Initially, when the web application was developed, the fetch-requests to the NVD 2.0 API endpoints worked almost flawlessly every time (under the constraints of the request limit of 1 request per 6 seconds).

Now, it seems almost impossible for the requests to pass through the CORS of the NVD API, with each request failing:

This is a weird behavior that I would not expect. This issue will attempt to find a solution for this.

It appears that when using the older XMLHttpRequests instead of the fetch API, the requests pass through much more consistently.

https://www.test-cors.org/#?client_method=GET&client_credentials=false&server_url=https%3A%2F%2Fservices.nvd.nist.gov%2Frest%2Fjson%2Fcves%2F2.0%3FcveId%3DCVE-2020-1234&server_enable=true&server_status=200&server_credentials=false&server_tabs=remote

This actually seems to be the case. I can confirm that I have a significantly higher success rate with the XMLHttpRequest. I'm not sure why though - I thought the fetch API did everything the XMLHttpRequests do, but better?

Maybe it is just that - they do more. Maybe it's the pre-flight OPTIONS request? Maybe it's the NVD 2.0 API that just rejects requests from the fetch API? I can't say that for certain.

I can consistently fetch the vectors now using the technique explained above.