National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NVD Data Feeds

NOTICE

It is assumed that users of the data feeds provided on this page have a moderate level of understanding of the XML and/or JSON standard and XML or JSON related technologies as defined by www.w3.org. Currently, the NVD provides no other specific tools or services for processing vulnerability data.

The entire NVD database can be downloaded from this web page for public use. All NIST publications are available in the public domain according to Title 17 of the United States Code, however acknowledgement of the NVD when using our information is always appreciated.

The following feeds are available: How to keep up-to-date with the NVD data The main vulnerability feeds provide CVE® data organized by the first four digits of a CVE® identifier except for the 2002 feeds which include vulnerabilities prior to and including "CVE-2002-".  Each feed is updated only if the content of that feed has changed. For example the 2004 feeds will be updated only if there is an addition or modification to any vulnerability with a starting CVE® identifier of "CVE-2004-". In addition, the "recent" feeds are a list of recently published vulnerabilities and the "modified" feeds are a list of recently published and modified vulnerabilities where "recently" and "modified" are defined as the previous eight days. These feeds are updated approximately every two hours.
 

If you are locally mirroring the NVD data, the data feeds should be used to stay synchronized. After performing a one-time import of the complete data set using the compressed XML vulnerability feeds, the "modified" feeds should be used to keep up-to-date. The META file should be used to determine if the compressed "modified" feed has been updated since your last import.

META Files

In addition, each of the data feeds is described by an associated plain text file with the same name as the .xml file with a .meta extension. For example, if the name of the file is nvdcve-2.0-Modified.xml then the .meta file name will be nvdcve-2.0-Modified.meta. The .meta file contains information about the specific feed including the last modified date and time, the size of the file uncompressed, and a SHA256 value of the uncompressed file:

lastModifiedDate:2015-09-10T08:40:09-04:00
size:1273382
zipSize:91619
gzSize:91477
sha256:ac782e2db403e2b09ad5dd676501e8755fda3f2bef347b7503491700c6c5eaff

JSON Feeds

NVD is now offering a BETA release for a new vulnerability data feed using the JSON format. This data feed includes both previously offered and new NVD data points. Please keep in mind that this is a BETA release of the feed and as such the format of some sections are subject to change. Changes are visible by viewing the changelog.

    Version 0.1 beta
NVD JSON 0.1 beta Schema
Feed Updated Download Size (MB)
CVE-Modified 10/19/2018 1:06:07 AM -04:00 META
GZ 4.33
ZIP 4.33
CVE-Recent 10/19/2018 1:00:27 AM -04:00 META
GZ 0.19
ZIP 0.19
CVE-2018 10/19/2018 3:05:16 AM -04:00 META
GZ 3.07
ZIP 3.07
CVE-2017 10/19/2018 3:15:34 AM -04:00 META
GZ 5.89
ZIP 5.89
CVE-2016 10/19/2018 3:20:57 AM -04:00 META
GZ 3.32
ZIP 3.32
CVE-2015 10/19/2018 3:25:05 AM -04:00 META
GZ 2.76
ZIP 2.76
CVE-2014 10/19/2018 3:29:04 AM -04:00 META
GZ 3.45
ZIP 3.45
CVE-2013 10/19/2018 3:32:32 AM -04:00 META
GZ 3.73
ZIP 3.73
CVE-2012 10/19/2018 3:36:00 AM -04:00 META
GZ 3.62
ZIP 3.62
CVE-2011 10/19/2018 3:41:03 AM -04:00 META
GZ 8.97
ZIP 8.97
CVE-2010 10/19/2018 3:45:10 AM -04:00 META
GZ 3.89
ZIP 3.89
CVE-2009 10/19/2018 3:48:11 AM -04:00 META
GZ 2.75
ZIP 2.75
CVE-2008 10/19/2018 3:51:48 AM -04:00 META
GZ 2.68
ZIP 2.68
CVE-2007 10/19/2018 3:55:00 AM -04:00 META
GZ 2.38
ZIP 2.38
CVE-2006 10/19/2018 3:58:20 AM -04:00 META
GZ 2.44
ZIP 2.44
CVE-2005 10/19/2018 4:00:34 AM -04:00 META
GZ 1.56
ZIP 1.56
CVE-2004 10/19/2018 4:01:54 AM -04:00 META
GZ 1.03
ZIP 1.03
CVE-2003 10/19/2018 4:02:38 AM -04:00 META
GZ 0.50
ZIP 0.50
CVE-2002 10/19/2018 4:05:04 AM -04:00 META
GZ 1.67
ZIP 1.67

