NVD

1.1 - 2019-09-09

The nvd_cve_feed_json_1.0.schema renamed nvd_cve_feed_json_1.1.schema.
The cvss-v3.0.json schema renamed to cvss-v3.x.json to convey support for both CVSS V3.0 and V3.1.
In cvss-v3.x.json the version enumeration has been expanded to include 3.1.

                               "version": {
                               "description": "CVSS Version",
                               "type": "string",
                               "enum": [ "3.0", "3.1" ]
                               }

In cvss-v3.x.json the vectorString pattern (regex) has been modified to allow for the CVSS:3.1 prefix.

                               "vectorString": {
                                 "type": "string",
                               "pattern": "^CVSS:3.[01]/((AV:[NALP]...

In CVE_JSON_4.0_min.schema, the affects element has been removed from the required properties.

"required": [ "data_type", "data_format", "data_version", "CVE_data_meta", "affects", "problemtype", "references", "description" ],

In nvd_cve_feed_json_1.1.schema, the last_modified property was added to def_cpe_name.

1.0 - 2018-10-30

All paths for referenced schemas updated to ../1.0/..
- https://scap.nist.gov/schema/nvd/feed/1.0/nvd_cve_feed_json_1.0.schema
- https://csrc.nist.gov/schema/nvd/feed/1.0/CVE_JSON_4.0_min.schema
- https://csrc.nist.gov/schema/nvd/feed/1.0/cvss-v2.0.json
- https://csrc.nist.gov/schema/nvd/feed/1.0/cvss-v3.0.json
In the CVSS v2.0 section, the "vectorString" property is no longer encapsulated in parenthesis ()
Changed "minItems" to 0 for vendor_data, problemtype_data, description, reference_data, and description_data
Fixed an issue where "version_affected" was not being populated in certain circumstances
Added a new boolean property "acInsufInfo": {"type": "boolean"} to the "baseMetricV2" section
"cpe" property in the configuration section is now named "cpe_match"
Added optional array "cpe_name" property to schema for future support
No longer populate the "cpe2.2Uri", however, it remains in the schema

0.1_beta - 2018-08-06

Added a property to reference to track which tags have been supplied.

Schema

   "tags":
      {   
       "type": "array",   
       "items": {   
                "type": "string"   
       }   
      }

Ex: "tags" : [ "Third Party Advisory", "VDB Entry" ]

0.1_beta - 2017-12-18

Changed "cpeMatchString" property name to "cpe22Uri"
Removed "lang" and "value" from required in "cpe" object
Added "vulnerable", "cpe22Uri", and "cpe23Uri" as required to "cpe" object
Removed "CVE_configuration_data" from required in "def_configurations" object

0.1_beta - 2017-11-01

Removed the following property from the "cpe" object
previousVersions
Added four new properties to the "cpe" object to assist in defining ranges
versionStartIncluding
versionStartExcluding
versionEndIncluding
versionEndExcluding

0.1_beta - 2017-07-05

Feed schema nvd_cve_feed_json_0.1_beta.schema made available.
This schema now extends the CVE Automation Working Group schema CVE Automation Working Group schema, as well as CVSS SIG schemas CVSS SIG CVSS v3.0 schema and CVSS SIG CVSS v2.0 schema.
CVE published date and last modified date added.
CVSS V2.0 and V3.0 exploitability and impact sub-scores added.
CVSS V2.0 severity rating added.
CVSS v2.0 metadata flags (obtainAllPrivilege, obtainUserPrivilege, obtainOtherPrivilege, userInteractionRequired) added.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

JSON Data Feed Changelog