_content/security/vuln: update cna.md
Change-Id: I528ad0de45c53290c36f88eac3078a3e513647f7
Reviewed-on: https://go-review.googlesource.com/c/website/+/427877
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Julie Qiu <julieqiu@google.com>
diff --git a/_content/security/vuln/cna.md b/_content/security/vuln/cna.md
index ec5e1f7..f024ed7 100644
--- a/_content/security/vuln/cna.md
+++ b/_content/security/vuln/cna.md
@@ -20,7 +20,7 @@
This scope is intended to explicitly exclude vulnerabilities in applications or
packages written in Go that are not importable (for example, anything in
-package `main`). See [go.dev/security/vuln/database](/security/vuln/database) for more information on excluded reports.
+package `main`). See [go.dev/security/vuln/database#excluded-reports](/security/vuln/database#excluded-reports) for more information on excluded reports.
To report potential new vulnerabilities in the Go project, refer to
[go.dev/security/policy](/security/policy).
@@ -33,7 +33,7 @@
undisclosed issues).
To request a CVE ID for an existing PUBLIC vulnerability in the Go ecosystem,
-[submit a request via this form](/s/vuln-report-new).
+[submit a request via this form](/s/vulndb-report-new).
A vulnerability is considered public if it has already been disclosed publicly, or it exists in a
package you maintain, and you are ready to disclose it publicly.
