Closed ncrocfer closed 1 year ago
As of 3/28/2023, this repository is now the official way to download/update all published CVEs from the official CVE Project. You can think of it as a cache that is updated multiple times an hour.
There are now 3 methods to download/sync the CVEs:
git
, use any git client and git clone https://github.com/CVEProject/cvelistV5.git
as you would any GitHub repository. The initial git clone
is quite large (about 1.7 GB), but each successive git pull
will quickly update your local clone. This is the preferred approach and can be easily automated.
Hello,
First of all thank you for the awesome work you do concerning the CVE ecosystem!
I'm the developer of a CVE-related tool, and I would like to add the MITRE in my sources (instead of only relying on NVD for now). But to be honest I don't really know how to parse your feed.
So I would like to ask you the official and recommended way to synchronize our local databases with the new JSON 5.0 CVE list.
I searched on your blog posts and if I'm not wrong you're currently in "Soft Deploy" state, meaning CNAs now use the new format to declare CVEs. The "Hard Deploy" is targeted for 1st QT, 2023. At this moment we (as consumers) will be able to officially use the JSON 5.0 feeds.
But where to find the list please? I think the old format (
csv
,html
,text
,xml
) will be removed, so maybe you will provide an API (or something similar as the NVD does) to fetch the last changes?Or maybe this current repo (cveproject/cvelistv5) will become our official data feeds? If yes do you recommend to use the
recent_activities.json
file to detect the changes or simply periodicallygit pull
and parse the new diffs?Thank you in advance for your answer, Nicolas