National Vulnerability Database (NVD)

For more information regarding the National Vulnerability Database (NVD), please visit the Computer Security Division's NVD website.

The National Vulnerability Database (NVD) is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes security checklists, security related software flaws, misconfigurations, product names, and impact metrics.

The National Vulnerability Database (NVD) is a product of the National Institute of Standards and Technology (NIST) Computer Security Division and is sponsored by the Department of Homeland Security’s (DHS) National Cyber Security Division. NVD is a comprehensive cyber security vulnerability database that integrates publicly available U.S. government vulnerability resources and provides references to industry resources. NVD provides access to this information via a fine-grained web search capability, and through XML, RSS and web service feeds. The NVD statistics engine provides reporting capabilities that allow the tracking of vulnerability trends over time. This trending service allows users to assess changes in vulnerability discovery rates within specific products or within specific types of vulnerabilities. NVD data is represented using the Security Content Automation Protocol (SCAP) specifications. NVD is based upon the Common Vulnerabilities and Exposures (CVE) standard vulnerability dictionary and provides Common Vulnerability Scoring System (CVSS) scores for all CVE vulnerabilities as well as expresses the applicability of these vulnerabilities using the Common Platform Enumeration (CPE). The NVD database integrates Open Vulnerability Assessment Language (OVAL) definitions and plans to include platform configuration using the Common Configuration Enumeration (CCE).