diff --git a/pkg/extensions/search/cve/trivy/scanner.go b/pkg/extensions/search/cve/trivy/scanner.go
index e024ef67..7bc50b18 100644
--- a/pkg/extensions/search/cve/trivy/scanner.go
+++ b/pkg/extensions/search/cve/trivy/scanner.go
@@ -680,7 +680,11 @@ func (scanner Scanner) scanManifest(ctx context.Context, repo, digest string) (m
 					ID:          vulnerability.VulnerabilityID,
 					Title:       vulnerability.Title,
 					Description: vulnerability.Description,
-					Reference:   getCVEReference(vulnerability.PrimaryURL, vulnerability.References),
+					Reference: getCVEReference(
+						vulnerability.VulnerabilityID,
+						vulnerability.PrimaryURL,
+						vulnerability.References,
+					),
 					Severity:    convertSeverity(vulnerability.Severity),
 					PackageList: newPkgList,
 				}
@@ -835,7 +839,11 @@ func (scanner Scanner) storeSBOMAsOCIArtifact(ctx context.Context,
 	return nil
 }
 
-func getCVEReference(primaryURL string, references []string) string {
+func getCVEReference(cveID, primaryURL string, references []string) string {
+	if isCVEID(cveID) && isAquasecAVDReference(primaryURL) {
+		return "https://www.cve.org/CVERecord?id=" + cveID
+	}
+
 	if primaryURL != "" {
 		return primaryURL
 	}
@@ -853,6 +861,14 @@ func getCVEReference(primaryURL string, references []string) string {
 	return ""
 }
 
+func isCVEID(cveID string) bool {
+	return strings.HasPrefix(cveID, "CVE-")
+}
+
+func isAquasecAVDReference(reference string) bool {
+	return strings.Contains(reference, "avd.aquasec.com/nvd/cve-")
+}
+
 func getNVDReference(references []string) (string, bool) {
 	for i := range references {
 		if strings.Contains(references[i], "nvd.nist.gov") {
diff --git a/pkg/extensions/search/cve/trivy/scanner_internal_test.go b/pkg/extensions/search/cve/trivy/scanner_internal_test.go
index 43605738..0531efa7 100644
--- a/pkg/extensions/search/cve/trivy/scanner_internal_test.go
+++ b/pkg/extensions/search/cve/trivy/scanner_internal_test.go
@@ -786,16 +786,33 @@ func TestStoreSBOMAsOCIArtifact(t *testing.T) {
 
 func TestGetCVEReference(t *testing.T) {
 	Convey("getCVEReference", t, func() {
-		ref := getCVEReference("primary", []string{})
+		ref := getCVEReference("CVE-2023-2650", "primary", []string{})
 		So(ref, ShouldResemble, "primary")
 
-		ref = getCVEReference("", []string{"secondary"})
+		ref = getCVEReference("CVE-2023-2650", "", []string{"secondary"})
 		So(ref, ShouldResemble, "secondary")
 
-		ref = getCVEReference("", []string{""})
+		ref = getCVEReference("CVE-2023-2650", "", []string{""})
 		So(ref, ShouldResemble, "")
 
-		ref = getCVEReference("", []string{"https://nvd.nist.gov/vuln/detail/CVE-2023-2650"})
+		ref = getCVEReference(
+			"CVE-2023-2650",
+			"",
+			[]string{"https://nvd.nist.gov/vuln/detail/CVE-2023-2650"},
+		)
 		So(ref, ShouldResemble, "https://nvd.nist.gov/vuln/detail/CVE-2023-2650")
+
+		ref = getCVEReference(
+			"CVE-2026-42496",
+			"https://avd.aquasec.com/nvd/cve-2026-42496",
+			[]string{},
+		)
+		So(ref, ShouldResemble, "https://www.cve.org/CVERecord?id=CVE-2026-42496")
+
+		ref = getCVEReference("", "https://avd.aquasec.com/nvd/cve-2026-42496", []string{})
+		So(ref, ShouldResemble, "https://avd.aquasec.com/nvd/cve-2026-42496")
+
+		ref = getCVEReference("GHSA-abcd-1234", "https://avd.aquasec.com/nvd/cve-2026-42496", []string{})
+		So(ref, ShouldResemble, "https://avd.aquasec.com/nvd/cve-2026-42496")
 	})
 }