NIST National Vulnerabilities Database

17 min

national institute of standards and technology this connector provides a way of accessing cve and cpe information all information is gathered from the national vulnerability database capabilities cve common vulnerabilities and exposures it's possible to get cves by id single modification date range gets all cves modified in the selected date range published date range gets all cves published in the selected date range keyword gets all cves looking for a keyword in the vulnerability description cwe id gets all cves containing a cwe severity gets all cves classified based on the severity cpe common platform enumeration it's possible to get cpes by modification date range gets all cpes modified in the selected date range keyword gets all cpes looking for a keyword in the vulnerability description cpe string search gets all cpes containing a mention to a product about api parameters for parameters which does not require a value, a empty string must be provided these parameters are hascertalerts hascertnotes haskev hasoval isvulnerable norejected notes the public rate limit (without an api key) is 5 requests in a rolling 30 second window; the rate limit with an api key is 50 requests in a rolling 30 second window to request an api key on the api key requests page, enter data into the three fields on the requests form scroll to the bottom of the terms of use, and then click the check box marked i agree to the terms of use check the inbox of the email address provided in the steps above for an email from mailto\ nvd noreply\@nist gov activate and view the api key by opening the single use hyperlink store the api key in a secure location as the page will no longer be available after it is closed if your key is not activated within seven days, the single use hyperlink will expire each api key is associated with a single email address if an email address is used to request an additional api key, clicking the single use hyperlink will invalidate the key previously associated with that email address the key will not be invalidated if the email address is used to request another key, but the hyperlink is not opened there is no process for retrieving a forgotten key or confirming whether a key has been requested or activated by any email address https //nvd nist gov/developers/start here https //documenter getpostman com/view/16438573/uzxkwe99#bc2d27c3 ede5 4496 afed 3c0686fb6fd1 configurations nist api key authentication authenticates using an api key configuration parameters parameter description type required api key nist api key string optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get cpes retrieve information on a single cpe record or a collection of cpe records from the official cpe dictionary endpoint url https //services nvd nist gov/rest/json/cpes/2 0/ method get input argument name type required description parameters resultsperpage number optional parameters for the get cpes action parameters cpenameid string optional parameters for the get cpes action parameters cpematchstring string optional parameters for the get cpes action parameters keywordexactmatch string optional parameters for the get cpes action parameters keywordsearch string optional parameters for the get cpes action parameters lastmodstartdate string optional parameters for the get cpes action parameters lastmodenddate string optional parameters for the get cpes action parameters matchcriteriaid string optional parameters for the get cpes action parameters startindex number optional parameters for the get cpes action input example {"parameters" {"resultsperpage" 1,"cpenameid" "87316812 5f2c 4286 94fe cc98b9eaef53","cpematchstring" "cpe 2 3\ o microsoft\ windows 10","keywordexactmatch" "microsoft","keywordsearch" "red hat","lastmodstartdate" "2021 08 04t13 00 00 000%2b01 00","lastmodenddate" "2021 10 22t13 36 00 000%2b01 00","matchcriteriaid" "36fbcf0f 8cee 474c 8a04 5075af53faf4","startindex" 0}} output parameter type description status code number http status code of the response reason string response reason phrase resultsperpage number result of the operation startindex number output field startindex totalresults number result of the operation format string output field format version string output field version timestamp string output field timestamp products array output field products products cpe object output field products cpe products cpe deprecated boolean output field products cpe deprecated products cpe cpename string name of the resource products cpe cpenameid string unique identifier products cpe lastmodified string output field products cpe lastmodified products cpe created string output field products cpe created products cpe titles array output field products cpe titles products cpe titles title string output field products cpe titles title products cpe titles lang string output field products cpe titles lang output example {"status code" 200,"response headers" {"content type" "application/json","content encoding" "gzip","vary" "accept encoding","x frame options" "sameorigin","access control allow origin" " ","access control allow headers" "accept, apikey, content type, origin, x requested with","access control allow methods" "get, head, options","access control allow credentials" "false","date" "thu, 19 jan 2023 20 03 51 gmt","content length" "478","apikey" "no","strict transport security" "max age=31536000"},"rea get cves retrieve information on a single cve or a collection of cve endpoint url https //services nvd nist gov/rest/json/cves/2 0/ method get input argument name type required description parameters resultsperpage number optional parameters for the get cves action parameters cpename string optional parameters for the get cves