adding a new source https://cveawg-test.mitre.org/api-docs/

[ellipse2v]

Current Behavior

hi do you think it's possible to add a new source of information with cve.org

the goal is to have the information as soon as possible.

a lot of time, a CVE is raised, and we haven't the CPE information on the NVD, we must wait 1 or 2 days. https://nvd.nist.gov/vuln/detail/CVE-2024-21673

but in the mitre we can have this information earlier https://cveawg.mitre.org/api/cve/CVE-2024-21672

if we grab the source with DT once a day, this can add 1 day on the NVD delay, and we can loose precious time.

i don"t know if this enhancement can help the community regards

Proposed Behavior

hi

it would be nice to grab the API of the mitre https://cveawg-test.mitre.org/api-docs/#/CVE%20ID/cveIdGetFiltered in order to have CVE earlier

regards

Checklist

• [X] I have read and understand the contributing guidelines
• [X] I have checked the existing issues for whether this enhancement was already requested

[savek-cc]

With NVD in a somewhat disfunctional state: maybe this is worth revisiting? @stevespringett using cve.org instead/in addition to NVD was discussed in today's CISA SBOM meeting shortly. It seems to be missing cpe and/or purl references though.

[stevespringett]

Out of the few hundred CNAs, only four are currently supplying complete CVE data including CPE, CVSS, and CWE. The NVD is on life support and will likely be reverted to its original purpose of being a source for government agencies. This means that DT needs to transition to using cve.org this year. It is my understanding that education and outreach to existing CNAs will occur this year so that a growing number of new CVEs will be complete with the potential for CNAs to edit existing incomplete records.

[ellipse2v]

maybe this could be a good way too https://vulncheck.com/nvd2