XML Vulnerability Feed Retirement Update

Due to the recent lapse in appropriations and requests from multiple external parties, the NVD has re-evaluated the timeline to end support for the XML 2.0 and 1.2.1 vulnerability data feeds. Previously we had planned to permanently discontinue the XML feeds in April of 2019. However, after consideration we have decided to extend support of these data feeds until October 9th of 2019. After that date the XML feeds will no longer be updated or hosted by the NVD and any new information will only be published in the JSON vulnerability data feeds.
 
We will be phasing out the XML feeds through multiple stages to encourage all users to transition to the JSON feeds. 

1. Release of this announcement with notifications on the NVD Home Page and warnings on the data feeds page.
2. Three Months after this announcement we will remove the XML URLs from the data feeds page. We will continue to update these feeds and host the URLs. Any organization with an automated process that downloads these feeds should not be impacted by this change. The feeds will no longer be advertised on the page.
3. Six months after this announcement we will discontinue the XML vulnerability feeds. The XML vulnerability feeds will no longer be updated, and the URLs will be made inactive. 

The JSON feeds offer many data points that the XML feeds simply omitted and better represent data points that the XML feeds may have oversimplified. All users of the NVD vulnerability feeds should immediately begin transitioning to the JSON 1.0 vulnerability feeds to avoid disruption to any services that utilize the older XML vulnerability data feeds. For any questions regarding transition to the JSON vulnerability feeds please contact nvd@nist.gov.

UPDATE:  XML Feed Retirement Phase 2 was implemented Monday, July 22nd. 
UPDATE 2:  XML Feed Retirement Phase 3 was implemented Wednesday, October 16th.