The OpenJS Foundation's CVE Numbering Authority (CNA)
Open Data
Published OpenJS CVE records originate at MITRE. This site re-publishes the same information as a public, unauthenticated cache so downstream consumers (dashboards, scanners, alerting tools) can read it without going through MITRE's API for every request.
The cache is rebuilt on each site deploy, which is driven by an hourly refresh from MITRE. In practice that means a newly-published advisory appears here within roughly an hour of being published at MITRE; in between deploys the feeds are static.
Endpoints
| Resource | Format | URL |
|---|---|---|
| Published advisories | JSON (CVE v5.2 records) | /security-advisories.json |
| Published advisories | RSS 2.0 | /feed.xml |
Live data
If you need real-time CVE data, query MITRE's public read endpoint directly. No authentication is required:
curl https://cveawg.mitre.org/api/cve/CVE-YYYY-NNNNNOur feeds carry the same record content, just on the website's build cadence.