NVD - Data Feeds (original) (raw)

Vulnerabilities

APIs and Data Feed Types

The following table contains links and short descriptions for each API or data feed the NVD offers. Please read how to keep up-to-date with NVD data when using the traditional data feeds.

Users of the data feeds provided on this page must have an understanding of the XML and/or JSON standards and XML or JSON related technologies as defined by www.w3.org.

Type	Description
CVE and CPE APIs	An alternative to the traditional vulnerability data feed files. The APIs are far more flexible and offer a richer dataset in a single interface compared to the JSON Vulnerability Feeds and CPE Match Feed.
2.0 JSON Feeds	A series of traditional data feed files that reflect the schema format of the 2.0 APIs. Vulnerability Feeds (/cves/) CPE Dictionary Feeds (/cpes/) CPE Match Feeds (/cpematch/)
Vulnerability Translation Feeds	Translations of vulnerability feeds.
Vulnerability Vendor Comments	Comments provided by vendors regarding a particular flaw affecting within a product.
Common Configuration Enumeration (CCE) Reference Data	Reference data for common configuration items.

CVE and CPE APIs

The 2.0 APIs are the preferred method for staying up to date with the NVD. Users interested in learning where to begin with the API should visitthe NVD developers pages.

Benefits of the APIs over the traditional data feeds include:

The APIs are updated as frequently as our website (unlike the traditional feeds which have explicit update intervals)
The APIs provide search capabilities based on the Advanced search feature of the website
The APIs provide CVE and CPE based searching capabilities, including the ability to search for single CVE and CPE entries
The ability to view only the information that has changed since a given date or time
Simplified methods of identifying CPE matches to Applicability statements

CVE API Documentation	CPE API Documentation
Automation Support for CVE Retrieval	Automation Support for CPE Retrieval

How to Keep Up-to-Date with the NVD Data Using the Traditional Feeds

The vulnerability feeds provide CVE® data organized by the first four digits of a CVE® identifier (except for the 2002 feeds which include vulnerabilities prior to and including "CVE-2002-"). If you are locally mirroring NVD data, either the APIs or the data feeds may be used to stay synchronized. After performing a one-time import of the complete data set using the compressed JSON vulnerability feeds, the "modified" feeds should be used to keep up-to-date.

Each feed is updated nightly, but only if the content of that feed has changed. For example, the 2004 feeds will be updated only if there is an addition or modification to any vulnerability with a starting CVE® identifier of "CVE-2004-". The "recent" feeds are a list of recently published vulnerabilities and the "modified" feeds are a list of recently published and modified vulnerabilities. The "recent" and "modified" feeds only contain vulnerabilities changed within the previous eight days. These feeds are updated approximately every two hours.

JSON 2.0 Feeds

These data feeds include updated NVD data in the new 2.0 JSON format. The "year" feeds are updated once per day, while the "recent" and "modified" feeds are updated every two hours.

Schema Version 2.0 : NVD JSON 2.0 Schema
Feed	Updated	Download	Size (MB)
CVE-Modified	06/17/2026; 2:02:34 PM -0400	META
GZ	201.35 MB
ZIP	201.35 MB
CVE-Recent	06/17/2026; 2:00:01 PM -0400	META
GZ	0.80 MB
ZIP	0.80 MB
CVE-2026	06/17/2026; 9:07:06 AM -0400	META
GZ	12.62 MB
ZIP	12.62 MB
CVE-2025	06/17/2026; 9:07:28 AM -0400	META
GZ	22.21 MB
ZIP	22.21 MB
CVE-2024	06/17/2026; 9:07:58 AM -0400	META
GZ	23.65 MB
ZIP	23.65 MB
CVE-2023	06/17/2026; 9:08:28 AM -0400	META
GZ	19.18 MB
ZIP	19.18 MB
CVE-2022	06/17/2026; 9:08:52 AM -0400	META
GZ	17.45 MB
ZIP	17.45 MB
CVE-2021	06/17/2026; 9:09:13 AM -0400	META
GZ	16.05 MB
ZIP	16.05 MB
CVE-2020	06/17/2026; 9:09:32 AM -0400	META
GZ	13.31 MB
ZIP	13.31 MB
CVE-2019	06/17/2026; 9:09:48 AM -0400	META
GZ	9.69 MB
ZIP	9.69 MB
CVE-2018	06/17/2026; 9:10:01 AM -0400	META
GZ	7.87 MB
ZIP	7.87 MB
CVE-2017	06/17/2026; 9:10:13 AM -0400	META
GZ	7.34 MB
ZIP	7.34 MB
CVE-2016	06/17/2026; 9:10:22 AM -0400	META
GZ	4.92 MB
ZIP	4.92 MB
CVE-2015	06/17/2026; 9:10:29 AM -0400	META
GZ	4.00 MB
ZIP	4.00 MB
CVE-2014	06/17/2026; 9:10:35 AM -0400	META
GZ	4.34 MB
ZIP	4.34 MB
CVE-2013	06/17/2026; 9:10:41 AM -0400	META
GZ	5.53 MB
ZIP	5.53 MB
CVE-2012	06/17/2026; 9:10:47 AM -0400	META
GZ	4.64 MB
ZIP	4.64 MB
CVE-2011	06/17/2026; 9:10:52 AM -0400	META
GZ	4.08 MB
ZIP	4.08 MB
CVE-2010	06/17/2026; 9:10:57 AM -0400	META
GZ	4.16 MB
ZIP	4.16 MB
CVE-2009	06/17/2026; 9:11:02 AM -0400	META
GZ	4.32 MB
ZIP	4.32 MB
CVE-2008	06/17/2026; 9:11:07 AM -0400	META
GZ	3.99 MB
ZIP	3.99 MB
CVE-2007	06/17/2026; 9:11:12 AM -0400	META
GZ	3.44 MB
ZIP	3.44 MB
CVE-2006	06/17/2026; 9:11:17 AM -0400	META
GZ	3.34 MB
ZIP	3.34 MB
CVE-2005	06/17/2026; 9:11:21 AM -0400	META
GZ	2.07 MB
ZIP	2.07 MB
CVE-2004	06/17/2026; 9:11:23 AM -0400	META
GZ	1.42 MB
ZIP	1.42 MB
CVE-2003	06/17/2026; 9:11:25 AM -0400	META
GZ	0.70 MB
ZIP	0.70 MB
CVE-2002	06/17/2026; 9:11:27 AM -0400	META
GZ	2.08 MB
ZIP	2.08 MB