XML Vulnerability Feeds

The original feed format offered by NVD. Please make sure to read the "How to keep up-to-date with the NVD data" section at the top of the page for guidance on using the feeds.

    Version 2.0
NVD XML 2.0 Schema
Version 1.2.1
NVD XML 1.2.1 Schema
Feed Updated Download Size (MB) Download Size (MB)
CVE-Modified 10/19/2018 1:06:08 AM -04:00 META META
GZ 3.65 GZ 2.62
ZIP 3.65 ZIP 2.62
CVE-Recent 10/19/2018 1:00:27 AM -04:00 META META
GZ 0.18 GZ 0.12
ZIP 0.18 ZIP 0.12
CVE-2018 10/19/2018 3:05:16 AM -04:00 META META
GZ 3.43 GZ 1.76
ZIP 3.43 ZIP 1.76
CVE-2017 10/19/2018 3:15:34 AM -04:00 META META
GZ 7.13 GZ 3.42
ZIP 7.13 ZIP 3.42
CVE-2016 10/19/2018 3:20:58 AM -04:00 META META
GZ 2.66 GZ 1.58
ZIP 2.66 ZIP 1.58
CVE-2015 10/19/2018 3:25:06 AM -04:00 META META
GZ 2.25 GZ 1.43
ZIP 2.25 ZIP 1.43
CVE-2014 10/19/2018 3:29:04 AM -04:00 META META
GZ 2.66 GZ 1.56
ZIP 2.66 ZIP 1.56
CVE-2013 10/19/2018 3:32:33 AM -04:00 META META
GZ 2.66 GZ 1.30
ZIP 2.66 ZIP 1.30
CVE-2012 10/19/2018 3:36:00 AM -04:00 META META
GZ 2.44 GZ 1.24
ZIP 2.44 ZIP 1.24
CVE-2011 10/19/2018 3:41:04 AM -04:00 META META
GZ 6.03 GZ 3.03
ZIP 6.03 ZIP 3.03
CVE-2010 10/19/2018 3:45:10 AM -04:00 META META
GZ 2.77 GZ 1.31
ZIP 2.77 ZIP 1.31
CVE-2009 10/19/2018 3:48:12 AM -04:00 META META
GZ 2.05 GZ 1.24
ZIP 2.05 ZIP 1.24
CVE-2008 10/19/2018 3:51:49 AM -04:00 META META
GZ 2.12 GZ 1.48
ZIP 2.12 ZIP 1.48
CVE-2007 10/19/2018 3:55:00 AM -04:00 META META
GZ 1.92 GZ 1.44
ZIP 1.92 ZIP 1.44
CVE-2006 10/19/2018 3:58:20 AM -04:00 META META
GZ 2.01 GZ 1.52
ZIP 2.01 ZIP 1.52
CVE-2005 10/19/2018 4:00:34 AM -04:00 META META
GZ 1.28 GZ 0.92
ZIP 1.28 ZIP 0.92
CVE-2004 10/19/2018 4:01:54 AM -04:00 META META
GZ 0.83 GZ 0.59
ZIP 0.83 ZIP 0.59
CVE-2003 10/19/2018 4:02:39 AM -04:00 META META
GZ 0.42 GZ 0.31
ZIP 0.42 ZIP 0.31
CVE-2002 10/19/2018 4:05:04 AM -04:00 META META
GZ 1.43 GZ 1.08
ZIP 1.43 ZIP 1.08

RSS Vulnerability Feeds

NVD provides two RSS 1.0 data feeds. The first feed, nvd-rss.xml (zip or gz), provides information on all vulnerabilities within the previous eight days. The second feed, nvd-rss-analyzed.xml (zip or gz), provides only vulnerabilities which have been analyzed within the previous eight days. The advantage of the second feed is that we are able to provide vulnerable product names in the title. The advantage of the former is that you learn about new vulnerabilities as soon as possible.

