Performance issue in CVE search

[nobuto-m]

Summary

Looks like https://ubuntu.com/security/cves takes unignorable time to return results if the query doesn't hit the cache or something.

Steps to reproduce the behavior

1. Go to https://ubuntu.com/security/cves
2. Search with arbitrary keywords

It takes ~10 seconds or even hits into Gateway Timeout sometimes. It can be confirmed in the following curl command too.

[with a well-known keyword (assuming it hits the cache layer or something)]

$ while true; do
    /bin/time -f 'real %e\n' \
        curl -s -o/dev/null -w 'http_code: %{http_code}\n' \
            'https://ubuntu.com/security/cves?q=&package=openssl'
    sleep 1
done

http_code: 200
real 1.24

http_code: 200
real 1.84

http_code: 200
real 2.85

http_code: 200
real 1.86

http_code: 200
real 1.89

http_code: 200
real 1.85

[with a new keyword (assuming it doesn't hit any cache)]

$ while true; do 
    /bin/time -f 'real %e\n' \
        curl -s -o/dev/null -w 'http_code: %{http_code}\n' \
            "https://ubuntu.com/security/cves?q=&package=$(uuidgen)"
    sleep 1
done

http_code: 200
real 5.81

http_code: 200
real 7.88

http_code: 200
real 6.20

http_code: 200
real 14.71

http_code: 200
real 11.58

Expected behavior

The results get returned in a few seconds

Browser/device details

Firefox 129.0.1 on Ubuntu. But as above it can be confirmed with curl.

Reported from

https://ubuntu.com/security/cves

[mmustala]

Now it is returning a 500 error on every search I tried. Tried to search with "CVE-2023-51385".