Variation by CNA abounds

Excludes description and references as these are universal

Nearly CNA reports product/vendor/version, especially recently

Some orgs have a commitment to some fields

JFROG and Timeline

Cisco and Exploit

These may not be all that useful though