Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 4/17/2014

CVE Publication rate: 20.43

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 8.88
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

NVD Data Feed and Product Integration

The entire NVD database can be downloaded from this web page for public use. There are no licensing restrictions on using this data, however, we would appreciate being given credit as is appropriate within products, services, and reports that use our data.

SCAP Data Feeds:
CVE vulnerability feeds: security related software flaws
CCE vulnerability feeds: misconfigurations (UNDER DEVELOPMENT)
CPE product dictionary
CVSS vulnerability impact scoring (included within CVE and CCE vulnerability feeds)
Common Configuration Enumeration (CCE) Reference Data
NCP Checklists

Additional Data Feeds:
CVE vendor statements
CVE translation feeds (currently provides Spanish translations)

Product Integration Services:
Linking to NVD vulnerability summaries (CVE and CCE)
Integrating security products with the NVD CVSS calculator
Hosting an NVD CVE/CCE search engine on web sites
NVD logo (for placement on third party web sites to link into NVD)


CVE vulnerability feeds: security related software flaws

NVD/CVE XML Feed with CVSS and CPE mappings (version 2.0)

NVD/CVE XML 2.0 Information:
CVE XML 2.0 Schema
CVE XML 2.0 ChangeLog

NVD/CVE XML 2.0 Data Files:
nvdcve-2.0-modified.xml (https) 1.29MB, Updated: 4/17/2014 10:05:45 AM
nvdcve-2.0-recent.xml (https) 1.15MB, Updated: 4/17/2014 10:02:33 AM
nvdcve-2.0-2002.xml (https) 18.59MB, Updated: 4/15/2014 7:10:44 PM
nvdcve-2.0-2003.xml (https) 5.52MB, Updated: 4/15/2014 6:29:19 PM
nvdcve-2.0-2004.xml (https) 11.73MB, Updated: 4/15/2014 6:20:29 PM
nvdcve-2.0-2005.xml (https) 18.73MB, Updated: 4/15/2014 6:01:32 PM
nvdcve-2.0-2006.xml (https) 29.84MB, Updated: 4/15/2014 5:33:33 PM
nvdcve-2.0-2007.xml (https) 27.94MB, Updated: 4/17/2014 5:13:49 PM
nvdcve-2.0-2008.xml (https) 32.50MB, Updated: 4/17/2014 4:34:53 PM
nvdcve-2.0-2009.xml (https) 31.98MB, Updated: 4/17/2014 3:52:05 PM
nvdcve-2.0-2010.xml (https) 46.60MB, Updated: 4/17/2014 3:16:57 PM
nvdcve-2.0-2011.xml (https) 109.43MB, Updated: 4/17/2014 2:25:58 PM
nvdcve-2.0-2012.xml (https) 41.89MB, Updated: 4/17/2014 1:45:28 PM
nvdcve-2.0-2013.xml (https) 41.07MB, Updated: 4/17/2014 12:57:21 PM
nvdcve-2.0-2014.xml (https) 8.04MB, Updated: 4/17/2014 12:03:46 PM

nvdcve-2.0-modified.xml includes all recently published and recently updated vulnerabilities
nvdcve-2.0-recent.xml includes all recently published vulnerabilities
nvdcve-2.0-2002.xml includes vulnerabilities prior to and including 2002.

NVD/CVE XML Feed with CVSS and CPE mappings (version 1.2)

NVD/CVE XML 1.2 Data Files:
nvdcve-modified.xml 0.50MB, Updated: 4/17/2014 10:05:45 AM
nvdcve-recent.xml 0.45MB, Updated: 4/17/2014 10:02:33 AM
nvdcve-2002.xml 8.93MB, Updated: 4/15/2014 7:10:44 PM
nvdcve-2003.xml 2.48MB, Updated: 4/15/2014 6:29:19 PM
nvdcve-2004.xml 5.02MB, Updated: 4/15/2014 6:20:29 PM
nvdcve-2005.xml 8.23MB, Updated: 4/15/2014 6:01:32 PM
nvdcve-2006.xml 13.56MB, Updated: 4/15/2014 5:33:33 PM
nvdcve-2007.xml 12.46MB, Updated: 4/17/2014 5:13:49 PM
nvdcve-2008.xml 13.40MB, Updated: 4/17/2014 4:34:53 PM
nvdcve-2009.xml 11.78MB, Updated: 4/17/2014 3:52:05 PM
nvdcve-2010.xml 15.27MB, Updated: 4/17/2014 3:16:57 PM
nvdcve-2011.xml 29.91MB, Updated: 4/17/2014 2:25:58 PM
nvdcve-2012.xml 13.66MB, Updated: 4/17/2014 1:45:28 PM
nvdcve-2013.xml 13.91MB, Updated: 4/17/2014 12:57:21 PM
nvdcve-2014.xml 2.62MB, Updated: 4/17/2014 12:03:46 PM

nvdcve-modified.xml includes all recently published and recently updated vulnerabilities
nvdcve-recent.xml includes all recently published vulnerabilities
nvdcve-2002.xml includes vulnerabilities prior to and including 2002.

Note: The product data in the NVD uses the CPE 2.2 format.

