National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

JSON Data Feed Changelog

1.0 - 10/30/2018

  • All paths for referenced schemas updated to ../1.0/.. 
    • https://scap.nist.gov/schema/nvd/feed/1.0/nvd_cve_feed_json_1.0.schema
    • https://csrc.nist.gov/schema/nvd/feed/1.0/CVE_JSON_4.0_min.schema
    • https://csrc.nist.gov/schema/nvd/feed/1.0/cvss-v2.0.json
    • https://csrc.nist.gov/schema/nvd/feed/1.0/cvss-v3.0.json
  • In the CVSS v2.0 section, the "vectorString" property is no longer encapsulated in parenthesis ()
  • Changed "minItems" to 0 for vendor_data, problemtype_data, description, reference_data, and description_data 
  • Fixed an issue where "version_affected" was not being populated in certain circumstances
  • Added a new boolean property "acInsufInfo": {"type": "boolean"} to the "baseMetricV2" section
  • "cpe" property in the configuration section is now named "cpe_match"
  • Added optional array "cpe_name" property to schema for future support
  • No longer populate the "cpe2.2Uri", however, it remains in the schema
 

0.1_beta - 2018-08-06

  • Added a property to reference to track which tags have been supplied.
      Schema
   "tags":
      {   
       "type": "array",   
       "items": {   
                "type": "string"   
       }   
      }
       Ex: "tags" : [ "Third Party Advisory", "VDB Entry"  ]
 

0.1_beta - 2017-12-18

  • Changed "cpeMatchString" property name to "cpe22Uri"
  • Removed "lang" and "value" from required in "cpe" object
  • Added "vulnerable", "cpe22Uri", and "cpe23Uri" as required to "cpe" object
  • Removed "CVE_configuration_data" from required in "def_configurations" object

0.1_beta - 2017-11-01

  • Removed the following property from the "cpe" object
    previousVersions
  • Added four new properties to the "cpe" object to assist in defining ranges
    versionStartIncluding
    versionStartExcluding
    versionEndIncluding
    versionEndExcluding

0.1_beta - 2017-07-05