National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NVD CPE Match Feed

Historically, the NVD has expected consumers of our vulnerability feeds to perform the matching of CPE Match Criteria to Official CPE Dictionary URIs. We are pleased to announce the release of the CPE Match Feed which will allow NVD data consumers to identify CPE URI matches in a relatively simplistic format. Information within the CPE Match Feed will be the same data that is displayed on the website when expanding the matches for a given match criteria. The CPE Match Feed has been added to our data feeds page for download and will be updated on a nightly basis. You can find the CPE Match Feed on the data feeds page.
How to use the feed
CVE Applicability statements contain sets of CPE Match Criteria (CPE Match Ranges and/or CPE Match Strings). By searching the CPE Match Feed for an identical set of match criteria, data consumers will be able to discern any matches for that CPE Match Criteria within the corresponding cpe_name array.

CPE Match String Example:
CVE Record
"cpe_match" :[ {

"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*"
}

]
CPE Match Feed

{
"cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"cpe_name" : [ {
"cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*"
} ]

}

CPE Match Range Example:
CVE Record
"cpe_match" : [ {

"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding" : "5.5.0",
"versionEndIncluding" : "5.5.43"
}

]
CPE Match Feed
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
"versionStartIncluding" : "5.5.0",
"versionEndIncluding" : "5.5.43",
"cpe_name" : [ {

"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.0:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.1:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.2:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.3:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.4:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.5:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.6:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.7:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.8:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.9:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.10:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.11:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.12:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.13:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.14:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.15:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.16:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.17:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.18:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.19:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.20:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.21:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.22:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.23:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.24:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.25:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.25:a:*:*:*:*:*:*" }, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.26:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.27:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.28:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.29:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.30:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.31:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.32:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.33:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.34:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.35:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.36:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.37:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.38:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.39:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.40:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.41:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.42:*:*:*:*:*:*:*"
}, {
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:5.5.43:*:*:*:*:*:*:*"

} ]
What happens if there are no matches for the match criteria supplied?
Example:

{
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]

}

This means that the CPE Applicability statement currently does not match any URIs in the Official CPE Dictionary. When this occurs data consumers can request that the CPE URIs be given expedited review to the CPE dictionary using the email alias cpe_dictionary@nist.gov . We will do our best to address these requests as time and resources allow, however, any publicly available reference links to assist in the expedited review would be appreciated.