NVD/CVE Translated XML Feed (version 1.0)

NVD provides an XML feed for translations of CVE vulnerabilities into other languages.

Currently, INCIBE (Spanish National Cybersecurity Institute) is translating vulnerabilities into Spanish. INCIBE is solely responsible for the Spanish translation content.

Schema Version 1 : NVD/CVE Translation XML Schema
Feed	Updated	Download	Size (MB)
CVE-Modified	04/16/2026; 12:40:00 AM -0400	META
GZ	< 0.01 MB
ZIP	< 0.01 MB
CVE-2026	06/17/2026; 9:24:06 AM -0400	META
GZ	1.50 MB
ZIP	1.50 MB
CVE-2025	06/17/2026; 9:24:13 AM -0400	META
GZ	3.26 MB
ZIP	3.26 MB
CVE-2024	06/17/2026; 9:24:29 AM -0400	META
GZ	4.69 MB
ZIP	4.69 MB
CVE-2023	06/17/2026; 9:24:43 AM -0400	META
GZ	1.85 MB
ZIP	1.85 MB
CVE-2022	06/17/2026; 9:24:49 AM -0400	META
GZ	2.67 MB
ZIP	2.67 MB
CVE-2021	06/17/2026; 9:24:56 AM -0400	META
GZ	2.45 MB
ZIP	2.45 MB
CVE-2020	06/17/2026; 9:25:02 AM -0400	META
GZ	1.89 MB
ZIP	1.89 MB
CVE-2019	06/17/2026; 9:25:08 AM -0400	META
GZ	1.55 MB
ZIP	1.55 MB
CVE-2018	06/17/2026; 9:25:15 AM -0400	META
GZ	1.40 MB
ZIP	1.40 MB
CVE-2017	06/17/2026; 9:25:21 AM -0400	META
GZ	1.29 MB
ZIP	1.29 MB
CVE-2016	06/17/2026; 9:25:24 AM -0400	META
GZ	0.73 MB
ZIP	0.73 MB
CVE-2015	06/17/2026; 9:25:28 AM -0400	META
GZ	0.66 MB
ZIP	0.66 MB
CVE-2014	06/17/2026; 9:25:30 AM -0400	META
GZ	0.71 MB
ZIP	0.71 MB
CVE-2013	06/17/2026; 9:25:33 AM -0400	META
GZ	0.56 MB
ZIP	0.56 MB
CVE-2012	06/17/2026; 9:25:36 AM -0400	META
GZ	0.49 MB
ZIP	0.49 MB
CVE-2011	06/17/2026; 9:25:39 AM -0400	META
GZ	0.42 MB
ZIP	0.42 MB
CVE-2010	06/17/2026; 9:25:44 AM -0400	META
GZ	0.47 MB
ZIP	0.47 MB
CVE-2009	06/17/2026; 9:25:47 AM -0400	META
GZ	0.49 MB
ZIP	0.49 MB
CVE-2008	06/17/2026; 9:25:50 AM -0400	META
GZ	0.66 MB
ZIP	0.66 MB
CVE-2007	06/17/2026; 9:25:52 AM -0400	META
GZ	0.64 MB
ZIP	0.64 MB
CVE-2006	06/17/2026; 9:25:54 AM -0400	META
GZ	0.40 MB
ZIP	0.40 MB
CVE-2005	06/17/2026; 9:25:56 AM -0400	META
GZ	0.04 MB
ZIP	0.04 MB
CVE-2004	06/17/2026; 9:25:56 AM -0400	META
GZ	0.06 MB
ZIP	0.06 MB
CVE-2003	06/17/2026; 9:25:57 AM -0400	META
GZ	0.07 MB
ZIP	0.07 MB
CVE-2002	06/17/2026; 9:25:58 AM -0400	META
GZ	0.07 MB
ZIP	0.07 MB

Created September 20, 2022 , Updated August 20, 2025