While ingesting advisories into https://github.com/ackama/drupal-advisory-database we've identified a handful with affected versions that use the > operator as part of a range - while not technically invalid, it does not capture the exact version that the vulnerability was introduced (and so far I believe all the usages we've found have meant a vulnerable version is excluded).
Ideally the >= operator should be preferred instead:
Active
1.0
Code
+1 from me on the proposal. Reviewing a few of these they look like oversights/mistakes.
I think there's 2 things to do here:
1. Fix the advisories
2. Add some validation in the code related to advisory content types to prevent use of >