Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 4/29/2016 2:03:48 PM

CVE Publication rate: 19.63

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 9.19
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).
Effective October 16, 2015 the XML data feeds will no longer be available for download in an uncompressed format.

You have reached this page because you have a process that links directly to a file that no longer exists.  Please modify your process to use the compressed format as described on the main NVD Datafeeds landing page.

Compressed XML Vulnerability Feeds

The main XML vulnerability feeds provide the CVE® data organized by the first four digits of a CVE® identifier except for the 2002 feed which includes vulnerabilities prior to and including "CVE-2002-". Data feeds are only updated when modifications to the entries change.  Each feed is updated only if the content of that feed has changed. For example the 2004 feeds will be updated only if there is an addition or modification to any vulnerability with a starting CVE® identifier of "CVE-2004-". In addition, the "recent" feeds are a list of recently published vulnerabilities and the "modified" feeds are a list of recently published and modified vulnerabilities where "recently" and "modified" are defined as the previous eight days. These feeds are updated approximately every two hours.

META Files

In addition, each of the data feeds is described by an associated plain text file with the same name as the .xml file with a .meta extension. For example, if the name of the file is nvdcve-2.0-Modified.xml then the .meta file name will be nvdcve-2.0-Modified.meta. The .meta file contains information about the specific XML feed including the last modified date and time, the size of the XML file uncompressed, and a SHA256 value of the uncompressed XML file:



How to keep Up-to-date with the NVD data
If you are locally mirroring the NVD data, the data feeds should be used to stay synchronized. After performing a one-time import of the complete data set using the compressed XML vulnerability feeds, the "modified" feeds should be used to keep up-to-date. The META file should be used to determine if the compressed "modified" feed has been updated since your last import.