CVEProject · david-rocca · Jun 17, 2026 · May 14, 2026 · Jun 3, 2026 · Jun 3, 2026
diff --git a/.gitignore b/.gitignore
@@ -107,3 +107,7 @@ commit-message.txt
 # configuration) and provide an example instead
 docker/.docker-env
 
+**/export.xlsx
+**/poc_admin_report.csv
+**/~$*.xlsx
+src/scripts/importDb.sh
diff --git a/api-docs/openapi.json b/api-docs/openapi.json
@@ -1,7 +1,7 @@
 {
   "openapi": "3.0.2",
   "info": {
-    "version": "2.8.0",
+    "version": "2.8.1",
     "title": "CVE Services API",
     "description": "The CVE Services API supports automation tooling for the CVE Program. Credentials are     required for most service endpoints. Representatives of     <a href='https://www.cve.org/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> should     use one of the methods below to obtain credentials:    <ul><li>If your organization already has an Organizational Administrator (OA) account for the CVE     Services, ask your admin for credentials</li>     <li>Contact your Root (<a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/Google'>Google</a>,     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/INCIBE'>INCIBE</a>,     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/jpcert'>JPCERT/CC</a>, or     <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/redhat'>Red Hat</a>) or     Top-Level Root (<a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/icscert'>CISA ICS</a>     or <a href='https://www.cve.org/PartnerInformation/ListofPartners/partner/mitre'>MITRE</a>) to request credentials     </ul>     <p>CVE data is to be in the JSON 5.2 CVE Record format. Details of the JSON 5.2 schema are     located <a href='https://github.com/CVEProject/cve-schema/releases/tag/v5.2.0' target='_blank'>here</a>.</p>    <a href='https://cveform.mitre.org/' class='link' target='_blank'>Contact the CVE Services team</a>",
     "contact": {
@@ -11,7 +11,7 @@
   },
   "servers": [
     {
-      "url": "urlplaceholder"
+      "url": "https://cveawg-dev.mitre.org/api"
     }
   ],
   "paths": {
@@ -2318,6 +2318,30 @@
             },
             "description": "The shortname or UUID of the registry organization"
           },
+          {
+            "name": "expand",
+            "in": "query",
+            "description": "Optional expanded related data. Accepted value: users.",
+            "required": false,
+            "schema": {
+              "type": "object",
+              "properties": {
+                "type": {
+                  "type": "string",
+                  "example": "string"
+                },
+                "enum": {
+                  "type": "array",
+                  "example": [
+                    "users"
+                  ],
+                  "items": {
+                    "type": "string"
+                  }
+                }
+              }
+            }
+          },
           {
             "$ref": "#/components/parameters/apiEntityHeader"
           },

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
     "name": "cve-services",
     "author": "Automation Working Group",
-    "version": "2.8.0",
+    "version": "2.8.1",
     "license": "(CC0)",
     "devDependencies": {
         "@faker-js/faker": "^7.6.0",
@@ -23,7 +23,8 @@
         "mocha": "^10.8.2",
         "nyc": "^15.1.0",
         "sinon": "^15.0.4",
-        "standard": "^16.0.3"
+        "standard": "^16.0.3",
+        "xlsx": "^0.18.5"
     },
     "dependencies": {
         "ajv": "^8.6.2",
@@ -34,7 +35,7 @@
         "cors": "^2.8.5",
         "crypto-random-string": "^3.3.1",
         "dotenv": "^5.0.1",
-        "express": "^4.22.1",
+        "express": "^4.22.2",
         "express-jsonschema": "^1.1.6",
         "express-rate-limit": "^6.5.2",
         "express-validator": "^6.14.2",
@@ -81,6 +82,7 @@
         "lint:test-utils": "node node_modules/eslint/bin/eslint.js test-utils/ --fix",
         "populate:dev": "NODE_ENV=development node-dev src/scripts/populate.js",
         "migrate:dev": "NODE_ENV=development MONGO_CONN_STRING=mongodb://localhost:27017 MONGO_DB_NAME=cve_dev node-dev src/scripts/migrate.js",
+        "migrate:dev:monday": "NODE_ENV=development MONGO_CONN_STRING=mongodb://localhost:27017 MONGO_DB_NAME=cve_dev node-dev src/scripts/MondayMigrate.js",
         "migrate:test-black-box": "NODE_ENV=development MONGO_CONN_STRING=mongodb://docdb:27017 MONGO_DB_NAME=cve_dev node-dev src/scripts/migrate.js",
         "migrate:test": "NODE_ENV=test MONGO_CONN_STRING=mongodb://localhost:27017 MONGO_DB_NAME=cve_test node-dev src/scripts/migrate.js",
         "populate:stage": "NODE_ENV=staging node src/scripts/populate.js",

