SQL vulnerability age export results different than results in console

I have tried a few ways to view this data and I am officially stumped on where the difference between vulnerability discovery date is coming from.

Asset in IVM shows a vulnerability was first found 400 days ago.
Running a report from a custom template shows the same 400 days.
Running a report from a custom SQL query seems to show different results. Using the fact_asset_vulnerability_age and trying some other “first found” or “discovery date” items always seems to max out at around 365 days. Dates less than a year are spot on but as soon as it hits that 365 mark I can’t seem to get a query that gets close to what the console and custom template report for age or first found.
Am I missing a table somewhere? Why are the results I am getting different?

Here is an example query. I have tried many different variations.
da.ip_address AS IP_Address,
da.host_name AS Hostname,
dv.title AS Vulnerability,
dv.severity AS “Severity”,
dv.date_modified AS “Date_Modified”,
proofAsText(proof) AS “Proof”,
fava.age_in_days AS “Age”
FROM fact_asset_vulnerability_instance
JOIN dim_vulnerability dv USING (vulnerability_id)
JOIN dim_asset da USING (asset_id)
JOIN fact_asset_vulnerability_age fava USING (vulnerability_id)
WHERE fava.vulnerability_id = dv.vulnerability_id

Typically I would say that it has to do with your data retention. However, your data retention should also affect the UI for anything over 365 days.

Data retention is set to 13 months which probably makes the situation a bit more interesting. There are some instances of “first found” in the UI beyond 2 years (700+). We have the insight agent deployed as well.