NVD Banner
Vulnerabilities Checklists 800-53/800-53A Product Dictionary Impact Metrics Data Feeds Statistics
Home SCAP SCAP Validated Tools SCAP Events About Contact Vendor Comments
Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status

NVD contains:

55066 CVE Vulnerabilities
202Checklists
231 US-CERT Alerts
2690 US-CERT Vuln Notes
8140OVAL Queries

Last updated:  02/13/13

CVE Publication rate:

17 vulnerabilities / day
Email List

NVD provides five mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 8.05
About Us

NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security’s National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

NVD Data Feed and Product Integration

The entire NVD database can be downloaded from this web page for public use. There are no licensing restrictions on using this data, however, we would appreciate being given credit as is appropriate within products, services, and reports that use our data.

SCAP Data Feeds:
CVE vulnerability feeds: security related software flaws
CCE vulnerability feeds: misconfigurations (UNDER DEVELOPMENT)
CPE product dictionary
CVSS vulnerability impact scoring (included within CVE and CCE vulnerability feeds)
Common Configuration Enumeration (CCE) Reference Data
NCP Checklists

Additional Data Feeds:
CVE vendor statements
CVE translation feeds (currently provides Spanish translations)

Product Integration Services:
Linking to NVD vulnerability summaries (CVE and CCE)
Integrating security products with the NVD CVSS calculator
Hosting an NVD CVE/CCE search engine on web sites
NVD logo (for placement on third party web sites to link into NVD)


CVE vulnerability feeds: security related software flaws

NVD/CVE XML Feed with CVSS and CPE mappings (version 2.0)

NVD/CVE XML 2.0 Information:
CVE XML 2.0 Schema

CVE XML 2.0 ChangeLog


NVD/CVE XML 2.0 Data Files:
nvdcve-2.0-modified.xml (https) 12MB, Updated: 02/13/13 at 14:05
nvdcve-2.0-recent.xml (https) 1.3MB, Updated: 02/13/13 at 14:01
nvdcve-2.0-2002.xml (https) 18.6MB, Updated: 02/13/13 at 07:04
nvdcve-2.0-2003.xml (https) 5.5MB, Updated: 02/13/13 at 06:36
nvdcve-2.0-2004.xml (https) 11.8MB, Updated: 02/13/13 at 06:30
nvdcve-2.0-2005.xml (https) 18.8MB, Updated: 02/13/13 at 06:19
nvdcve-2.0-2006.xml (https) 29.9MB, Updated: 02/13/13 at 06:00
nvdcve-2.0-2007.xml (https) 28MB, Updated: 02/13/13 at 05:32
nvdcve-2.0-2008.xml (https) 32.6MB, Updated: 02/13/13 at 05:05
nvdcve-2.0-2009.xml (https) 32MB, Updated: 02/13/13 at 04:33
nvdcve-2.0-2010.xml (https) 46.6MB, Updated: 02/13/13 at 04:10
nvdcve-2.0-2011.xml (https) 108.5MB, Updated: 02/13/13 at 03:45
nvdcve-2.0-2012.xml (https) 38.3MB, Updated: 02/13/13 at 03:24
nvdcve-2.0-2013.xml (https) 4.3MB, Updated: 02/13/13 at 03:01

nvdcve-2.0-modified.xml includes all recently published and recently updated vulnerabilities
nvdcve-2.0-recent.xml includes all recently published vulnerabilities
nvdcve-2.0-2002.xml includes vulnerabilities prior to and including 2002.

NVD/CVE XML Feed with CVSS and CPE mappings (version 1.2)

NVD/CVE XML 1.2 Data Files:
nvdcve-modified.xml 3.5MB, Updated:2/13/13 at 01:13
nvdcve-recent.xml 0.4MB, Updated:2/13/13 at 14:01
nvdcve-2002.xml 9.5MB, Updated:2/13/13 at 07:04
nvdcve-2003.xml 2.6MB, Updated:2/13/13 at 06:36
nvdcve-2004.xml 5.4MB, Updated:2/13/13 at 06:30
nvdcve-2005.xml 8.8MB, Updated:2/13/13 at 06:19
nvdcve-2006.xml 14.4MB, Updated:2/13/13 at 06:00
nvdcve-2007.xml 13.2MB, Updated:2/13/13 at 05:32
nvdcve-2008.xml 14.2MB, Updated:2/13/13 at 05:05
nvdcve-2009.xml 12.9MB, Updated:2/13/13 at 04:33
nvdcve-2010.xml 16.3MB, Updated:2/13/13 at 04:10
nvdcve-2011.xml 31.6MB, Updated:2/13/13 at 03:45
nvdcve-2012.xml 13.3MB, Updated:2/13/13 at 03:24
nvdcve-2013.xml 1.4MB, Updated:2/13/13 at 03:01

nvdcve-modified.xml includes all recently published and recently updated vulnerabilities
nvdcve-recent.xml includes all recently published vulnerabilities
nvdcve-2002.xml includes vulnerabilities prior to and including 2002.

Note: The product data in the NVD has been modified to improve the data quality and to use the CPE 2.2 format. Please refer to the product mapping for a translation of historic product references to new CPE based references. Legacy CVE XML Feeds are available, these feeds contain data last updated on 09/05/2008.

