I have noticed that some rejected CVE’s are returned falsely from greenbone reports.
An example is, if yo run the plugin “2019/ubuntu/gb_ubuntu_USN_3997_1.nasl”, it founds some CVEs but also CVE-2019-18511, if succesful. But this CVE is already rejected. (https://nvd.nist.gov/vuln/detail/CVE-2019-18511)
I don’t know if there are more CVEs of this kind, but for this case, Ubuntu security corrected the related advisory although CVE-2019-18511 is still in description. (https://usn.ubuntu.com/3997-1/)
Maybe running the nvt generation scripts for the advisories again and again periodically may help.