National Vulnerability Database

National Vulnerability Database

National Vulnerability

JSON Data Feed Changelog

1.0 - 10/30/2018

  • All paths for referenced schemas updated to ../1.0/.. 
  • In the CVSS v2.0 section, the "vectorString" property is no longer encapsulated in parenthesis ()
  • Changed "minItems" to 0 for vendor_data, problemtype_data, description, reference_data, and description_data 
  • Fixed an issue where "version_affected" was not being populated in certain circumstances
  • Added a new boolean property "acInsufInfo": {"type": "boolean"} to the "baseMetricV2" section
  • "cpe" property in the configuration section is now named "cpe_match"
  • Added optional array "cpe_name" property to schema for future support
  • No longer populate the "cpe2.2Uri", however, it remains in the schema

0.1_beta - 2018-08-06

  • Added a property to reference to track which tags have been supplied.
       "type": "array",   
       "items": {   
                "type": "string"   
       Ex: "tags" : [ "Third Party Advisory", "VDB Entry"  ]

0.1_beta - 2017-12-18

  • Changed "cpeMatchString" property name to "cpe22Uri"
  • Removed "lang" and "value" from required in "cpe" object
  • Added "vulnerable", "cpe22Uri", and "cpe23Uri" as required to "cpe" object
  • Removed "CVE_configuration_data" from required in "def_configurations" object

0.1_beta - 2017-11-01

  • Removed the following property from the "cpe" object
  • Added four new properties to the "cpe" object to assist in defining ranges

0.1_beta - 2017-07-05