database: ignore min versions during new vulnerability insertions

database/pgsql/vulnerability.go

@@ -200,8 +200,8 @@ func (pgSQL *pgSQL) insertVulnerability(vulnerability database.Vulnerability, on
 		//
 		// TODO(Quentin-M): We could use !updateFixedIn to just copy FixedIn/Affects rows from the
 		// existing vulnerability in order to make metadata updates much faster.
-		fixedIn, updateFixedIn := applyFixedInDiff(existingVulnerability.FixedIn, vulnerability.FixedIn)
-		vulnerability.FixedIn = fixedIn
+		var updateFixedIn bool
+		vulnerability.FixedIn, updateFixedIn = applyFixedInDiff(existingVulnerability.FixedIn, vulnerability.FixedIn)
 
 		if !updateMetadata && !updateFixedIn {
 			tx.Commit()
@@ -214,6 +214,16 @@ func (pgSQL *pgSQL) insertVulnerability(vulnerability database.Vulnerability, on
 			tx.Rollback()
 			return handleError("r_vulnerability", err)
 		}
+	} else {
+		// The vulnerability is new, we don't want to have any types.MinVersion as they are only used
+		// for diffing existing vulnerabilities.
+		var fixedIn []database.FeatureVersion
+		for _, fv := range vulnerability.FixedIn {
+			if fv.Version != types.MinVersion {
+				fixedIn = append(fixedIn, fv)
+			}
+		}
+		vulnerability.FixedIn = fixedIn
 	}
 
 	// Find or insert Vulnerability's Namespace.