diff --git a/schemas/registry-org/BaseOrg.json b/schemas/registry-org/BaseOrg.json
@@ -43,7 +43,7 @@
         "ROOT"
       ]
     },
-    "partnerRoleType": {
+    "partnerRoleTypeValue": {
       "description": "The type of role a partner holds",
       "type": "string",
       "enum": [
@@ -57,6 +57,14 @@
         "Researcher",
         "Vendor"
       ]
+    },
+    "partnerRoleType": {
+      "description": "The types of roles a partner holds",
+      "type": "array",
+      "uniqueItems": true,
+      "items": {
+        "$ref": "#/definitions/partnerRoleTypeValue"
+      }
     }
   },
   "properties": {

diff --git a/schemas/registry-org/create-registry-org-request.json b/schemas/registry-org/create-registry-org-request.json
@@ -139,19 +139,23 @@
       "description": "Indicates if part of the CNA discussion list"
     },
     "partner_role_type": {
-      "type": "string",
-      "enum": [
-        "",
-        "Bug Bounty Provider",
-        "CERT",
-        "Consortium",
-        "Hosted Service",
-        "N/A",
-        "Open Source",
-        "Researcher",
-        "Vendor"
-      ],
-      "description": "The type of role a partner holds"
+      "type": "array",
+      "items": {
+        "type": "string",
+        "enum": [
+          "",
+          "Bug Bounty Provider",
+          "CERT",
+          "Consortium",
+          "Hosted Service",
+          "N/A",
+          "Open Source",
+          "Researcher",
+          "Vendor"
+        ]
+      },
+      "uniqueItems": true,
+      "description": "The types of roles a partner holds"
     },
     "partner_number": {
       "type": "string",

diff --git a/schemas/registry-org/get-registry-org-response.json b/schemas/registry-org/get-registry-org-response.json
@@ -109,6 +109,13 @@
         },
         "phone": {
           "type": "string"
+        },
+        "additional_contacts": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          },
+          "description": "UUIDs of additional contact users"
         }
       },
       "additionalProperties": false
@@ -220,6 +227,49 @@
         }
       },
       "description": "List of conversation messages associated with the organization"
+    },
+    "_userMap": {
+      "type": "object",
+      "additionalProperties": {
+        "type": "object",
+        "properties": {
+          "username": {
+            "type": "string",
+            "description": "User's identifier or username"
+          },
+          "name": {
+            "type": "object",
+            "properties": {
+              "first": {
+                "type": "string",
+                "description": "User's first name"
+              },
+              "last": {
+                "type": "string",
+                "description": "User's last name"
+              },
+              "middle": {
+                "type": "string",
+                "description": "User's middle name"
+              },
+              "suffix": {
+                "type": "string",
+                "description": "User's name suffix"
+              }
+            }
+          },
+          "org": {
+            "type": "object",
+            "properties": {
+              "short_name": {
+                "type": "string",
+                "description": "Short name of the organization associated with the user"
+              }
+            }
+          }
+        }
+      },
+      "description": "Map of expanded user UUIDs to display metadata, included when expand=users is requested"
     }
   }
 }
diff --git a/schemas/registry-org/update-registry-org-request.json b/schemas/registry-org/update-registry-org-request.json
@@ -155,19 +155,23 @@
       "description": "Indicates if part of the CNA discussion list"
     },
     "partner_role_type": {
-      "type": "string",
-      "enum": [
-        "",
-        "Bug Bounty Provider",
-        "CERT",
-        "Consortium",
-        "Hosted Service",
-        "N/A",
-        "Open Source",
-        "Researcher",
-        "Vendor"
-      ],
-      "description": "The type of role a partner holds"
+      "type": "array",
+      "items": {
+        "type": "string",
+        "enum": [
+          "",
+          "Bug Bounty Provider",
+          "CERT",
+          "Consortium",
+          "Hosted Service",
+          "N/A",
+          "Open Source",
+          "Researcher",
+          "Vendor"
+        ]
+      },
+      "uniqueItems": true,
+      "description": "The types of roles a partner holds"
     },
     "partner_number": {
       "type": "string",

