Question about JSON 5.0 format

[cookiengineer]

Hey there,

I've discovered this repository by accident, and didn't know about the cvelist repository either before.

Currently, the (old) CVE website announced that there's the new JSON 5.0 format being used for the CVE List downloads page starting late spring this year.

I am just a little confused as to "how official" this repository is, due to it only having 4 stars :disappointed: and as there's not any mention on the new and neither the old CVE website.

For what it's worth: I love the new JSON 5.0 format, as it makes parsing and keeping track of everything much much easier. With the old format you always had to scrape a lot of details and unnecessarily drain mitre's / NVD's servers and/or proprietary databases that probably just scraped NVD themselves, and all this can be avoided with the new format and makes access to those details much more public.

Now my question is mostly about the contents of this repository.

• Is this repository the new go-to resource for the new CVEs after the migration?
• The cvelist repository still uses the JSON 4.0 format, so I'm assuming this will be deprecated after the migration?

Thanks in advice.

[chandanbn]

This is a preview repo meant to help CVE participants review automated upconversation of current CVE JSON v4 format to v5. In future it may mirror the records in the backend database.

[M-nj]

The current state of this repository is an official mirror/cache of the official CVE ID record database. Please see https://github.com/CVEProject/cvelistV5/blob/main/README.md#cve-list-v5 for further information.