All NIST publications are available in the public domain according to Title 17 of the United States Code, however services which utilize or access the NVD are asked to display the following notice prominently within the application: "This product uses data from the NVD API but is not endorsed or certified by the NVD." You may use the NVD name in order to identify the source of the data. You may not use the NVD name, to imply endorsement of any product, service, or entity, not-for-profit, commercial or otherwise.
For information on how to the cite the NVD, including the the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Requesting an API key allows for users to make a greater number of requests in a given time than they could otherwise. The public rate limit (without an API key) is 10 requests in a rolling 60 second window; the rate limit with an API key is 100 requests in a rolling 60 second window.
Each API Key is associated with a single email address. If an email address is used to request an additional API key, clicking the single-use hyperlink will invalidate the key previously associated with that email address. The key will not be invalidated if the email address is used to request another key, but the hyperlink is not opened. There is no process for retrieving a forgotten key or confirming whether a key has been requested or activated by any email address.
When properly implemented, the following practices enable users to stay up to date with the latest data with very few requests. Enterprise scale development should enforce these practices through a single requestor to ensure all users are in sync and have the latest CVE and CPE information.
modStartDate
equals the time of the last CVE or CPE received and
modEndDate
equals the current time. Users do not need to change the default sortBy
when making these requests.
sortOrder=publishDate
avoids these errors.
addOns
parameter can return a large amount of data,
which in some cases may become truncated. Reducing the resultsPerPage
may prevent the data from being truncated.
The process of requesting an API key requires users to provide a valid email address. About twice a year, the NVD may send a user experience survey to any email addresses that have requested an API key. The NVD does not automatically enroll these addresses in any discussion group or mailing list. It is recommended that developers using the NVD API opt into the NVD News Google Group . This group can be a valuable resource for enterprise application developers and novice researchers alike.
Questions, comments, or concerns may be shared with the NVD by emailing nvd@nist.gov