diff --git a/advisories/github-reviewed/2026/03/GHSA-vpq2-c234-7xj6/GHSA-vpq2-c234-7xj6.json b/advisories/github-reviewed/2026/03/GHSA-vpq2-c234-7xj6/GHSA-vpq2-c234-7xj6.json
index 20e8c946f840b..b8d014b93224b 100644
--- a/advisories/github-reviewed/2026/03/GHSA-vpq2-c234-7xj6/GHSA-vpq2-c234-7xj6.json
+++ b/advisories/github-reviewed/2026/03/GHSA-vpq2-c234-7xj6/GHSA-vpq2-c234-7xj6.json
@@ -7,15 +7,11 @@
     "CVE-2026-3449"
   ],
   "summary": "@tootallnate/once vulnerable to Incorrect Control Flow Scoping",
-  "details": "Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability.",
+  "details": "Versions of the package @tootallnate/once before 2.0.1 (in the 2.x line) and before 3.0.1 (in the 3.x line) are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pending state after the signal is aborted, causing any await or .then() usage to hang indefinitely. This can cause a control-flow leak that can lead to stalled requests, blocked workers, or degraded application availability.",
   "severity": [
-    {
-      "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
-    },
     {
       "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
     }
   ],
   "affected": [
@@ -29,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "3.0.0"
             },
             {
               "fixed": "3.0.1"
@@ -37,6 +33,25 @@
           ]
         }
       ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "@tootallnate/once"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.0.1"
+            }
+          ]
+        }
+      ]
     }
   ],
   "references": [
@@ -65,7 +80,7 @@
     "cwe_ids": [
       "CWE-705"
     ],
-    "severity": "LOW",
+    "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-04T20:15:03Z",
     "nvd_published_at": "2026-03-03T05:17:25Z"