latest schema files

nvd.nist.gov / Past status updates:

  • July 2, 2024: NIST has made recent updates to improve functionality of the NVD. We are aware of availability issues with the NVD API Endpoints and are working to resolve them. If you are experiencing schema validation errors, please ensure that you or the tools you use have the latest schema files, which were recently updated. Stability should return once users make these updates and implement best practices to reduce unnecessary request volume.

    NVD CVSS v4.0 Official Support
    The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. CVSS version 4.0 is the next generation of the Common Vulnerability Scoring System standard; released November 1, 2023. CVSS v4.0 provides increased granularity for Base metrics, a new Supplemental metric group, a different methodology for determining severity and more. For more information regarding CVSS v4.0 please visit https://www.first.org/cvss/v4.0/specification-document.

    CVSS v4.0 information will be displayed throughout the NVD website: 

    Vulnerability Detail Pages
    The Metrics section of the Vulnerability detail pages will now contain CVSS v4.0 data when available. CVSS v4.0 data will be displayed in a similar fashion to CVSS v3.x and CVSS v2.0 and will be displayed if available through NVD enrichment or CVE Program related CNA and/or ADP contributions. 

    CVSS v4.0 Calculator
    A CVSS v4.0 Calculator (based on the one provided by the FIRST CVSS SIG) has been included on the website. While visually distinct from previous calculators, the same functionality exists when including CVE IDs or CVSS vector string parameters in the URL to the page (See Calculator Product Integration). 

    Vulnerability Search Form
    The advanced section of the vulnerability search page has been updated to allow searching by CVSS v4.0 criteria. 

    Vulnerability Search Results
    The search results will now include CVSS v4.0 badges when appropriate. For questions and concerns, please contact nvd [at] nist.gov (nvd[at]nist[dot]gov).

    CISA Authorized Data Publisher (ADP) Support
    As of July 3, 2024, the NVD will support inclusion of data from CISA’s Vulnrichment CVSS and CWE information. 

    The Vulnrichment data will now be displayed on the vulnerability detail pages and attributed to the CISA-ADP (Authorized Data Publisher) source along with any relevant CVSS data contributed by NVD enrichment efforts or CNAs.

    This information can also be accessed using the NVD 2.0 APIs! The CVSS information can be located within the metrics object and the CWE information can be found within weaknesses array.  

    No schema changes were necessary to support this update.

    Note:  The legacy data feed files will not contain the Vulnrichment information. For questions and concerns, please contact nvd [at] nist.gov (nvd[at]nist[dot]gov).
     

    • published about 1 year ago


    Previous

    the change timeline
    discovered over 1 year ago

    Next

    NVD CVE 4.0 to CVE 5.0 transition
    discovered about 1 year ago
    See all items from the same source