action parameters cveid string optional parameters for the get cves action parameters cvssv2metrics string optional parameters for the get cves action parameters cvssv2severity string optional parameters for the get cves action parameters cvssv3metrics string optional parameters for the get cves action parameters cvssv3severity string optional parameters for the get cves action parameters cweid string optional parameters for the get cves action parameters keywordsearch string optional parameters for the get cves action parameters keywordexactmatch string optional parameters for the get cves action parameters lastmodstartdate string optional parameters for the get cves action parameters lastmodenddate string optional parameters for the get cves action parameters pubstartdate string optional parameters for the get cves action parameters pubenddate string optional parameters for the get cves action parameters startindex number optional parameters for the get cves action parameters sourceidentifier string optional parameters for the get cves action parameters versionend string optional parameters for the get cves action parameters versionendtype string optional parameters for the get cves action parameters versionstart string optional parameters for the get cves action parameters versionstarttype string optional parameters for the get cves action parameters virtualmatchstring string optional parameters for the get cves action parameters hascertalerts string optional parameters for the get cves action parameters hascertnotes string optional parameters for the get cves action parameters haskev string optional parameters for the get cves action parameters hasoval string optional parameters for the get cves action input example {"parameters" {"resultsperpage" 1,"cpename" "cpe 2 3\ o microsoft\ windows 10 1607","cveid" "cve 2019 1010218","cvssv2metrics" "av\ n/ac\ h/au\ n/c\ c/i\ c/a\ c","cvssv2severity" "low","cvssv3metrics" "av\ l/ac\ l/pr\ l/ui\ r/s\ u/c\ n/i\ l/a\ l","cvssv3severity" "low","cweid" "cwe 287","keywordsearch" "microsoft outlook\&keywordexactmatch","keywordexactmatch" "microsoft outlook\&keywordexactmatch","lastmodstartdate" "2021 08 04t13 00 00 000%2b01 00","lastmodenddate" "2021 10 22t13 36 00 000%2b01 00","pubstartdate" "2021 08 04t00 00 00 000","pubenddate" "2021 10 22t00 00 00 000","startindex" 0,"sourceidentifier" "cve\@mitre org","versionend" "2 7","versionendtype" "excluding","versionstart" "2 2","versionstarttype" "including","virtualmatchstring" "cpe 2 3 de","hascertalerts" "","hascertnotes" "","haskev" "","hasoval" "","isvulnerable" "","norejected" ""}} output parameter type description status code number http status code of the response reason string response reason phrase resultsperpage number result of the operation startindex number output field startindex totalresults number result of the operation format string output field format version string output field version timestamp string output field timestamp vulnerabilities array output field vulnerabilities vulnerabilities cve object output field vulnerabilities cve vulnerabilities cve id string unique identifier vulnerabilities cve sourceidentifier string unique identifier vulnerabilities cve published string output field vulnerabilities cve published vulnerabilities cve lastmodified string output field vulnerabilities cve lastmodified vulnerabilities cve vulnstatus string status value vulnerabilities cve descriptions array output field vulnerabilities cve descriptions vulnerabilities cve descriptions lang string output field vulnerabilities cve descriptions lang vulnerabilities cve descriptions value string value for the parameter vulnerabilities cve metrics object output field vulnerabilities cve metrics vulnerabilities cve metrics cvssmetricv2 array output field vulnerabilities cve metrics cvssmetricv2 vulnerabilities cve metrics cvssmetricv2 source string output field vulnerabilities cve metrics cvssmetricv2 source vulnerabilities cve metrics cvssmetricv2 type string type of the resource vulnerabilities cve metrics cvssmetricv2 cvssdata object response data vulnerabilities cve metrics cvssmetricv2 baseseverity string output field vulnerabilities cve metrics cvssmetricv2 baseseverity vulnerabilities cve metrics cvssmetricv2 exploitabilityscore number score value output example {"status code" 200,"response headers" {"content type" "application/json","content encoding" "gzip","vary" "accept encoding","x frame options" "sameorigin","access control allow origin" " ","access control allow headers" "accept, apikey, content type, origin, x requested with","access control allow methods" "get, head, options","access control allow credentials" "false","date" "thu, 19 jan 2023 18 36 01 gmt","content length" "1422","apikey" "no","strict transport security" "max age=31536000"},"re response headers header description example access control allow credentials http response header access control allow credentials false access control allow headers http response header access control allow headers accept, apikey, content type, origin, x requested with access control allow methods http response header access control allow methods get, head, options access control allow origin http response header access control allow origin apikey http response header apikey no content encoding http response header content encoding gzip content length the length of the response body in bytes 478 content type the media type of the resource application/json date the date and time at which the message was originated thu, 19 jan 2023 20 03 51 gmt strict transport security http response header strict transport security max age=31536000 vary http response header vary accept encoding x frame options http response header x frame options sameorigin