National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NVD Visualizations

This section of the NVD is designed to give users of the NVD data different ways to look at the data and provide an overview to the data and hopefully spark some interest into why a particular visualization looks the way it does.

One visualization not here that many people often ask for is a visulization showing vulnerability by product. While the NVD data does associate products to vulnerabilities to assist in patching, it is not an appropriate use of the data to demonstrate the relative security of products based on the number of vulnerabilities contained within the NVD data. The NVD only contains a subset of all publicly disclosed vulnerabilities that have been given a CVE identifier, leaving out the rest of the universe of vulnerabilities that exist, which include but are not limited to undiscovered vulnerabilties, unreported vulnerabilties, undisclosed vulnerabilities, etc...

Many of the visualizations use the D3.js libary (Data-Driven Documents). We would like to thank Judith Terrill and the High Performance Computing and Visualization Group for starting many of these visualizations and developing some of the first prototypes.

 
  • Vulnerabilities - CVE
    • Distribution by Vulnerability Type Over Time
    • Severity by Year (CVSS)
    • Summary Description Word Frequency
  • Checklists - NCP
  • Products - CPE
 

Vuln Summary Word Frequency Cloud

This visualization was generated by calculating the frequency of words (common words such as "the" and "a" were excluded) that were part of the vulnerability summary description.