Public, unauthenticated. EU-CNA coverage the US-centric feeds miss. Achilles' primary source — on by default.
Public, unauthenticated. Covers Electron, Tauri, React Native, and every bundled npm dependency.
Keyed by CPE. Covers runtimes EUVD/OSV don't: Chromium, Node.js, Qt, Flutter, JDK, WebKit, …
Unauth rate limit (60/h) is too low to be useful. A classic PAT with no scopes suffices.
Wide-net CPEs (Safari, Java, Qt, Chromium …) otherwise return decades of irrelevant history. Advisories without a publication date are never filtered.