Sort vulnerabilities from newest to oldest in API responses

vulnerabilities/api.py

@@ -635,7 +635,7 @@ class VulnerabilityViewSet(viewsets.ReadOnlyModelViewSet):
     Lookup for vulnerabilities affecting packages.
     """
 
-    queryset = Vulnerability.objects.all()
+    queryset = Vulnerability.objects.all().order_by('-vulnerability_id')
 
     def get_fixed_packages_qs(self):
         """
@@ -703,7 +703,7 @@ class CPEViewSet(VulnerabilityViewSet):
 
     queryset = Vulnerability.objects.filter(
         vulnerabilityreference__reference_id__startswith="cpe"
-    ).distinct()
+    ).distinct().order_by('-vulnerability_id')
 
     filterset_class = CPEFilterSet
 
@@ -723,7 +723,7 @@ def bulk_search(self, request):
                 return Response(status=400, data={"Error": f"Invalid CPE: {cpe}"})
         vulnerabilitiesResponse = Vulnerability.objects.filter(
             vulnerabilityreference__reference_id__in=cpes
-        ).distinct()
+        ).distinct().order_by('-vulnerability_id')
         return Response(
             VulnerabilitySerializer(
                 vulnerabilitiesResponse, many=True, context={"request": request}

vulnerabilities/api_extension.py

@@ -339,7 +339,7 @@ class VulnerabilityViewSet(viewsets.ReadOnlyModelViewSet):
     Lookup for vulnerabilities by id.
     """
 
-    queryset = Vulnerability.objects.all()
+    queryset = Vulnerability.objects.all().order_by('-vulnerability_id')
     serializer_class = V2VulnerabilitySerializer
     lookup_field = "vulnerability_id"
     filter_backends = (filters.DjangoFilterBackend,)
@@ -377,7 +377,7 @@ class CPEViewSet(viewsets.ReadOnlyModelViewSet):
 
     queryset = Vulnerability.objects.filter(
         vulnerabilityreference__reference_id__startswith="cpe"
-    ).distinct()
+    ).distinct().order_by('-vulnerability_id')
     serializer_class = V2VulnerabilitySerializer
     filter_backends = (filters.DjangoFilterBackend,)
     throttle_classes = [PermissionBasedUserRateThrottle]
@@ -397,7 +397,7 @@ def bulk_search(self, request):
         for cpe in cpes:
             if not cpe.startswith("cpe"):
                 return Response(status=400, data={"Error": f"Invalid CPE: {cpe}"})
-        qs = Vulnerability.objects.filter(vulnerabilityreference__reference_id__in=cpes).distinct()
+        qs = Vulnerability.objects.filter(vulnerabilityreference__reference_id__in=cpes).distinct().order_by('-vulnerability_id')
         return Response(V2VulnerabilitySerializer(qs, many=True, context={"request": request}).data)
 
 
@@ -415,7 +415,7 @@ class AliasViewSet(viewsets.ReadOnlyModelViewSet):
     (https://nvd.nist.gov/general/cve-process).
     """
 
-    queryset = Vulnerability.objects.all()
+    queryset = Vulnerability.objects.all().order_by('-vulnerability_id')
     serializer_class = V2VulnerabilitySerializer
     filter_backends = (filters.DjangoFilterBackend,)
     filterset_class = AliasFilterSet

vulnerabilities/api_v2.py

@@ -230,7 +230,7 @@ def get_url(self, obj):
     )
 )
 class VulnerabilityV2ViewSet(viewsets.ReadOnlyModelViewSet):
-    queryset = Vulnerability.objects.all()
+    queryset = Vulnerability.objects.all().order_by('-vulnerability_id')
     serializer_class = VulnerabilityV2Serializer
     lookup_field = "vulnerability_id"
     throttle_classes = [AnonRateThrottle, PermissionBasedUserRateThrottle]
@@ -487,7 +487,7 @@ class PackageV2ViewSet(viewsets.ReadOnlyModelViewSet):
     queryset = Package.objects.all().prefetch_related(
         Prefetch(
             "affected_by_vulnerabilities",
-            queryset=Vulnerability.objects.prefetch_related("fixed_by_packages"),
+            queryset=Vulnerability.objects.prefetch_related("fixed_by_packages").order_by("-vulnerability_id"),
             to_attr="prefetched_affected_vulnerabilities",
         )
     )