U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The following documentation describes a deprecated API. Deprecated APIs do not receive updates or product support. Click here to be taken to documentation for the 2.0 API. All users are advised to use the 2.0 API as the 1.0 version will be retired on December 15th, 2023. Click here for more information on the NVD timeline.


The Official CPE Dictionary, is a searchable repository of hardware and software products maintained by the National Vulnerability Database (NVD). The CPE API allows computer applications to access the Official CPE Dictionary and associated vulnerabilities. The purpose of this document is to describe how applications can interact with the CPE web service, version 1.0.

This quickstart assumes that you already understand at least one common programming language and are generally familiar with RESTful JSON services. REST refers to a style of services that allow computers to communicate via HTTP over the Internet. JSON specifies the format of the data returned by the REST service.

The terms product and CPE are used interchangeably throughout this page. CPE means Common Platform Enumeration, version 2.3, a standard for identifying and searching products. For more information, see the naming specification provided by the Computer Security Resource Center. The CPE Name Matching specification provides a method for conducting a one-to-one comparison of a source CPE name to a target CPE name.


All requests to the API use the HTTP GET method. REST parameters allow you to control and customize which products are returned. The parameters are akin to those found on the NVD product search page.

Retrieve CPE information

The URL stem for retrieving CPE information is shown below.




This section describes the response returned by the product API.

Response Body

Questions, comments, or concerns may be shared with the NVD by emailing nvd@nist.gov

Created September 20, 2022 , Updated September 11, 2023