Mission and Overview

NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).

Resource Status

NVD contains:

CVE Vulnerabilities

49509

Checklists

232

US-CERT Alerts

221

US-CERT Vuln Notes

2572

OVAL Queries

7690

CPE Names

39217

Last updated: Mon Feb 13 16:37:54 EST 2012

CVE Publication rate: 12.3

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index

Vulnerability Workload Index: 5.14

About Us

NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

CVE and CCE Vulnerability Database Advanced Search (Basic Search)

Vulnerability Criteria

Software Flaws (CVE)

Misconfigurations (CCE), under development

CVE Identifier:

Keyword (text search):

Category (CWE): Any............ Authentication Issues Buffer Errors Code Injection Configuration Credentials Management Cross-Site Request Forgery (CSRF) Cross-Site Scripting (XSS) Cryptographic Issues Design Error Format String Vulnerability Information Leak / Disclosure Input Validation Insufficient Information Link Following Not in CWE Numeric Errors OS Command Injections Other Path Traversal Permissions, Privileges, and Access Control Race Conditions Resource Management Errors SQL Injection

CPE Name

Reset

Vendor:

Vendor:

Vendor: A..B     C..E     F..H     I..K     L..N     O..Q     R..T     U..W     X..Z

Product:

Product:

Product: A..B     C..E     F..H     I..K     L..N     O..Q     R..T     U..W     X..Z

Version:

NOTE: NVD may not contain all vulnerable version numbers. Using this option may cause one to overlook vulnerabilities.

Version:

Published Date Range

Start Date: Any Month January February March April May June July August September October November December Any Year 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012

End Date: Any Month January February March April May June July August September October November December Any Year 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012

Last Modified Date Range

Start Date: Any Month January February March April May June July August September October November December Any Year 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012

End Date: Any Month January February March April May June July August September October November December Any Year 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012

CVSS Version 2 Metrics

Severity (Base Score Range): Any............ Low (0-3) Medium (4-6) High and Medium (4-10) High (7-10)

Access Vector: Any............ Network Adjacent Network (Local Network) Local Access Only

Access Complexity: Any............ Low Medium High Insufficient Information

Authentication: Any............ None Single Multiple

Confidentiality: Any............ None Partial Complete

Integrity: Any............ None Partial Complete

Availability: Any............ None Partial Complete

Hyperlinks

US-CERT Technical Alerts

US-CERT Vulnerability Notes

OVAL Queries