_types.return_value = ["pypi"]
         mock_fetch_for_packages.return_value = {"created": 2, "updated": 0}
         fetch_from_vulnerablecode(
             self.dataspace, batch_size=1, update=True, timeout=None, log_func=buffer.write
@@ -81,40 +83,77 @@ def test_vulnerabilities_fetch_for_packages(self, mock_bulk_search_by_purl):
         queryset = Package.objects.scope(self.dataspace)
         response_file = self.data / "vulnerabilities" / "idna_3.6_response.json"
         response_json = json.loads(response_file.read_text())
-        mock_bulk_search_by_purl.return_value = response_json["results"]
+        mock_bulk_search_by_purl.return_value = response_json
 
-        results = fetch_for_packages(
-            queryset, self.dataspace, batch_size=1, update=True, log_func=buffer.write
-        )
-        self.assertEqual(results, {"created": 1, "updated": 0})
+        with self.assertNumQueries(12):
+            results = fetch_for_packages(
+                queryset, self.dataspace, batch_size=1, update=True, log_func=buffer.write
+            )
+        self.assertEqual(results, {"created": 2, "updated": 0})
 
         self.assertEqual("Progress: 1/1", buffer.getvalue())
-        self.assertEqual(1, package1.affected_by_vulnerabilities.count())
-        vulnerability = package1.affected_by_vulnerabilities.get()
-        self.assertEqual("VCID-j3au-usaz-aaag", vulnerability.vulnerability_id)
-        self.assertEqual(Decimal("2.0"), vulnerability.exploitability)
-        self.assertEqual(Decimal("4.2"), vulnerability.weighted_severity)
-        self.assertEqual(Decimal("8.4"), vulnerability.risk_score)
+        self.assertEqual(2, package1.affected_by_vulnerabilities.count())
+        vulnerability = package1.affected_by_vulnerabilities.filter(
+            advisory_uid="pypa/idna/PYSEC-2024-60"
+        ).get()
+        self.assertEqual("PYSEC-2024-60", vulnerability.advisory_id)
+        self.assertEqual(Decimal("0.5"), vulnerability.exploitability)
+        self.assertEqual(Decimal("6.8"), vulnerability.weighted_severity)
+        self.assertEqual(Decimal("3.4"), vulnerability.risk_score)
         package1.refresh_from_db()
         pp1.refresh_from_db()
-        self.assertEqual(Decimal("8.4"), package1.risk_score)
-        self.assertEqual(Decimal("8.4"), pp1.weighted_risk_score)
+        self.assertEqual(Decimal("3.4"), package1.risk_score)
+        self.assertEqual(Decimal("3.4"), pp1.weighted_risk_score)
 
-        # Update
         purpose1 = make_product_item_purpose(self.dataspace, exposure_factor=0.5)
         pp1.raw_update(purpose=purpose1)
         response_json["results"][0]["affected_by_vulnerabilities"][0]["risk_score"] = 10.0
-        mock_bulk_search_by_purl.return_value = response_json["results"]
-        results = fetch_for_packages(
-            queryset, self.dataspace, batch_size=1, update=True, log_func=buffer.write
-        )
-        self.assertEqual(results, {"created": 0, "updated": 1})
-        vulnerability = package1.affected_by_vulnerabilities.get()
+        mock_bulk_search_by_purl.return_value = response_json
+        with self.assertNumQueries(10):
+            results = fetch_for_packages(
+                queryset, self.dataspace, batch_size=1, update=True, log_func=buffer.write
+            )
+        self.assertEqual(results, {"created": 0, "updated": 2})
+        vulnerability = package1.affected_by_vulnerabilities.filter(
+            advisory_uid="pypa/idna/PYSEC-2024-60"
+        ).get()
         self.assertEqual(Decimal("10.0"), vulnerability.risk_score)
         package1.refresh_from_db()
         pp1.refresh_from_db()
-        self.assertEqual(Decimal("8.4"), package1.risk_score)
-        self.assertEqual(Decimal("4.2"), pp1.weighted_risk_score)
+        self.assertEqual(Decimal("3.4"), package1.risk_score)
+        self.assertEqual(Decimal("1.7"), pp1.weighted_risk_score)
+
+    @mock.patch("dejacode_toolkit.vulnerablecode.VulnerableCode.bulk_search_by_purl")
+    def test_vulnerabilities_fetch_for_packages_cross_batch_no_spurious_update(
+        self, mock_bulk_search_by_purl
+    ):
+        # Two packages affected by the same advisory_uid, processed in separate batches.
+        # The vulnerability must be created once and never "updated" within the same run.
+        make_package(self.dataspace, package_url="pkg:pypi/idna@3.6")
+        make_package(self.dataspace, package_url="pkg:pypi/idna@3.7")
+        queryset = Package.objects.scope(self.dataspace)
+        response_file = self.data / "vulnerabilities" / "idna_3.6_response.json"
+        response_36 = json.loads(response_file.read_text())
+        # Minimal response for idna@3.7: same advisory_uid as idna@3.6's first vulnerability.
+        shared_vuln = response_36["results"][0]["affected_by_vulnerabilities"][0]
+        response_37 = {
+            "count": 1,
+            "next": None,
+            "previous": None,
+            "results": [
+                {
+                    "purl": "pkg:pypi/idna@3.7",
+                    "affected_by_vulnerabilities": [shared_vuln],
+                    "risk_score": 3.4,
+                }
+            ],
+        }
+        mock_bulk_search_by_purl.side_effect = [response_36, response_37]
+
+        results = fetch_for_packages(queryset, self.dataspace, batch_size=1, update=True)
+        # 2 vulnerabilities created from response_36; the shared one is NOT re-updated
+        # when encountered in response_37's batch, because created_advisory_uids guards it.
+        self.assertEqual(results, {"created": 2, "updated": 0})
 
