Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo
Bookmark and Share

National Vulnerability Database (NVD)


For more information regarding the National Vulnerability Database (NVD), please visit the Computer Security Division's NVD website.

The National Vulnerability Database (NVD) is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes security checklists, security related software flaws, misconfigurations, product names, and impact metrics.


The National Vulnerability Database (NVD) is a product of the National Institute of Standards and Technology (NIST) Computer Security Division and is sponsored by the Department of Homeland Security’s (DHS) National Cyber Security Division. NVD is a comprehensive cyber security vulnerability database that integrates publicly available U.S. government vulnerability resources and provides references to industry resources. NVD provides access to this information via a fine-grained web search capability, and through XML, RSS and web service feeds. The NVD statistics engine provides reporting capabilities that allow the tracking of vulnerability trends over time. This trending service allows users to assess changes in vulnerability discovery rates within specific products or within specific types of vulnerabilities. NVD data is represented using the Security Content Automation Protocol (SCAP) specifications. NVD is based upon the Common Vulnerabilities and Exposures (CVE) standard vulnerability dictionary and provides Common Vulnerability Scoring System (CVSS) scores for all CVE vulnerabilities as well as expresses the applicability of these vulnerabilities using the Common Platform Enumeration (CPE). The NVD database integrates Open Vulnerability Assessment Language (OVAL) definitions and plans to include platform configuration using the Common Configuration Enumeration (CCE).

End Date:


Lead Organizational Unit:



Harold Booth


Related Programs and Projects:

National Checklist Program Repository:

The Security Content Automation Protocol (SCAP):



Harold Booth
(301) 975-8441

100 Bureau Drive
M/S 8930
Gaithersburg, MD 20899-8930