Vulnerability Vendor Comments

NVD provides a service whereby software development organizations can submit "Official Vendor Comments" on the set of CVE vulnerabilities that apply to their products. Organizations can submit comments by contacting NVD staff at nvd@nist.gov. More information is provided on the vendor comment page.

All of the vendors comments can be downloaded from the following XML feed which is updated every 2 hours:

Feed Updated Download Size (MB)
Vendor Comments 10/19/2018 12:45:07 AM -04:00 META
GZ 0.06
ZIP 0.06

NVD/CVE Translated XML Feed (version 1.0)

NVD provides an XML feed for translations of CVE vulnerabilities into other languages.

Currently, INCIBE (Spanish National Cybersecurity Institute) is translating vulnerabilities into Spanish. INCIBE is solely responsible for the Spanish translation content.Incibe Logo

NVD/CVE Translation XML Schema File: nvdcvetrans.xsd

Feed Updated Download Size (MB)
CVE-Modified 10/19/2018 12:40:02 AM -04:00 META
GZ 0.03
ZIP 0.03
CVE-2018 10/19/2018 12:35:58 AM -04:00 META
GZ 0.81
ZIP 0.81
CVE-2017 10/19/2018 12:37:18 AM -04:00 META
GZ 1.00
ZIP 1.00
CVE-2016 10/19/2018 12:38:12 AM -04:00 META
GZ 0.67
ZIP 0.67
CVE-2015 10/19/2018 12:38:56 AM -04:00 META
GZ 0.58
ZIP 0.58
CVE-2014 10/19/2018 12:39:45 AM -04:00 META
GZ 0.61
ZIP 0.61
CVE-2013 10/19/2018 12:40:21 AM -04:00 META
GZ 0.49
ZIP 0.49
CVE-2012 10/19/2018 12:40:53 AM -04:00 META
GZ 0.44
ZIP 0.44
CVE-2011 10/19/2018 12:41:20 AM -04:00 META
GZ 0.38
ZIP 0.38
CVE-2010 10/19/2018 12:41:50 AM -04:00 META
GZ 0.43
ZIP 0.43
CVE-2009 10/19/2018 12:42:20 AM -04:00 META
GZ 0.46
ZIP 0.46
CVE-2008 10/19/2018 12:43:03 AM -04:00 META
GZ 0.63
ZIP 0.63
CVE-2007 10/19/2018 12:43:43 AM -04:00 META
GZ 0.62
ZIP 0.62
CVE-2006 10/19/2018 12:44:10 AM -04:00 META
GZ 0.39
ZIP 0.39
CVE-2005 10/19/2018 12:44:14 AM -04:00 META
GZ 0.03
ZIP 0.03
CVE-2004 10/19/2018 12:44:19 AM -04:00 META
GZ 0.06
ZIP 0.06
CVE-2003 10/19/2018 12:44:24 AM -04:00 META
GZ 0.07
ZIP 0.07
CVE-2002 10/19/2018 12:44:30 AM -04:00 META
GZ 0.07
ZIP 0.07

National Checklist Program (NCP) Checklists

Note: As of April 2017, the checklist schema was revised to make the SHA-1 element optional in accordance with NISTSP-131Ar1.
Note: As of July 2017, tier has been made optional to support changes in the current draft of 800-70 Rev 4.

NCP/Checklist XML 0.1 Information:
ncp-checklist-feed_0.2.xsd

NCP/Checklist XML 0.1 Data Files: checklist-0.1-feed.xml (zip or gz)
checklist-0.1-feed-modified.xml (zip or gz)

checklist-0.1-feed.xml includes all checklists contained within the NCP repository checklist-0.1-feed-modified.xml includes all recently modified checklists within the NCP repository