     @mock.patch("vulnerabilities.fetch.find_and_fire_hook")
     def test_vulnerabilities_fetch_notify_vulnerability_data_update(self, mock_fire_hook):
diff --git a/vulnerabilities/tests/test_filters.py b/vulnerabilities/tests/test_filters.py
index 417ce5c2..ddbcdf33 100644
--- a/vulnerabilities/tests/test_filters.py
+++ b/vulnerabilities/tests/test_filters.py
@@ -24,7 +24,7 @@ def setUp(self):
         self.vulnerability4 = make_vulnerability(self.dataspace, risk_score=None)
 
     def test_vulnerability_filterset_search(self):
-        data = {"q": self.vulnerability1.vulnerability_id}
+        data = {"q": self.vulnerability1.advisory_id}
         filterset = VulnerabilityFilterSet(dataspace=self.dataspace, data=data)
         self.assertQuerySetEqual(filterset.qs, [self.vulnerability1])
 
diff --git a/vulnerabilities/tests/test_models.py b/vulnerabilities/tests/test_models.py
index e5e31159..0aa1d497 100644
--- a/vulnerabilities/tests/test_models.py
+++ b/vulnerabilities/tests/test_models.py
@@ -36,16 +36,16 @@ def setUp(self):
         self.dataspace = Dataspace.objects.create(name="nexB")
         self.super_user = create_superuser("super_user", self.dataspace)
 
-    @mock.patch("dejacode_toolkit.vulnerablecode.VulnerableCode.request_get")
-    def test_vulnerability_mixin_get_entry_for_package(self, mock_request_get):
+    @mock.patch("dejacode_toolkit.vulnerablecode.VulnerableCode.bulk_search_by_purl")
+    def test_vulnerability_mixin_get_entry_for_package(self, mock_bulk_search):
         vulnerablecode = VulnerableCode(self.dataspace)
         package1 = make_package(self.dataspace, package_url="pkg:composer/guzzlehttp/psr7@1.9.0")
         response_file = self.data / "vulnerabilities" / "idna_3.6_response.json"
-        mock_request_get.return_value = json.loads(response_file.read_text())
+        mock_bulk_search.return_value = json.loads(response_file.read_text())
 
         affected_by_vulnerabilities = package1.get_entry_for_package(vulnerablecode)
-        self.assertEqual(1, len(affected_by_vulnerabilities))
-        self.assertEqual("VCID-j3au-usaz-aaag", affected_by_vulnerabilities[0]["vulnerability_id"])
+        self.assertEqual(2, len(affected_by_vulnerabilities))
+        self.assertEqual("pypa/idna/PYSEC-2024-60", affected_by_vulnerabilities[0]["advisory_uid"])
 
     @mock.patch("vulnerabilities.models.AffectedByVulnerabilityMixin.get_entry_for_package")
     @mock.patch("dejacode_toolkit.vulnerablecode.VulnerableCode.is_configured")
@@ -62,36 +62,38 @@ def test_vulnerability_mixin_get_entry_from_vulnerablecode(
         package1.get_entry_from_vulnerablecode()
         mock_get_entry_for_package.assert_called_once()
 
-    @mock.patch("dejacode_toolkit.vulnerablecode.VulnerableCode.request_get")
+    @mock.patch("dejacode_toolkit.vulnerablecode.VulnerableCode.bulk_search_by_purl")
     @mock.patch("dejacode_toolkit.vulnerablecode.VulnerableCode.is_configured")
-    def test_vulnerability_mixin_fetch_vulnerabilities(self, mock_is_configured, mock_request_get):
+    def test_vulnerability_mixin_fetch_vulnerabilities(self, mock_is_configured, mock_bulk_search):
         mock_is_configured.return_value = True
         self.dataspace.enable_vulnerablecodedb_access = True
         self.dataspace.save()
         response_file = self.data / "vulnerabilities" / "idna_3.6_response.json"
-        mock_request_get.return_value = json.loads(response_file.read_text())
+        mock_bulk_search.return_value = json.loads(response_file.read_text())
 
         package1 = make_package(self.dataspace, package_url="pkg:pypi/idna@3.6")
         package1.fetch_vulnerabilities()
 
