Support for Legacy CVE Download Formats to End on June 30, 2024
All support for the legacy CVE content download formats (i.e., CSV, HTML, XML, and CVRF) will end on June 30, 2024. These legacy download formats, which are currently being updated once per month during the phase out process, will only be updated two more times, once in May 2024 and once in June 2024.
Product teams and others need to update their tools and processes to the new supported format prior to these legacy format download files no longer being updated.
The legacy download formats have been replaced by CVE JSON as the only supported format for CVE Records and downloads. See below.
Phase-Out Process
Phase 3, the final phase of the phased deprecation of legacy CVE content download formats that began in January 2024 and will end on June 30, 2024, is almost complete per the phase-out schedule. Only two once-per-month updates for May and June remain until the legacy CVE download formats are officially deprecated.
This change was first announced in July 2023 in a CVE Blog article entitled “Legacy CVE Download Formats Will Be Phased Out Beginning January 1, 2024” on the CVE.ORG website and promoted throughout the remainder of 2023 in the CVE Announce email newsletter and on CVE social media. A second blog article, entitled “Deprecation of Legacy CVE Download Formats Now Underway,” was published in January 2024, a third, “Phase 2 of Legacy CVE Download Formats Deprecation Now Underway,” was published in February 2024, and a fourth, “Phase 3 of Legacy CVE Download Formats Deprecation Now Underway,” was published in March 2024. All of the blogs were promoted on the CVE.ORG website, in the CVE Announce email newsletter, and on CVE social media.
Phase-Out Schedule
Phased deprecation means that the frequency of updates to the legacy download formats will be reduced over the coming months until they are no longer updated at the end of June 2024.
To assist consumers with their transition to the new format, the frequency of updates to the legacy download formats were being reduced from daily updates that ended on December 31, 2023, to updates on the following schedule:
- January 2024: Once per week updates.
- February 2024: Every other week updates.
- March–June 2024: Once per month updates.
- June 30, 2024: Legacy downloads formats no longer updated with new CVE Records.
New Format for CVE Records and Downloads
CVE Downloads in our new official data format for CVE Records, “CVE JSON,” are hosted in the cvelistV5 repository on GitHub.com. Update frequency and other details are available in the repository ReadMe.
CVE JSON is a richer, more structured format for vulnerability identification and description and will provide enhanced information for your customers. The schema for this new format is also available on GitHub.
Take Action Now!
Product teams and others need to update their tools and processes to the new supported format prior to these legacy format download files no longer being updated after June 30, 2024.