Duplicated vulnerabilities in API results

Summary

The security dashboard endpoints are returning duplicate vulnerabilities in their data.

I noticed it happening locally and thought it might be an issue with the way I seeded the database, but it seems this issue has made its way to staging now.

https://staging.gitlab.com/groups/secure-team-test/-/security/dashboard/?page=1&days=90

• Vulnerabilities Page 1
• Vulnerabilities Page 2
• History
• Summary

Steps to reproduce

I'm unsure how to reproduce it locally but visiting the Secure team test group dashboard on staging shows this issue.

Example Project

https://staging.gitlab.com/groups/secure-team-test/-/security/dashboard/?page=1&days=90

What is the current bug behavior?

• All three of the vulnerabilities in the secure-team-test / security-reports project are duplicated 13 times in vulnerabilities and count endpoint results.
• The only vulnerability in the secure-team-test / sast project is not duplicated.
• The history endpoint seems to display the correct data.
• Because of the duplicated vulnerabilities, Vue cannot assign unique keys to the vulnerabilities in the vulnerability list and Vue crashes causing the page to render unpredictably and visibly broken.

What is the expected correct behavior?

• The endpoints should only return one result per vulnerability. (It sounds obvious, I'm just following the template)

Relevant logs and/or screenshots

These are the same as above:

• Vulnerabilities Page 1
• Vulnerabilities Page 2
• History
• Summary

Output of checks

This bug happens on https://staging.gitlab.com during testing for gitlab-org/release/tasks#778 (closed). I encountered it locally previous to this. I haven't encountered it on gitlab.com.