nvd.nist.gov /general/news
NVD - News
Active Web Watch
Back to top.
Recently Seen Items
Compact view
Reading view
| To enable more flexibility within our API output we need to remove certain restrictions from the existing 2.0 API schemas. All existing API users will need to download the latest schema files to avoid validation issues later this year. See /cves/ schema restriction update. |
| The NVD has added information to its CVE detail pages to identify vulnerabilities appearing in CISA's Known Exploited Vulnerabilities Catalog. Information on exploited vulnerabilities and the affected products will also become available to developers when the NVD releases new APIs in late 2022. Questions about the Known Exploited Vulnerabilities Catalog should be directed to CISA. Questions about the CVE may be directed to the NVD. |
NVD begins assessments with CVSS v3.0
| NVD begins assessments with CVSS v3.0 |
| As part of ongoing efforts to increase the reliability and general responsiveness of the 2.0 APIs, the NVD will be making a change to the Match Criteria API. See /cpematch/ resultsPerPage update. |
| NIST is working to establish a consortium to improve the NVD program, and there will be some temporary delays in analysis efforts. For more information please review the NVD program transition announcement page. |
| The NVD has transitioned from processing the CVE List 4.0 JSON to the CVE List 5.0 JSON. There are quite a few changes to the NVD dataset as a result of this transition. Please make sure to read the details of these changes at the NVD CVE 4.0 to CVE 5.0 transition page. |
| The 2.0 APIs have exited the open beta period, deprecating the 1.0 APIs. Deprecated APIs do not receive updates or product support. For more information on this release and to learn about upcoming changes please see the change timeline. For more information on how to transition existing processes to the new APIs please see the transition guide. |
| In late 2022 the NVD will release updated versions of its APIs. Approximately 12 months after this release the NVD will retire the current version of its APIs. Approximately 6 months after the release of the new APIs the NVD will retire all RSS feeds. Approximately 12 months after the release of the new APIs the NVD will also retire all remaining data feeds. For more information see the API and Data Feeds announcement. |
| The NVD has added information to its CVE detail pages to identify vulnerabilities appearing in CISA's Known Exploited Vulnerabilities Catalog. Information on exploited vulnerabilities and the affected products will also become available to developers when the NVD releases new APIs in late 2022. Questions about the Known Exploited Vulnerabilities Catalog should be directed to CISA. Questions about the CVE may be directed to the NVD. |
| As of July 13th, 2022, the NVD will no longer generate Vector Strings, Qualitative Severity Ratings, or Severity Scores for CVSS v2. Existing CVSS v2 information will remain in the database though it is no longer required for new CVEs. For more information see the CVSS v2 announcement. |
| To aid users with research and reference materials, the NVD has acquired a Distinct Object Identifier (DOI). DOI are persistent, unique identifiers typically used with scholarly articles, books, data sets, and other publications. For information on how to the cite the NVD, including the database's DOI, machine-readable repository metadata, and NIST's Fair Use Statement, please consult NIST's Public Data Repository. |
| NVD API users may obtain an API key that can be included as a URL parameter in API requests. Users who include an API key will see no change in service and may continue to make requests at the current rate. In six months, users making requests without a key will see a reduction in the number of requests they can make each minute. For more information see the API Key announcement. |
Beginning in October of 2021 both the Vuln and CPE APIs will limit date ranges to 120 days total. In addition, while the date ranges will continue to be an optional parameter for both APIs, it will now be required that both begin and end dates are supplied when in use. Impacts are as follows:
Beginning in October of 2021 both the Vuln and CPE APIs will limit date ranges to 120 days total. In addition, while the date ranges will continue to be an optional parameter for both APIs, it will now be required that both begin and end dates are supplied when in use. Impacts are as follows:
| Vuln API | modStartDate modEndDate | Both values will now be required when used. Maximum date ranges between dates cannot exceed 120 days. | pubStartDate pubEndDate | Both values will now be required when used. Maximum date ranges between dates cannot exceed 120 days. | CPE API | modStartDate modEndDate | Both values will now be required when used. Maximum date ranges between dates cannot exceed 120 days. |
To satisfy the different needs of the NVD Vuln API user base, the parameter cpeName has been added as an alternative to the current cpeMatchString parameter. Use the cpeName parameter when the CPE URI is known and retrieval of all CVEs attached to that CPE are desired. Use cpeMatchString for a broader search to find CVEs attached to multiple CPEs that match the CPE match string criteria.
| To satisfy the different needs of the NVD Vuln API user base, the parameter cpeName has been added as an alternative to the current cpeMatchString parameter. Use the cpeName parameter when the CPE URI is known and retrieval of all CVEs attached to that CPE are desired. Use cpeMatchString for a broader search to find CVEs attached to multiple CPEs that match the CPE match string criteria. |
| The National Checklist program content has been moved to https://ncp.nist.gov. This site contains all of the checklist content found at https://checklists.nist.gov as well as the CCE information formerly found within the NVD. This move will allow the expansion of the NCP's capabilities with an additional focus on the mappings of checklist to controls through the use of CCEs. |
|
NVD CWE Slice Updated! CVSS v3.1 Official Support! JSON 1.1 Vulnerability Feed Released! |
| JSON 1.1 Feed and CVSS v3.1 Support announcements |