No CVE found for component even they are at NVD listed

[JN-CSIRT]

Hello,
for one of the components Speex version 1.2 with CPE:
cpe:2.3:a:xiph:speex:1.2:-:::::: or
cpe:2.3:a:xiph:speex:1.2:::::::*

are not CVE found even at NVD DB there are 2 CVE listed:
https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&query=cpe%3A2.3%3Aa%3Axiph%3Aspeex%3A1.2%3A*%3A*%3A*%3A*%3A*%3A*%3A*&search_type=all&isCpeNameSearch=true

In DT we have added the component name: speex, version: 1.2 and CPE: cpe:2.3:a:xiph:speex:1.2:::::::*
No CVE found at all and nothing is suppressed
the vulnerabilities: CVE-2020-23904 and CVE-2020-23903 are not linked to the component...

Were to look?

[syalioune]

Hello @JN-CSIRT,
This case is related to #1929 .
I suggest to update the topic there