## Use case The client-python (`pyoaev`) currently exposes a limited subset of the OpenAEV `Vulnerability` API. Historically, vulnerability-related features were handled by the legacy `CVE` API, which is now obsolete. The new `vulnerability` API is the recommended replacement and offers a more comprehensive and modern interface for managing vulnerability data. It is documented in the official API reference: https://demo.openaev.io/swagger-ui/index.html A new vulnerability manager has been integrated into pyoaev, but its scope is intentionally aligned with that of the legacy CVE client and exposes only a minimal set of endpoints (e.g., bulk ingestion). However, the OpenAEV vulnerability API offers a much broader set of features (CRUD, search, tenant-level operations, etc.), which are not currently fully represented. An analysis is required to determine: - which endpoints should be exposed in pyoaev - whether full API coverage is desirable - what impact this would have on client-python design, maintenance, and user experience - whether API request and response payloads should be modeled using Pydantic - whether automated verification against the Swagger/OpenAPI schema should be introduced to ensure consistency between the client-python (pyoaev) and the API specification. ## Additional information The CVE API is officially deprecated but will not be removed at this time, and the endpoints will be maintained for the time being. Vulnerability API: https://demo.openaev.io/swagger-ui/index.html#/Vulnerability%20API CVE API (legacy): https://demo.openaev.io/swagger-ui/index.html#/Cve%20API