The CVE Automation Working Group is piloting use of git to share information about public vulnerabilities. The goal is to learn not only what features are necessary to support the "plumbing" of sending and receiving the data, but also which attributes and metadata are needed in the CVE format to support automation.
See How to Contribute for details on participating in this pilot.
This repository holds information included in the CVE List formatted using the CVE JSON format.
Use of the CVE information in this repository is subject to the CVE Terms of Use.
Information about each CVE id is stored as a unique file in the repo in a subdirectory based on the year as well as the numeric portion of the id, truncated by 1,000. Thus, 2017/3xxx is for CVE-2017-3000 - CVE-2017-3999, and 2017/1002xxx is for CVE-2017-1002000 - CVE-2017-1002999.
The CVE Team updates these files automatically every hour using information from the CVE List, provided there have been changes. The synchronization job kicks off at the top of the hour and should complete within 5 minutes.