* lura:
Thanks for reaching out! For CentOS Stream 8, 9, and 10, the best approach is indeed to reference the corresponding RHEL advisories, as CentOS Stream follows RHEL closely. You can programmatically track RHEL CVEs to stay updated. Let me know if you need help with specific tools or APIs!
And don't forget to review that your use of Red Hat CVE data meets with the licensing terms that Red Hat publishes here:
https://www.redhat.com/en/about/terms-use
Thanks, Florian