NVD/CVE XML Schema File: nvdcve.xsd

Software to Parse NVD XML:
This section contains references to third party software that parses NVD XML files. We make no claim or warranty regarding this software and do not support it. We suggest that you review the source code. Use this code at your own risk.

     Purdue University (CERIAS)
     http://homes.cerias.purdue.edu/~pmeunier/nvd_xml_parser.txt


NVD/CVE RSS Feeds
NVD provides two RSS 1.0 data feeds. The first feed provides information on all recent CVE vulnerabilities. The second feed provides only fully analyzed CVE vulnerabilities. The advantage of the latter is that we are able to provide vulnerable product names in the title. The advantage of the former is that you learn about new CVE vulnerabilities as soon as possible.

nvd-rss.xml (provides all CVE vulnerabilities)
nvd-rss-analyzed.xml (provides all fully analyzed CVE vulnerabilities)
Note: the latter feed provides the same vulnerabilities as the former but the entries are slightly delayed and have more information

NCP Checklist feeds: checklists stored in the NCP repository

NCP/Checklist XML 0.1 Information:
CVE XML 2.0 Schema


NCP/Checklist XML 0.1 Data Files:
checklist-0.1-feed.xml
checklist-0.1-feed-modified.xml

checklist-0.1-feed.xml includes all checklists contained within the NCP repository
checklist-0.1-feed-modified.xml includes all recently modified checklists within the NCP repository


CPE Product Dictionary
NVD has adopted the Common Platform Enumeration (CPE) standard for vendor and product naming.

The NVD CPE product dictionary is available here.



Official Vendor Statements on CVE Vulnerabilities
NVD provides a service whereby software development organizations can submit "Official Vendor Statements" on the set of CVE vulnerabilities that apply to their products. Organizations can submit statements by contacting NVD staff at nvd@nist.gov. More information is provided on the vendor statement page.

The set of statements can be downloaded from the following XML feed.

vendorstatements.xml (version 1.1, updated every 2 hours)


NVD/CVE Translated XML Feed (version 1.0)
NVD provides an XML feed for translations of CVE vulnerabilities into other languages.
Currently, Inteco (the Spanish government) is translating vulnerabilities into Spanish. Inteco is solely responsible for the Spanish translation content.


NVD/CVE Translated XML Data Files (this feed will soon be augmented with additional translation information):
nvdcve-modifiedtrans.xml 0.09MB, Updated: 4/17/2014 1:08:16 AM
nvdcve-2002trans.xml 0.37MB, Updated: 4/17/2014 1:04:06 AM
nvdcve-2003trans.xml 0.39MB, Updated: 4/17/2014 1:03:40 AM
nvdcve-2004trans.xml 0.34MB, Updated: 4/17/2014 1:03:13 AM
nvdcve-2005trans.xml 0.18MB, Updated: 4/17/2014 1:02:50 AM
nvdcve-2006trans.xml 2.22MB, Updated: 4/17/2014 1:02:37 AM
nvdcve-2007trans.xml 3.50MB, Updated: 4/17/2014 12:59:55 AM
nvdcve-2008trans.xml 3.86MB, Updated: 4/17/2014 12:56:35 AM
nvdcve-2009trans.xml 2.73MB, Updated: 4/17/2014 12:52:24 AM
nvdcve-2010trans.xml 2.74MB, Updated: 4/17/2014 12:49:05 AM
nvdcve-2011trans.xml 2.39MB, Updated: 4/17/2014 12:45:32 AM
nvdcve-2012trans.xml 2.76MB, Updated: 4/17/2014 12:43:15 AM
nvdcve-2013trans.xml 2.81MB, Updated: 4/17/2014 12:40:42 AM
nvdcve-2014trans.xml 0.51MB, Updated: 4/17/2014 12:37:16 AM

nvdcve-modifiedtrans.xml includes all recent translations and recently updated translations
nvdcve-2002trans.xml includes translations for vulnerabilities prior to and including 2002.

NVD/CVE Translation XML Schema File: nvdcvetrans.xsd


Linking to NVD vulnerability summaries (CVE and CCE)
Any product containing NVD or CVE data can be integrated with the NVD web site vulnerability summaries. To link to a particular vulnerability summary, simply use the hyperlink format http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0322 where "CVE-2001-0322" is replaced with the name of the vulnerability of interest. Note that one can leave out the "CVE" prefix and the link still works (e.g., http://web.nvd.nist.gov/view/vuln/detail?vulnId=2001-0322).


Hosting an NVD CVE/CCE Search Engine on Your Web Site
You can place the following NVD keyword search engine on your own web page using the below code:

Search for Vulnerabilities
Enter vendor, software, or keyword
 
<FORM ID="searchform" NAME="searchform" METHOD="POST"
ACTION="http://web.nvd.nist.gov/viewvuln/search" target="_blank">
<b>Search for Vulnerabilities</b><br>
<font color="black" size=1 face="Arial">
Enter vendor, software, or keyword</font><br>
<input type=text name="textsearch" size=16>
<input type=SUBMIT name="Go" value="Go">
</form>

NVD logo (for placement on third party web sites to link into NVD)