Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 4/29/2016 1:34:26 AM

CVE Publication rate: 19.7

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 9.21
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

NVD Data Feeds

NOTICE: It is assumed that users of the data feeds provided on this page have a moderate level of understanding of the XML standard and XML-related technologies as defined by www.w3.org. Currently, the NVD provides no other specific tools or services for processing vulnerability data.

The entire NVD database can be downloaded from this web page for public use. All NIST publications are available in the public domain according to Title 17 of the United States Code, however acknowledgement of the NVD when using our information is always appreciated.

The following feeds are available:

XML Vulnerability Feeds – security related software flaws contained within XML documents. Each vulnerability in the file includes a description and associated reference links from the CVE® dictionary feed, as well as a CVSS base score, vulnerable product configuration, and weakness categorization

RSS Vulnerability Feeds – an eight day window of security related software flaws

Vulnerability Translation Feeds – translations of vulnerability feeds

Vulnerability Vendor Statements – statements provided by vendors regarding a particular flaw affecting within a product

Product Dictionary – dictionary containing a list of products

Common Configuration Enumeration (CCE) Reference Data – reference data for common configuration items

National Checklist Program (NCP) Checklists – a list of all of the checklists categorized by the NCP
XML Vulnerability Feeds

Effective October 16, 2015 the XML data feeds will no longer be available for download in an uncompressed format.

Compressed XML Vulnerability Feeds

The main XML vulnerability feeds provide the CVE® data organized by the first four digits of a CVE® identifier except for the 2002 feed which includes vulnerabilities prior to and including "CVE-2002-". Data feeds are only updated when modifications to the entries change.  Each feed is updated only if the content of that feed has changed. For example the 2004 feeds will be updated only if there is an addition or modification to any vulnerability with a starting CVE® identifier of "CVE-2004-". In addition, the "recent" feeds are a list of recently published vulnerabilities and the "modified" feeds are a list of recently published and modified vulnerabilities where "recently" and "modified" are defined as the previous eight days. These feeds are updated approximately every two hours.

META Files

In addition, each of the data feeds is described by an associated plain text file with the same name as the .xml file with a .meta extension. For example, if the name of the file is nvdcve-2.0-Modified.xml then the .meta file name will be nvdcve-2.0-Modified.meta. The .meta file contains information about the specific XML feed including the last modified date and time, the size of the XML file uncompressed, and a SHA256 value of the uncompressed XML file:


lastModifiedDate:2015-09-10T08:40:09-04:00
size:1273382
zipSize:91619
gzSize:91477
sha256:ac782e2db403e2b09ad5dd676501e8755fda3f2bef347b7503491700c6c5eaff

 

How to keep Up-to-date with the NVD data
If you are locally mirroring the NVD data, the data feeds should be used to stay synchronized. After performing a one-time import of the complete data set using the compressed XML vulnerability feeds, the "modified" feeds should be used to keep up-to-date. The META file should be used to determine if the compressed "modified" feed has been updated since your last import.

 

There are currently two versions of the XML vulnerability feeds both of which contain CVE® information mapped to CVSS (version 2.0), CPE (version 2.2), and CWE™.

   
Version 2.0
NVD XML 2.0 Schema
NVD XML 2.0 Change Log
Version 1.2.1
NVD XML 1.2.1 Schema
Feed Updated Download Size (MB) Download Size (MB)
Modified4/29/2016
1:01:40 AM -04:00
META META
GZ (https) 0.12 GZ 0.08
ZIP (https) 0.12 ZIP 0.08
Recent4/29/2016
1:00:28 AM -04:00
META META
GZ (https) 0.05 GZ 0.03
ZIP (https) 0.05 ZIP 0.03
20022/10/2016
9:54:25 PM -05:00
META META
GZ (https) 1.43 GZ 1.09
ZIP (https) 1.43 ZIP 1.09
20032/10/2016
9:38:57 PM -05:00
META META
GZ (https) 0.42 GZ 0.31
ZIP (https) 0.42 ZIP 0.31
20042/10/2016
9:35:19 PM -05:00
META META
GZ (https) 0.84 GZ 0.60
ZIP (https) 0.84 ZIP 0.60
20054/7/2016
4:37:43 AM -04:00
META META
GZ (https) 1.30 GZ 0.93
ZIP (https) 1.30 ZIP 0.93
20062/10/2016
9:17:56 PM -05:00
META META
GZ (https) 2.04 GZ 1.55
ZIP (https) 2.04 ZIP 1.55
20074/5/2016
5:49:55 AM -04:00
META META
GZ (https) 1.98 GZ 1.50
ZIP (https) 1.98 ZIP 1.50
20084/5/2016
5:33:18 AM -04:00
META META
GZ (https) 2.13 GZ 1.48
ZIP (https) 2.13 ZIP 1.48
20094/6/2016
4:39:56 AM -04:00
META META
GZ (https) 2.07 GZ 1.25
ZIP (https) 2.07 ZIP 1.25
20104/19/2016
4:15:16 AM -04:00
META META
GZ (https) 2.76 GZ 1.30
ZIP (https) 2.76 ZIP 1.30
20114/27/2016
4:22:21 AM -04:00
META META
GZ (https) 6.23 GZ 2.97
ZIP (https) 6.23 ZIP 2.97
20124/20/2016
4:01:04 AM -04:00
META META
GZ (https) 2.43 GZ 1.21
ZIP (https) 2.43 ZIP 1.21
20134/27/2016
4:07:30 AM -04:00
META META
GZ (https) 2.62 GZ 1.26
ZIP (https) 2.62 ZIP 1.26
20144/28/2016
3:45:32 AM -04:00
META META
GZ (https) 2.36 GZ 1.36
ZIP (https) 2.36 ZIP 1.36
20154/28/2016
3:24:49 AM -04:00
META META
GZ (https) 1.45 GZ 0.93
ZIP (https) 1.45 ZIP 0.93
20164/28/2016
3:04:36 AM -04:00
META META
GZ (https) 0.30 GZ 0.19
ZIP (https) 0.30 ZIP 0.19

