diff --git a/server/vulnerabilities/nvd/sync/cve_syncer.go b/server/vulnerabilities/nvd/sync/cve_syncer.go
index c1100fb28b..8ecdb8e8da 100644
--- a/server/vulnerabilities/nvd/sync/cve_syncer.go
+++ b/server/vulnerabilities/nvd/sync/cve_syncer.go
@@ -780,16 +780,19 @@ func convertAPI20CVEToLegacy(cve nvdapi.CVE, logger log.Logger) *schema.NVDCVEFe
 
 	descriptions := make([]*schema.CVEJSON40LangString, 0, len(cve.Descriptions))
 	for _, description := range cve.Descriptions {
-		// Keep only english descriptions to match the legacy.
+		// Keep only English descriptions to match the legacy format.
 		var lang string
-		switch {
-		case description.Lang == "en":
+		switch description.Lang {
+		case "en":
 			lang = description.Lang
-		case description.Lang == "en-US":
-			// This occurred starting with Microsoft CVE-2024-38200
+		case "en-US": // This occurred starting with Microsoft CVE-2024-38200.
 			lang = "en"
+		// non-English descriptions with known language tags are ignored.
+		case "es": // This occurred in a number of 2004 CVEs
+			continue
+		// non-English descriptions with unknown language tags are ignored and warned.
 		default:
-			// Non-english descriptions are ignored.
+			level.Warn(logger).Log("msg", "Unknown CVE description language tag", "lang", description.Lang)
 			continue
 		}
 		descriptions = append(descriptions, &schema.CVEJSON40LangString{