CVE API Feature Request: /cna endpoint for bulk downloading CVE data by CNA.

[bpmcdevitt]

Proposed New Idea/Feature

I would like to request a /cna endpoint to the MITRE CVE API. It is very nice and useful for us as researchers to pull down vulnerabilities submitted to MITRE by querying /cve endpoint currently.

I am interested in pulling bulk vulnerability data by specific CNA-ID. I would like to request an endpoint like /cna/{cna_id} where we would be able to request /cna/CNA-2016-0019 for example and that would pull back all CVE-IDS for the endpoint for openSSL CNA.

I have also requested with the CNA itself to try to upload a /vulnerabilities.json endpoint but that would need to be done on a CNA-by-CNA basis (see openssl/openssl#24989) and seems like it would be added when CNA gets around to it. Having MITRE host an API where we can obtain this info would be very useful to the entire realm of security researchers and organizations and scanners that utilize the MITRE CVE dataset.

If this functionality currently exists within the API and I have just missed it please let me know as well. Thank you.

[zmanion]

Hi, I suggest raising this issue here: https://github.com/CVEProject/cve-services/issues

In case you were not aware, another option is to clone https://github.com/CVEProject/cvelistV5/ and filter on .containers.cna.providerMetadata.orgId.