All vulnerabilities in the NVD have been assigned a CVE identifier and thus, abide by the definition below.
CVE defines a vulnerability as:
"A weakness in the computational logic (e.g., code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, or availability. Mitigation of the vulnerabilities in this context typically involves coding changes, but could also include specification changes or even specification deprecations (e.g., removal of affected protocols or functionality in their entirety)."
The Common Vulnerabilities and Exposures (CVE) Program’s primary purpose is to uniquely identify vulnerabilities and to associate specific versions of code bases (e.g., software and shared libraries) to those vulnerabilities. The use of CVEs ensures that two or more parties can confidently refer to a CVE identifier (ID) when discussing or sharing information about a unique vulnerability. For detailed information regarding CVE pleaserefer to https://cve.org/ or the CNA Rules at https://www.cve.org/ResourcesSupport/AllResources/CNARules.
Created September 20, 2022 , Updated August 3, 2023
FAQs
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance.
What is the difference between NVD and CVE? ›
CVE – Common Vulnerabilities and Exposures (CVE) is a list of publicly disclosed vulnerabilities and exposures that is maintained by MITRE. NVD – The National Vulnerability Database (NVD) is a database, maintained by NIST, that is fully synchronized with the MITRE CVE list.
What does the NVD stand for? ›
The National Vulnerability Database (NVD) is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance.
What is the full form of NVD in NIST? ›
April 25, 2024: NIST maintains the National Vulnerability Database (NVD), a repository of information on software and hardware flaws that can compromise computer security.
Who owns the National Vulnerability Database? ›
The NVD is a product of the NIST Computer Security Division, Information Technology Laboratory.
What are two known databases to check for vulnerabilities in components being used? ›
Popular Vulnerability Databases
- NVD (National Vulnerability Database) The NVD was established in 2005 by the US government. ...
- OSVDB (Open Source Vulnerability Database)
When would you use the NVD? ›
For security professionals, the NVD offers an invaluable source of actionable data to identify and mitigate cyber threats. The NVD catalogs vulnerabilities based on the Common Vulnerabilities and Exposures (CVE) naming standard.
What is CVE, CWE, and NVD? ›
NVD integrates CWE into the scoring of Common Vulnerabilities and Exposures (CVE®) entries, upon which NVD is built, by providing a cross section of the overall CWE structure. NVD analysts score CVEs using CWEs from different levels of the hierarchical structure.
What is NVD in technology? ›
Abbreviations / Acronyms / Synonyms:
National Vulnerability Database show sources.
What is NVD slang for? ›
Share button. abbreviation for nausea, vomiting, and diarrhea.
Cyber Warfare
The vulnerability database is the result of an effort to collect information about all known security flaws in software.
What is a CVE in cyber security? ›
CVE stands for Common Vulnerabilities and Exposures. CVE is a glossary that classifies vulnerabilities. The glossary analyzes vulnerabilities and then uses the Common Vulnerability Scoring System (CVSS) to evaluate the threat level of a vulnerability.
How does the Mitre CVE compare with the NIST NVD? ›
MITRE is unable to compile a list of all new vulnerabilities, and NIST is unable to subsequently, and consequently, provide an enriched database of all vulnerabilities.
What is a vulnerability NIST? ›
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. Sources: FIPS 200 under VULNERABILITY from CNSSI 4009 - Adapted.
How often are changes made to the CVE list updated in the NVD? ›
The NVD processes the CVE List every hour to ingest new CVE publications, rejections, or modifications. The NVD only contains CVEs that have been published to the Official CVE List.
What are the two main databases used for storing vulnerability information? ›
Major vulnerability databases such as the ISS X-Force database, Symantec / SecurityFocus BID database, and the Open Source Vulnerability Database (OSVDB) aggregate a broad range of publicly disclosed vulnerabilities, including Common Vulnerabilities and Exposures (CVE).
What is Neo4j vulnerability? ›
A path traversal vulnerability found in the apoc. export. * procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the expected directory. The vulnerability is such that files could only be created but not overwritten.
What is CVSS database? ›
The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat.