National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

News

Find all the NVD-related news right here.

July 10, 2017 Scheduled maintenance of a large number of vulnerability reference links will appear in the NVD Modified data feeds. This will result in larger than average Modified Feed files. These changes will be staggered in batches with 8 day intervals to avoid extreme impact to downstream consumers of our data. Read more at the MITRE announcement.
July 5, 2017 Revised BETA JSON vulnerability feed schema and BETA JSON feeds based on public comments and feedback.
July 1, 2017 2017 year-to-date number of vulnerabilities analyzed surpassed 2016 total, see the NVD Dashboard page for more information.
April 20, 2017 BETA JSON Vulnerability Feeds Now Available
March 27, 2017 NVD website update goes live
September 30, 2016 Vulntology (NISTIR 8138) draft 1 released
July 5, 2016 NVD CWE slice broadened
June 23, 2016 TLS 1.0 disabled on NVD webservers per M-15-13
February 2, 2016 CVSS v3.0 calculator released
December 20, 2015 NVD begins scoring with CVSS v3.0
September 9, 2015 2015 Cybersecurity Innovation Forum
September 1, 2015 NVD begins support for CVE-ID syntax change
January 28, 2014 2014 Cybersecurity Innovation Forum
October 3, 2012 8th Annual IT Security Automation Conference
October 31, 2011 7th Annual IT Security Automation Conference
August 29, 2011 EMAP Developer Workshop
September 27, 2010 6th Annual IT Security Automation Conference
May 11, 2010 2010 NASA / Army Systems and Software Engineering Forum
April 13, 2010 Security Solutions 2010
March 16, 2010 IT Security Entrepreneurs' Forum
February 22, 2010 Security Automation Developer Days Winter 2010
October 26, 2009 5th Annual IT Security Automation Conference
September 5, 2008 NVD updated to version 2.2
August 18, 2008 OMB has released a new memo relating to FDCC and the SCAP validation program. The memo can be found at: https://georgewbush-whitehouse.archives.gov/omb/memoranda/fy2008/m08-22.pdf
August 11, 2008 Interactive Schema and the Interactive Schema Interpreter is now available through NVD at https://scap.nist.gov/specifications/ocil/
Minor update made to FDCC Reporting Format - update pertains to the Schematron Stylesheet, please reference the changelog for details.
Version 1.0.2 of the SCAP Validation Program Derived Test Requirements Document has been released.
All presentations from the Federal Desktop Core Configuration (FDCC)
January 24, 2008 Free Federal Desktop Core Configuration (FDCC) Implementers Workshop held at NIST. Workshop will address technical aspects of FDCC and corresponding Security Content Automation Protocol (SCAP) updates.
January 21, 2008 XCCDF-based FDCC reporting format has been released. Specification and associated schematron stylesheet can be found at https://nvd.nist.gov/scap/content/fdcc-reporting_20080108.zip
October 16, 2007 The NVD CVSS V2 calculator has been updated to comply with the official CVSS V2 Specification. For more information please see: NVD CVSS
October 12, 2007 The Draft of XCCDF Specification 1.1.4 has been posted to the NVD XCCDF Webpage.
September 27, 2007 NVD is now mapping into a cross section of the Common Weakness Enumeration (CWE). Please see the NVD CWE page for more details.
September 19, 2007 The 3rd Annual IT Security Automation Conference was held at NIST.
August 6, 2007 A U.S. Office of Management and Budget memorandum requires specific secure configuration settings for Microsoft operating systems and requires use of SCAP validated tools to monitor system configurations over time.
August 6, 2007 The Payment Card Industry Data Security Standard requires use of NVD Common Vulnerability Scoring System impact scores for use within approved scanning vendor tools.
July 27, 2007 The National Vulnerability Database announces support for the Common Platform Enumeration (CPE) standard for vendor and product naming version 2.0.
June 20, 2007 The National Vulnerability Database deployed support for the Common Vulnerability Scoring System (CVSS) .
May 22, 2007 The National Vulnerability Database upgraded to version 2.0. NIST Checklist Program moved within NVD.
Plans for the 3rd Annual Security Automation Conference and Workshop to be held Sept 19th & 20th, 2007 are under way.
May 9, 2007 Released Windows XP Professional beta version 7 security automation files
April 13, 2007 Released Windows 2000 Professional security automation files beta version 1 (XCCDF skeleton and patch content)
April 5, 2007 Released Microsoft Internet Explorer Version 7.0 security automation files beta version 8
April 5, 2007 Released Windows Vista security automation files version 5.0
April 4, 2007 Released Windows 2003 Server security automation files version 2.0
March 28, 2007 Released Microsoft Office 2007 security automation files beta version 4
March 27, 2007 Released Symantec Antivirus security automation files beta version 2