Fix incorrect default starting year in NVD importer

The function fetch_cve_data_1_1 used starting_year=2025 by default, but
NVD JSON CVE feeds are available starting from 2002. This caused older
CVE data (2002–2024) to be skipped when no starting year was provided.

This updates the default starting_year to 2002 so all available NVD CVE
data is fetched by default, matching documented behavior.

Fixes: #2079

Signed-off-by: Aditya Kumar Singh <[email protected]>
Signed-off-by: Aditya kumar singh <[email protected]>

Author: Adityakk9031

vulnerabilities/pipelines/v2_importers/nvd_importer.py

@@ -111,7 +111,7 @@ def fetch(url, logger=None):
     return json.loads(data)
 
 
-def fetch_cve_data_1_1(starting_year=2025, logger=None):
+def fetch_cve_data_1_1(starting_year=2002, logger=None):
     """
     Yield tuples of (year, lists of CVE mappings) from the NVD, one for each
     year since ``starting_year`` defaulting to 2002.