CVEDB vs National Vulnerability Database

Same instrument, two spec sheets — measured, not claimed.

Uptime · 30d
Uptime · 90d—%—%
Uptime · 30d—%—%
P50 · ms
P95 · ms
Authnonenone
CORSnoyes
HTTPSyesyes
Card requirednono
Commercial useunclearyes
Data licenseUnverifiedPublic domain (U.S. Government work)
Free tierFree — limits not publishedFree — no key required (free key raises limits)
Rate limitUnpublished5 requests per rolling 30 seconds without an API key (50 with a free key)
In directory since2026-07-052026-07-05
operationalpartialdownno data

CVEDB vs National Vulnerability Database: common questions

Which is more reliable, CVEDB or National Vulnerability Database?

Only National Vulnerability Database is on our probe schedule so far (—% uptime over 90 days). The other is catalogued but not yet live-checked, so we can't compare measured reliability head-to-head — check the uncovered API's own status page for now.

Do CVEDB and National Vulnerability Database need an API key?

Neither needs a paid key — CVEDB is callable with no signup, and National Vulnerability Database is callable with no signup. Both are quick to prototype with; rate limits still apply.

Can I call CVEDB and National Vulnerability Database from the browser?

Only National Vulnerability Database is browser-friendly — it returns CORS headers over HTTPS. CVEDB needs a server-side call or proxy, so factor that into which one fits a front-end project.

Are CVEDB and National Vulnerability Database free for commercial use?

CVEDB has unclear commercial terms, and National Vulnerability Database allows commercial use on its free tier. We track service terms and the data license as separate fields — see the Commercial use and Data license rows above, and confirm both before shipping either in a paid product.