NIST National Vulnerabilities Database

national institute of standards and technology this connector provides a way of accessing cve and cpe information all information is gathered from the national vulnerability database capabilities cve common vulnerabilities and exposures it's possible to get cves by id single modification date range gets all cves modified in the selected date range published date range gets all cves published in the selected date range keyword gets all cves looking for a keyword in the vulnerability description cwe id gets all cves containing a cwe severity gets all cves classified based on the severity cpe common platform enumeration it's possible to get cpes by modification date range gets all cpes modified in the selected date range keyword gets all cpes looking for a keyword in the vulnerability description cpe string search gets all cpes containing a mention to a product about api parameters for parameters which does not require a value, a empty string must be provided these parameters are hascertalerts hascertnotes haskev hasoval isvulnerable norejected to request an api key on the api key requests page, enter data into the three fields on the requests form scroll to the bottom of the terms of use, and then click the check box marked i agree to the terms of use check the inbox of the email address provided in the steps above for an email from nvd noreply\@nist gov mailto\ nvd noreply\@nist gov activate and view the api key by opening the single use hyperlink store the api key in a secure location as the page will no longer be available after it is closed if your key is not activated within seven days, the single use hyperlink will expire each api key is associated with a single email address if an email address is used to request an additional api key, clicking the single use hyperlink will invalidate the key previously associated with that email address the key will not be invalidated if the email address is used to request another key, but the hyperlink is not opened there is no process for retrieving a forgotten key or confirming whether a key has been requested or activated by any email address click here to know more! https //nvd nist gov/developers/start herenist api doc https //documenter getpostman com/view/16438573/uzxkwe99#bc2d27c3 ede5 4496 afed 3c0686fb6fd1 configurations nist api key authentication authenticates using an api key configuration parameters parameter description type required api key nist api key string optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get cpes retrieve information on a single cpe record or a collection of cpe records from the official cpe dictionary endpoint url https //services nvd nist gov/rest/json/cpes/2 0/ method get input argument name type required description resultsperpage number optional result of the operation cpenameid string optional unique identifier cpematchstring string optional parameter for get cpes keywordexactmatch string optional parameter for get cpes keywordsearch string optional parameter for get cpes lastmodstartdate string optional date value lastmodenddate string optional date value matchcriteriaid string optional unique identifier startindex number optional parameter for get cpes output parameter type description status code number http status code of the response reason string response reason phrase resultsperpage number result of the operation startindex number output field startindex totalresults number result of the operation format string output field format version string output field version timestamp string output field timestamp products array output field products cpe object output field cpe deprecated boolean output field deprecated cpename string name of the resource cpenameid string unique identifier lastmodified string output field lastmodified created string output field created titles array output field titles title string output field title lang string output field lang example \[ { "status code" 200, "response headers" { "content type" "application/json", "content encoding" "gzip", "vary" "accept encoding", "x frame options" "sameorigin", "access control allow origin" " ", "access control allow headers" "accept, apikey, content type, origin, x requested with", "access control allow methods" "get, head, options", "access control allow credentials" "false", "date" "thu, 19 jan 2023 20 03 51 gmt", "content length" "478", "apikey" "no", "strict transport security" "max age=31536000" }, "reason" "ok", "json body" { "resultsperpage" 1, "startindex" 0, "totalresults" 1012107, "format" "nvd cpe", "version" "2 0", "timestamp" "2023 01 19t20 03 52 250", "products" \[] } } ] get cves retrieve information on a single cve or a collection of cve endpoint url https //services nvd nist gov/rest/json/cves/2 0/ method get input argument name type required description resultsperpage number optional result of the operation cpename string optional name of the resource cveid string optional unique identifier cvssv2metrics string optional parameter for get cves cvssv2severity string optional parameter for get cves cvssv3metrics string optional parameter for get cves cvssv3severity string optional parameter for get cves cweid string optional unique identifier keywordsearch string optional parameter for get cves keywordexactmatch string optional parameter for get cves lastmodstartdate string optional date value lastmodenddate string optional date value pubstartdate string optional date value pubenddate string optional date value startindex number optional parameter for get cves sourceidentifier string optional unique identifier versionend string optional parameter for get cves versionendtype string optional type of the resource versionstart string optional parameter for get cves versionstarttype string optional type of the resource virtualmatchstring string optional parameter for get cves hascertalerts string optional parameter for get cves hascertnotes string optional parameter for get cves haskev string optional parameter for get cves hasoval string optional parameter for get cves output parameter type description status code number http status code of the response reason string response reason phrase resultsperpage number result of the operation startindex number output field startindex totalresults number result of the operation format string output field format version string output field version timestamp string output field timestamp vulnerabilities array output field vulnerabilities cve object output field cve id string unique identifier sourceidentifier string unique identifier published string output field published lastmodified string output field lastmodified vulnstatus string status value descriptions array output field descriptions lang string output field lang value string value for the parameter metrics object output field metrics cvssmetricv2 array output field cvssmetricv2 source string output field source type string type of the resource cvssdata object response data baseseverity string output field baseseverity exploitabilityscore number score value example \[ { "status code" 200, "response headers" { "content type" "application/json", "content encoding" "gzip", "vary" "accept encoding", "x frame options" "sameorigin", "access control allow origin" " ", "access control allow headers" "accept, apikey, content type, origin, x requested with", "access control allow methods" "get, head, options", "access control allow credentials" "false", "date" "thu, 19 jan 2023 18 36 01 gmt", "content length" "1422", "apikey" "no", "strict transport security" "max age=31536000" }, "reason" "ok", "json body" { "resultsperpage" 2, "startindex" 0, "totalresults" 205294, "format" "nvd cve", "version" "2 0", "timestamp" "2023 01 19t18 36 01 410", "vulnerabilities" \[] } } ] response headers header description example access control allow credentials http response header access control allow credentials false access control allow headers http response header access control allow headers accept, apikey, content type, origin, x requested with access control allow methods http response header access control allow methods get, head, options access control allow origin http response header access control allow origin apikey http response header apikey no content encoding http response header content encoding gzip content length the length of the response body in bytes 478 content type the media type of the resource application/json date the date and time at which the message was originated thu, 19 jan 2023 18 36 01 gmt strict transport security http response header strict transport security max age=31536000 vary http response header vary accept encoding x frame options http response header x frame options sameorigin notes the public rate limit (without an api key) is 5 requests in a rolling 30 second window; the rate limit with an api key is 50 requests in a rolling 30 second window