NIST deprecates JSON feeds

[jstucke]

The NIST announced that they will deprecate the NVD data feeds (incl. JSON) and fully switch to an API model:
https://nvd.nist.gov/vuln/data-feeds
https://nvd.nist.gov/general/news/api-20-announcements.
Is it planned to change the update process so that it works with the API?

Sadly, https://github.com/CVEProject/cvelist/ is not really a replacement, since it lacks information like CVSS scores and CPE information.

[olbat]

Oh too bad. It doesn't seems that they are going to keep a batch endpoint to fetch every CVEs for a full year at once.

There is also that:

March 2023 | The NVD plans to retire the RSS data feeds. The NVD plans to enable reCAPTCHA across all webpages and to retire webpages intended to support web scraping (e.g., Full Listings) before its APIs existed.

The way to move forward would probably be to use the new API. But it's throttled and make it hard to retrieve the updates for the whole database periodically...

I'll update this repository to use this new API, at least to update the last CVEs. But I'll do it when it's absolutely required.

[eslerm]

@olbat I have a NVD 2.0 API client for you :)

https://github.com/eslerm/nvd-api-client