I don’t think there is such a trusted source because a CVE might made public on hundreds of different sources (blogposts, private homepages, twitter/other social media, vendor advisories, mailinglist, …)
Just take the following example of CVE-2018-19300 while not taking the availability of a plugin into account:
- 2018/11/15: Requested a CVE ID
- 2018/11/15: Got assigned CVE-2018-19300
-> Matching the date in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19300
After the deadline expired the blogpost was published at:
- 2019/03/17: Disclosure of the vulnerability in accordance
and at the same day MITRE was contacted to get the CVE published.
If you finally check the “NVD Published Date” of the https://nvd.nist.gov/vuln/detail/CVE-2018-19300 entry you can see that it took nearly a month (MITRE Publishing Date is normally just one day before the NVD Published Date) until the CVE was published there.