diff --git a/schemas/registry-user/BaseUser.json b/schemas/registry-user/BaseUser.json
@@ -101,4 +101,4 @@
   "required": [
     "username"
   ]
-}
+}
diff --git a/schemas/registry-user/create-registry-user-request.json b/schemas/registry-user/create-registry-user-request.json
@@ -31,20 +31,6 @@
       },
       "required": ["first", "last"]
     },
-    "org_affiliations": {
-      "type": "array",
-      "items": {
-        "type": "string"
-      },
-      "description": "UUIDs of organizations the user is affiliated with"
-    },
-    "cve_program_org_membership": {
-      "type": "array",
-      "items": {
-        "type": "string"
-      },
-      "description": "UUIDs of CVE program organizations the user is a member of"
-    },
     "authority": {
       "type": "object",
       "properties": {

diff --git a/schemas/registry-user/create-registry-user-response.json b/schemas/registry-user/create-registry-user-response.json
@@ -42,20 +42,6 @@
           },
           "required": ["first", "last"]
         },
-        "org_affiliations": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
-          "description": "UUIDs of organizations the user is affiliated with"
-        },
-        "cve_program_org_membership": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
-          "description": "UUIDs of CVE program organizations the user is a member of"
-        },
         "authority": {
           "type": "object",
           "properties": {
@@ -115,4 +101,4 @@
       }
     }
 	}
-}
+}
diff --git a/schemas/registry-user/get-registry-user-response.json b/schemas/registry-user/get-registry-user-response.json
@@ -43,20 +43,6 @@
       "enum": ["ADMIN"],
       "description": "The role of the user in the organization. Currently only 'ADMIN' is supported."
     },
-    "org_affiliations": {
-      "type": "array",
-      "items": {
-        "type": "string"
-      },
-      "description": "UUIDs of organizations the user is affiliated with"
-    },
-    "cve_program_org_membership": {
-      "type": "array",
-      "items": {
-        "type": "string"
-      },
-      "description": "UUIDs of CVE program organizations the user is a member of"
-    },
     "authority": {
       "type": "object",
       "properties": {
@@ -127,4 +113,4 @@
       "description": "Timestamp of the last update to the user data"
     }
   }
-}
+}
diff --git a/schemas/registry-user/update-registry-user-request.json b/schemas/registry-user/update-registry-user-request.json
@@ -30,20 +30,6 @@
         }
       }
     },
-    "org_affiliations": {
-      "type": "array",
-      "items": {
-        "type": "string"
-      },
-      "description": "UUIDs of organizations the user is affiliated with"
-    },
-    "cve_program_org_membership": {
-      "type": "array",
-      "items": {
-        "type": "string"
-      },
-      "description": "UUIDs of CVE program organizations the user is a member of"
-    },
     "authority": {
       "type": "object",
       "properties": {

diff --git a/schemas/registry-user/update-registry-user-response.json b/schemas/registry-user/update-registry-user-response.json
@@ -42,20 +42,6 @@
           },
           "required": ["first", "last"]
         },
-        "org_affiliations": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
-          "description": "UUIDs of organizations the user is affiliated with"
-        },
-        "cve_program_org_membership": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          },
-          "description": "UUIDs of CVE program organizations the user is a member of"
-        },
         "authority": {
           "type": "object",
           "properties": {
@@ -115,4 +101,4 @@
       }
     }
 	}
-}
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -101,4 +101,4 @@ @@
       "required": [
         "username"
       ]
-    }
+    }