When the vulnerability is reported, it will be in a NEW status and still not being reviewed.
When the report is accepted this status is assigned to the report.
When the report is already reported by another user then we mark it as Duplicate as it has been already reported.
When the report doesn't have much impact and if it is an acceptable risk then we mark it as Won't Fix
When the report is invalid and doesn't pose a security risk or impact.
When the report is acceptable and has been assigned to a developer for the fix.
When the reported issue/bug is fixed then we will assign the report as Resolved.