-        self.assertEqual(1, Vulnerability.objects.scope(self.dataspace).count())
-        self.assertEqual(1, package1.affected_by_vulnerabilities.count())
-        vulnerability = package1.affected_by_vulnerabilities.get()
-        self.assertEqual("VCID-j3au-usaz-aaag", vulnerability.vulnerability_id)
+        self.assertEqual(2, Vulnerability.objects.scope(self.dataspace).count())
+        self.assertEqual(2, package1.affected_by_vulnerabilities.count())
+        vulnerability = package1.affected_by_vulnerabilities.filter(
+            advisory_uid="pypa/idna/PYSEC-2024-60"
+        ).get()
+        self.assertEqual("PYSEC-2024-60", vulnerability.advisory_id)
 
     def test_vulnerability_mixin_create_vulnerabilities(self):
         response_file = self.data / "vulnerabilities" / "idna_3.6_response.json"
         response_json = json.loads(response_file.read_text())
         vulnerabilities_data = response_json["results"][0]["affected_by_vulnerabilities"]
-        vulnerabilities_data.append({"vulnerability_id": "VCID-0002", "risk_score": 5.0})
+        vulnerabilities_data.append({"advisory_uid": "VCID-0002", "risk_score": 5.0})
 
         package1 = make_package(self.dataspace, package_url="pkg:pypi/idna@3.6")
         product1 = make_product(self.dataspace, inventory=[package1])
         package1.create_vulnerabilities(vulnerabilities_data)
 
-        self.assertEqual(2, Vulnerability.objects.scope(self.dataspace).count())
-        self.assertEqual("8.4", str(package1.risk_score))
-        self.assertEqual("8.4", str(product1.productpackages.get().weighted_risk_score))
+        self.assertEqual(3, Vulnerability.objects.scope(self.dataspace).count())
+        self.assertEqual("5.0", str(package1.risk_score))
+        self.assertEqual("5.0", str(product1.productpackages.get().weighted_risk_score))
 
     def test_vulnerability_mixin_update_risk_score(self):
         package1 = make_package(self.dataspace)
@@ -151,6 +153,14 @@ def test_vulnerability_mixin_add_affected_by(self):
         self.assertEqual(package1, vulnerability3.affected_packages.get())
         self.assertEqual(3, package1.affected_by_vulnerabilities.count())
 
+        # update_score=False must not trigger risk score recalculation
+        package2 = make_package(self.dataspace)
+        vulnerability4 = make_vulnerability(self.dataspace, risk_score=9.9)
+        package2.add_affected_by(vulnerability4, update_score=False)
+        package2.refresh_from_db()
+        self.assertIsNone(package2.risk_score)
+        self.assertEqual(1, package2.affected_by_vulnerabilities.count())
+
     def test_vulnerability_model_affected_packages_m2m(self):
         package1 = make_package(self.dataspace)
         vulnerability1 = make_vulnerability(dataspace=self.dataspace, affecting=package1)
@@ -199,24 +209,15 @@ def test_vulnerability_model_fixed_packages_count_generated_field(self):
     def test_vulnerability_model_create_from_data(self):
         package1 = make_package(self.dataspace)
         vulnerability_data = {
-            "vulnerability_id": "VCID-q4q6-yfng-aaag",
-            "summary": "In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0.",
-            "aliases": ["CVE-2024-27351", "GHSA-vm8q-m57g-pff3", "PYSEC-2024-47"],
-            "references": [
-                {
-                    "reference_url": "https://access.redhat.com/hydra/rest/"
-                    "securitydata/cve/CVE-2024-27351.json",
-                    "reference_id": "",
-                    "scores": [
-                        {
-                            "value": "7.5",
-                            "scoring_system": "cvssv3",
-                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
-                        }
-                    ],
-                },
-            ],
-            "resource_url": "http://public.vulnerablecode.io/vulnerabilities/VCID-q4q6-yfng-aaag",
+            "advisory_id": "GHSA-7h2j-956f-4vf2",
+            "advisory_uid": "github_osv/GHSA-7h2j-956f-4vf2",
+            "aliases": ["CVE-2026-25547"],
+            "summary": "@isaacs/brace-expansion has Uncontrolled Resource Consumption",
+            "weighted_severity": 7.8,
+            "exploitability": 0.5,
+            "risk_score": 3.9,
+            "resource_url": "http://vulnerablecode.io/.../GHSA-7h2j-956f-4vf2",
+            "ssvc_trees": [{"id": "tree1", "value": "Attend"}],
         }
 
