National Vulnerability Database
The US government's CVE vulnerability database
NIST's National Vulnerability Database offers the canonical REST feed for CVE records, complete with descriptions, CVSS scores, and references. Look up a single CVE by ID or page through the whole corpus. Keyless access is capped at five requests per 30 seconds; a free key lifts that ceiling.
We probe a documented GET and expect 2xx JSON — full uptime and health score. Open provider docs ↗
On our probe schedule. Uptime charts appear after the first check lands.
GET https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-1010218
{
"resultsPerPage": 1,
"startIndex": 0,
"totalResults": 1,
"format": "NVD_CVE",
"version": "2.0",
"vulnerabilities": [
{
"cve": {
"id": "CVE-2019-1010218",
"sourceIdentifier": "josh@bress.net",
"published": "2019-07-22T18:15:10.917",
"vulnStatus": "Modified"
}
}
]
}curl "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-1010218"const res = await fetch("https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-1010218");
const data = await res.json();
console.log(data);import requests
res = requests.get("https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-1010218")
print(res.json())/cves/2.0?cveId=CVE-2019-1010218PROBEDThe US government's CVE vulnerability database
/cvesCves — documented GET route.
/cves/1Cves details by ID (example: 1).
/cves?limit=10Cves — documented GET route.
/cves/search?q=testSearch by query parameters.
/cves/2.0?limit=52 0 — documented GET route.
We probe a documented GET and expect 2xx JSON — full uptime and health score. Export includes every documented route below.
Not tracked yet. Shape-change history starts once this API joins our probe schedule.
National Vulnerability Database: common questions
Is National Vulnerability Database free to use?
Yes — National Vulnerability Database is a free security API. Free tier: Free — no key required (free key raises limits). Commercial use is allowed on the free tier.
Does National Vulnerability Database need an API key?
No — National Vulnerability Database needs no API key or signup. You can call it straight away; rate limits still apply (5 requests per rolling 30 seconds without an API key (50 with a free key)).
Can I call National Vulnerability Database from the browser?
Yes — National Vulnerability Database returns CORS headers over HTTPS, so front-end code can fetch it directly with no backend proxy. Use the fetch snippet on this page, or hit "Run live" to try it now.
Is National Vulnerability Database up right now?
National Vulnerability Database is catalogued but not yet on our probe schedule, so we don't publish a live status for it. Check the provider's own status page or docs for its current state.