Software package manager CVE API (possibly dependabot API)

[windmillcode0]

Greetings I am making a vscode extension libtracker where you can get a birds eye view of the CVE, license and dependency info about your app https://marketplace.visualstudio.com/items?itemName=windmillcode-publisher-0.lib-tracker. Is there a way to get CVE information about software packages from as many software package managers as possible from your tool? or is there a guide to where I can obtain this information from other package managers?. I know that dependabot does this for you is there a way I can make api calls to dependabot to obtain this information? or a similar resource

[ghostinhershell]

Thanks for posting in the GitHub Community, @windmillcode0!

We're happy you're here. You are more likely to get a useful response if you are posting your question in the applicable category, the New to GitHub category is solely related to conversations around getting started on using GitHub and the community for beginners of GitHub, Community on Discussions, and those new to different areas of the product alike! This question should be in the Code Security category. I've gone ahead and moved it for you. Good luck!