Migrate from NVD feeds to API
On December 15th, 2023, the NVD plans to retire all legacy data feeds while guiding any remaining data feed users to updated application-programming interfaces (APIs). APIs have many benefits over data feeds and have been the proven and preferred approach to web-based automation for over a decade. For additional information on the NVD API, please visit the developers pages. Click here for more information on the NVD timeline.
Instead of downloading the feeds as json archives, we need to use the API to obtain information about CVEs.
The API is described here.
The API documentation does include the following clause:
however services which utilize or access the NVD are asked to display the following notice prominently within the application: "This product uses data from the NVD API but is not endorsed or certified by the NVD."
So we probably should add that statement to the secfixes tracker.
NVD has an option to request an API key. Without one, a rate-limit of 5 requests per 30 second applies. With an API key, it's increased to 50 requests.