Open elemendar-syra opened 2 weeks ago
We provide a multi-source (including NVD) vulnerability database where the API is documented there https://vulnerability.circl.lu/doc
You can easily query NVD for example, this way: https://vulnerability.circl.lu/last/nvd/1 and many other sources.
To describe other vulnerabilities in STIX 2.1, an extension would be required to support the different sources. Maybe @chrisr3d as some ideas for potential extensions.
As per https://nvd.nist.gov/developers/start-here I believe it would be easy to integrate updating CVEs using that rather than how the current build script does it, from what I can see. Again, happy to implement in a branch (obviously if you're then building and publishing daily you'd need to handle the CI/CD side with an API key)