U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. GeneralNEWS

Removal of restrictions within the /cves/ 2.0 API schema

To enable more flexibility within our API output we need to remove certain restrictions from the existing 2.0 API schemas.

Why does this matter?
All existing API users will need to update to the 2.1.0 /cves/ schema or later.
Many systems reference a cached or local version of a schema when performing validation. Since the /cves/ schema prior to 2.1.0 is overly restrictive, any system that references an older version of the schema that contains additionalProperties: false in the locations changed may no longer validate against future 2.0 API output.
We plan to begin including new data types within the 2.0 API output in the near future. We advise updating any schema references within the next 30 days.

What changes were made?

JSON Object Change
"reference": Removed additionalProperties: false
"cve_item": Removed additionalProperties: false
"metrics": Removed additionalProperties: false

For questions and concerns, you may contact nvd@nist.gov.

Created April 9, 2024 , Updated April 9, 2024