Easier API access to CVE descriptions

[polynomialspace]

Currently /all.json provides bulk access to public CVE/advisory data, but does not include CVE descriptions; descriptions appear to only be available via individual CVE or advisory pages, which makes a rather inefficient process if one wishes to gather such data.

[RijulGulati]

When we visit /all.json, the main JSON received is:

{
    "name": "AVG-2",
    "packages": [
      "test"
    ],
    "status": "Vulnerable",
    "severity": "Critical",
    "type": "authentication bypass",
    "affected": "1.0",
    "fixed": "1.1",
    "ticket": null,
    "issues": [
      "CVE-2020-25639"
    ],
    "advisories": []
  }

The CVE description should go inside issues[] right ..? And if that's the case, we'd need to create a json obj in issues[] as well ..? Something like: { id: "CVE-2020-25639", "description": "Some desc here" } maybe?

[anthraxx]

yes, but the issue here is that this will break API compatibility. while you could already implement this in a PR, we may first need to land a versioned API before applying it.

[RijulGulati]

I see. I think it'll be better if this is implemented after API versioning is done. Out of curiosity, will it be something like /v1/all.json, /v2/all.json? Is API versioning enhancement being tracked somewhere? Maybe I could refer it and chip in ..?