RSS Vulnerability Feeds

NVD provides two RSS 1.0 data feeds. The first feed, nvd-rss.xml , provides information on all vulnerabilities within the previous eight days. The second feed, nvd-rss-analyzed.xml, provides only vulnerabilities which have been analyzed within the previous eight days. The advantage of the second feed is that we are able to provide vulnerable product names in the title. The advantage of the former is that you learn about new vulnerabilities as soon as possible.

Vulnerability Vendor Statements
NVD provides a service whereby software development organizations can submit "Official Vendor Statements" on the set of CVE vulnerabilities that apply to their products. Organizations can submit statements by contacting NVD staff at nvd@nist.gov. More information is provided on the vendor statement page.

All of the vendors statements can be downloaded from the following XML feed which is updated every 2 hours:
Feed Updated Download Size (MB)
Vendor Statements4/29/2016
12:45:05 AM
META
GZ 0.06
ZIP 0.06

NVD/CVE Translated XML Feed (version 1.0)
NVD provides an XML feed for translations of CVE vulnerabilities into other languages.
Currently, INCIBE (Spanish National Cybersecurity Institute) is translating vulnerabilities into Spanish. INCIBE is solely responsible for the Spanish translation content.



NVD/CVE Translation XML Schema File: nvdcvetrans.xsd
 
Feed Updated Download Size (MB)
Modified4/29/2016
12:40:07 AM
META
GZ 0.02
ZIP 0.02
20024/29/2016
12:57:06 AM
META
GZ 0.07
ZIP 0.07
20034/29/2016
12:56:49 AM
META
GZ 0.07
ZIP 0.07
20044/29/2016
12:56:32 AM
META
GZ 0.06
ZIP 0.06
20054/29/2016
12:56:18 AM
META
GZ 0.03
ZIP 0.03
20064/29/2016
12:56:10 AM
META
GZ 0.39
ZIP 0.39
20074/29/2016
12:54:46 AM
META
GZ 0.62
ZIP 0.62
20084/29/2016
12:52:40 AM
META
GZ 0.63
ZIP 0.63
20094/29/2016
12:50:20 AM
META
GZ 0.47
ZIP 0.47
20104/29/2016
12:48:56 AM
META
GZ 0.43
ZIP 0.43
20114/29/2016
12:47:38 AM
META
GZ 0.38
ZIP 0.38
20124/29/2016
12:46:22 AM
META
GZ 0.44
ZIP 0.44
20134/29/2016
12:44:55 AM
META
GZ 0.48
ZIP 0.48
20144/29/2016
12:42:31 AM
META
GZ 0.55
ZIP 0.55
20154/29/2016
12:38:45 AM
META
GZ 0.46
ZIP 0.46
20164/29/2016
12:35:43 AM
META
GZ 0.09
ZIP 0.09
National Checklist Program (NCP) Checklists

NCP/Checklist XML 0.1 Information:
ncp-checklist-feed_0.2.xsd

NCP/Checklist XML 0.1 Data Files:
checklist-0.1-feed.xml
checklist-0.1-feed-modified.xml

checklist-0.1-feed.xml includes all checklists contained within the NCP repository checklist-0.1-feed-modified.xml includes all recently modified checklists within the NCP repository