The NVD would record rejected CVE as such. In this case the CVE was assigned with a CNA, with data ingestion into NVD pending. https://github.com/avahi/avahi/security/advisories/GHSA-r9j3-vjjh-p8vm