U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerabilities

This documentation assumes that you already understand at least one common programming language and are generally familiar with JSON RESTful services. JSON specifies the format of the data returned by the REST service. REST refers to a style of services that allow computers to communicate via HTTP over the Internet. Click here for a list of best practices and additional information on where to start. The NVD is also documenting popular workflows to assist developers working with the APIs.

CVE API

The CVE API is used to easily retrieve information on a single CVE or a collection of CVE from the NVD. The NVD contains 268,929 CVE records. Because of this, its APIs enforce offset-based pagination to answer requests for large collections. Through a series of smaller “chunked” responses controlled by an offset startIndex and a page limit resultsPerPage users may page through all the CVE in the NVD.

The URL stem for retrieving CVE information is shown below.

Base URL
https://services.nvd.nist.gov/rest/json/cves/2.0

Parameters

Response

CVE Change History API

The CVE Change History API is used to easily retrieve information on changes made to a single CVE or a collection of CVE from the NVD. This API provides additional transparency to the work of the NVD, allowing users to easily monitor when and why vulnerabilities change.

The NVD has existed in some form since 1999 and the fidelity of this information has changed several times over the decades. Earlier records may not contain the level of detail available with more recent CVE records. This is most apparent on CVE records prior to 2015.

The URL stem for retrieving CVE information is shown below.

Base URL
https://services.nvd.nist.gov/rest/json/cvehistory/2.0

Parameters

Response

Created September 20, 2022 , Updated June 27, 2024