Hello
I'm a software engineer at Wazuh Inc. and I have a simple question regarding your security feeds. I'd like to know what are the differences between these two security feeds:
The first one, in JSON format, seems to have all the vulnerabilities content from all Debian releases. The second one has a different endpoint for each release.
My first question would be: Is the JSON feed containing all the information from all the OVAL feeds? I counted the number of CVEs within the JSON feed that are related to Bookworm and also counted the CVEs in the Bookworm OVAL feed, and there is a discrepancy: 27173 (JSON) vs. 24493 (OVAL).
My second question would be: If they are not the same, which feed should be optimal to query?
Thanks in advance
Best regards
--