U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Products

The Official CPE Dictionary, is a searchable repository of hardware and software products maintained by the National Vulnerability Database (NVD). The CPE API allows computer applications to access the Official CPE Dictionary and associated vulnerabilities. The purpose of this document is to describe how applications can interact with the CPE web service, version 1.0.

This quickstart assumes that you already understand at least one common programming language and are generally familiar with RESTful JSON services. REST refers to a style of services that allow computers to communicate via HTTP over the Internet. JSON specifies the format of the data returned by the REST service.

The terms product and CPE are used interchangeably throughout this page. CPE means Common Platform Enumeration, version 2.3, a standard for identifying and searching products. For more information, see the naming specification provided by the Computer Security Resource Center. The CPE Name Matching specification provides a method for conducting a one-to-one comparison of a source CPE name to a target CPE name.

Requests

All requests to the API use the HTTP GET method. REST parameters allow you to control and customize which products are returned. The parameters are akin to those found on the NVD product search page.

Retrieve CPE information

The URL stem for retrieving CPE information is shown below.

https://services.nvd.nist.gov/rest/json/cpes/1.0/

Parameters

Response

This section describes the response returned by the product API.

Response Body


Questions, comments, or concerns may be shared with the NVD by emailing nvd@nist.gov