         vulnerability1 = Vulnerability.create_from_data(
@@ -224,16 +225,16 @@ def test_vulnerability_model_create_from_data(self):
             data=vulnerability_data,
             affecting=package1,
         )
-        self.assertEqual(vulnerability_data["vulnerability_id"], vulnerability1.vulnerability_id)
+        self.assertEqual(vulnerability_data["advisory_uid"], vulnerability1.advisory_uid)
         self.assertEqual(vulnerability_data["summary"], vulnerability1.summary)
         self.assertEqual(vulnerability_data["aliases"], vulnerability1.aliases)
-        self.assertEqual(vulnerability_data["references"], vulnerability1.references)
         self.assertEqual(vulnerability_data["resource_url"], vulnerability1.resource_url)
+        self.assertEqual(vulnerability_data["ssvc_trees"], vulnerability1.ssvc_trees)
         self.assertQuerySetEqual(vulnerability1.affected_packages.all(), [package1])
 
     def test_vulnerability_model_get_or_create_from_data(self):
         vulnerability_data = {
-            "id": "VCID-q4q6-yfng-aaag",
+            "id": "ID-q4q6-yfng-aaag",
             "summary": "In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0.",
         }
 
@@ -241,10 +242,11 @@ def test_vulnerability_model_get_or_create_from_data(self):
             dataspace=self.dataspace,
             data=vulnerability_data,
         )
-        self.assertEqual(vulnerability_data["id"], vulnerability1.vulnerability_id)
+        self.assertEqual(vulnerability_data["id"], vulnerability1.advisory_uid)
+        self.assertEqual(vulnerability_data["id"], vulnerability1.advisory_id)
         self.assertEqual(vulnerability_data["summary"], vulnerability1.summary)
 
-        vulnerability_data["vulnerability_id"] = vulnerability_data["id"]
+        vulnerability_data["advisory_uid"] = vulnerability1.advisory_uid
         vulnerability2 = Vulnerability.get_or_create_from_data(
             dataspace=self.dataspace,
             data=vulnerability_data,
diff --git a/vulnerabilities/tests/test_views.py b/vulnerabilities/tests/test_views.py
index fd8fbb80..fa83837d 100644
--- a/vulnerabilities/tests/test_views.py
+++ b/vulnerabilities/tests/test_views.py
@@ -57,20 +57,20 @@ def test_vulnerability_list_view_enable_vulnerablecodedb_access(self):
         response = self.client.get(reverse("component_catalog:package_list"))
         self.assertNotContains(response, vulnerability_list_url)
 
-    def test_vulnerability_list_view_vulnerability_id_link(self):
+    def test_vulnerability_list_view_advisory_id_link(self):
         self.client.login(username=self.super_user.username, password="secret")
         response = self.client.get(reverse("vulnerabilities:vulnerability_list"))
 
-        expected = f"<strong>{self.vulnerability1.vulnerability_id}</strong>"
+        expected = f"<strong>{self.vulnerability1.advisory_id}</strong>"
         self.assertContains(response, expected, html=True)
 
         self.vulnerability1.resource_url = (
-            f"https://url/vulnerabilities/{self.vulnerability1.vulnerability_id}"
+            f"https://url/vulnerabilities/{self.vulnerability1.advisory_id}"
         )
         self.vulnerability1.save()
         expected = f"""
         <a href="{self.vulnerability1.resource_url}" target="_blank">
-           {self.vulnerability1.vulnerability_id}
+           {self.vulnerability1.advisory_id}
            <i class="fa-solid fa-up-right-from-square mini"></i>
         </a>
         """
diff --git a/vulnerabilities/views.py b/vulnerabilities/views.py
index 78530268..02bb41a1 100644
--- a/vulnerabilities/views.py
+++ b/vulnerabilities/views.py
@@ -25,7 +25,7 @@ class VulnerabilityListView(
     template_name = "vulnerabilities/vulnerability_list.html"
     template_list_table = "vulnerabilities/tables/vulnerability_list_table.html"
     table_headers = (
-        Header("vulnerability_id", _("Vulnerability"), filter="last_modified_date"),
+        Header("advisory_uid", _("Vulnerability"), filter="last_modified_date"),
         Header("summary", _("Summary")),
         Header("exploitability", _("Exploitability"), filter="exploitability"),
         Header("weighted_severity", _("Severity"), filter="weighted_severity"),
@@ -41,7 +41,8 @@ def get_queryset(self):
             .get_queryset()
             .only(
                 "uuid",
-                "vulnerability_id",
+                "advisory_uid",
+                "advisory_id",
                 "resource_url",
                 "aliases",
                 "summary",