NVD/CVE XML Schema File: nvdcve.xsd

Software to Parse NVD XML:
This section contains references to third party software that parses NVD XML files. We make no claim or warranty regarding this software and do not support it. We suggest that you review the source code. Use this code at your own risk.

     Purdue University (CERIAS)
     http://homes.cerias.purdue.edu/~pmeunier/nvd_xml_parser.txt


NVD/CVE RSS Feeds
NVD provides two RSS 1.0 data feeds. The first feed provides information on all recent CVE vulnerabilities. The second feed provides only fully analyzed CVE vulnerabilities. The advantage of the latter is that we are able to provide vulnerable product names in the title. The advantage of the former is that you learn about new CVE vulnerabilities as soon as possible.

nvd-rss.xml (provides all CVE vulnerabilities)
nvd-rss-analyzed.xml (provides all fully analyzed CVE vulnerabilities)
Note: the latter feed provides the same vulnerabilities as the former but the entries are slightly delayed and have more information

NCP Checklist feeds: checklists stored in the NCP repository

NCP/Checklist XML 0.1 Information:
CVE XML 2.0 Schema



NCP/Checklist XML 0.1 Data Files:
checklist-0.1-feed.xml 3.7MB, Updated: 10/27/11 at 17:44
checklist-0.1-feed-modified.xml

checklist-0.1-feed.xml includes all checklists contained within the NCP repository
checklist-0.1-feed-modified.xml includes all recently modified checklists within the NCP repository


CPE Product Dictionary
NVD has adopted the Common Platform Enumeration (CPE) standard for vendor and product naming.

The NVD CPE product dictionary is available here.


Old NVD Product Dictionary Output Format:
nvd_dictionary.txt
(WARNING!! This dictionary has been REPLACED by the NVD CPE implementation and will be deleted in the near future)


Official Vendor Statements on CVE Vulnerabilities
NVD provides a service whereby software development organizations can submit "Official Vendor Statements" on the set of CVE vulnerabilities that apply to their products. Organizations can submit statements by contacting NVD staff at nvd@nist.gov. More information is provided on the vendor statement page.

The set of statements can be downloaded from the following XML feed.

vendorstatements.xml (version 1.1, updated every 2 hours)


NVD/CVE Translated XML Feed (version 1.0)
NVD provides an XML feed for translations of CVE vulnerabilities into other languages.
Currently, Inteco (the Spanish government) is translating vulnerabilities into Spanish. Inteco is solely responsible for the Spanish translation content.


NVD/CVE Translated XML Data Files (this feed will soon be augmented with additional translation information):
nvdcve-modifiedtrans.xml 0MB, Updated:2/13/13 at 15:34
nvdcve-2002trans.xml 0.4MB, Updated:2/13/13 at 00:01
nvdcve-2003trans.xml 0.4MB, Updated:2/13/13 at 00:02
nvdcve-2004trans.xml 0.4MB, Updated:2/13/13 at 00:02
nvdcve-2005trans.xml 0.2MB, Updated:2/13/13 at 00:03
nvdcve-2006trans.xml 2.4MB, Updated:2/13/13 at 00:05
nvdcve-2007trans.xml 3.7MB, Updated:2/13/13 at 00:20
nvdcve-2008trans.xml 4.3MB, Updated:2/13/13 at 00:22
nvdcve-2009trans.xml 3.1MB, Updated:2/13/13 at 00:24
nvdcve-2010trans.xml 3.1MB, Updated:2/13/13 at 00:26
nvdcve-2011trans.xml 2.7MB, Updated:2/13/13 at 00:27
nvdcve-2012trans.xml 2.8MB, Updated:2/13/13 at 00:29
nvdcve-2013trans.xml 0.1MB, Updated:2/13/13 at 00:30
nvdcve-modifiedtrans.xml includes all recent translations and recently updated translations
nvdcve-2002trans.xml includes translations for vulnerabilities prior to and including 2002.

NVD/CVE Translation XML Schema File: nvdcvetrans.xsd


Linking to NVD vulnerability summaries (CVE and CCE)
Any product containing NVD or CVE data can be integrated with the NVD web site vulnerability summaries. To link to a particular vulnerability summary, simply use the hyperlink format http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0322 where "CVE-2001-0322" is replaced with the name of the vulnerability of interest. Note that one can leave out the "CVE" prefix and the link still works (e.g., http://web.nvd.nist.gov/view/vuln/detail?vulnId=2001-0322).


Hosting an NVD CVE/CCE Search Engine on Your Web Site
You can place the following NVD keyword search engine on your own web page using the below code:

Search for Vulnerabilities
Enter vendor, software, or keyword
<FORM ID="searchform" NAME="searchform" METHOD="POST"
ACTION="http://web.nvd.nist.gov/view/vuln/search" target="_blank">
<b>Search for Vulnerabilities</b><br>
<font color="black" size=1 face="Arial">
Enter vendor, software, or keyword</font><br>
<input type=text name="textsearch" size=16>
<input type=SUBMIT name="Go" value="Go">
</form>

NVD logo (for placement on third party web sites to link into NVD)

   

Disclaimer Notice & Privacy Statement / Security Notice

Send comments or suggestions to nvd@nist.gov

NIST Computer Security Resource Center (CSRC)

NIST is an Agency of the U.S. Dept. of Commerce

Full vulnerability listing