anthonyharrison

You need an updated version of lib4vex which hasn't been released yet. They will be released under release 0.3.0

The API endpoint is a good start. Just getting a download of all of the data in JSON would be very useful. To find out what has changed since the...

@adriens I can certainly use this as a starting point. However the [https://endoflife.date/api/all.json](https://endoflife.date/api/all.json) already provides the data in JSON - if this was enhanced to include some more metadata e..g...

> Hi @anthonyharrison, thank you for the idea. > > endoflife.date is using the static site generator [Jekyll](https://jekyllrb.com/). Given the static nature of endoflife.date that may be difficult to implement:...

> @anthonyharrison I'd be curious about the usecase here, to see if we can improve the API/documentation/roadmap further to account for this. @captn3m0 I am trying to develop an automated...

@Virthuss Can you post the SBOM file you are using and I will have a look at it? It is possible that the validation improvements of the SBOM parser has...

Thanks. I think this is a issue. The location of the file is based on known locations of key binaries. These known locations are for a Linux based system only....

The evidence should be the file which has been scanned. So we should report the archive/executable which has been scanned which contains the component which is being reported.

I think we also get the message if there is no CVSS score included in the CVE (which is increasingly common since February 2024)

cve-bin-tool isn't trying to replicate all of the (numerous) issues with python dependencies so I think we need to have options to allow a user to find out more information...