National Vulnerability Database

The US government's CVE vulnerability database

🔐 SecurityUNMONITORED
AUTH NONECORS AGENT ?HTTPS COMMERCIAL

NIST's National Vulnerability Database offers the canonical REST feed for CVE records, complete with descriptions, CVSS scores, and references. Look up a single CVE by ID or page through the whole corpus. Keyless access is capped at five requests per 30 seconds; a free key lifts that ceiling.

HOW IT'S SCORED ⓘ
Status badge · for your READMEshipapis health badge: — · unmonitored
ON PROBE SCHEDULE

We probe a documented GET and expect 2xx JSON — full uptime and health score. Open provider docs ↗

Uptime historystarts after first probe

On our probe schedule. Uptime charts appear after the first check lands.

Example responsefrom provider docs — not verified by us
GET https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-1010218

{
  "resultsPerPage": 1,
  "startIndex": 0,
  "totalResults": 1,
  "format": "NVD_CVE",
  "version": "2.0",
  "vulnerabilities": [
    {
      "cve": {
        "id": "CVE-2019-1010218",
        "sourceIdentifier": "josh@bress.net",
        "published": "2019-07-22T18:15:10.917",
        "vulnStatus": "Modified"
      }
    }
  ]
}
Call itcurl · fetch · python
curl "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-1010218"
const res = await fetch("https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-1010218");
const data = await res.json();
console.log(data);
import requests

res = requests.get("https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-1010218")
print(res.json())
Endpoints · 6On scheduleFULL DOCS ↗
On schedule — GET /cves/2.0?cveId=CVE-2019-1010218 awaits first probe
GET/cves/2.0?cveId=CVE-2019-1010218PROBED

The US government's CVE vulnerability database

GET/cves

Cves — documented GET route.

GET/cves/1

Cves details by ID (example: 1).

GET/cves?limit=10

Cves — documented GET route.

GET/cves/search?q=test

Search by query parameters.

GET/cves/2.0?limit=5

2 0 — documented GET route.

Machine-readable spec

We probe a documented GET and expect 2xx JSON — full uptime and health score. Export includes every documented route below.

Response-shape history

Not tracked yet. Shape-change history starts once this API joins our probe schedule.

National Vulnerability Database: common questions

Is National Vulnerability Database free to use?

Yes — National Vulnerability Database is a free security API. Free tier: Free — no key required (free key raises limits). Commercial use is allowed on the free tier.

Does National Vulnerability Database need an API key?

No — National Vulnerability Database needs no API key or signup. You can call it straight away; rate limits still apply (5 requests per rolling 30 seconds without an API key (50 with a free key)).

Can I call National Vulnerability Database from the browser?

Yes — National Vulnerability Database returns CORS headers over HTTPS, so front-end code can fetch it directly with no backend proxy. Use the fetch snippet on this page, or hit "Run live" to try it now.

Is National Vulnerability Database up right now?

National Vulnerability Database is catalogued but not yet on our probe schedule, so we don't publish a live status for it. Check the provider's own status page or docs for its current state.