U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

New NVD CVE/CPE API and Legacy SOAP Service Retirement

The NVD is now offering a new interface for organizations to use to query and ingest Vulnerability data!
This API is intended to serve as an alternative to the traditional vulnerability data feed files the NVD has offered in the past.

There are multiple benefits to the API: 
  • Retain all search capabilities based on the Advanced search page
  • Both CVE and CPE based searching capabilities
  • No longer required to download entire feed files for simple requests
  • Ability to see what has changed since a given date
  • Ease of identifying CPE matches to Applicability statements
Documentation regarding how this new API can be used is available at the following locations:
Automation Support for CPE Retrieval
Automation Support for CVE Retrieval
The legacy SOAP services will be retired three months after the CVE and CPE APIs are released.  The current retirement date is scheduled for June 1st, 2020.