The moderation is difficult but not unprecedented.

I think NIST hosts the CVE repo (through a contract to MITRE)