NVD · Schema
NVD CVE Record
A CVE (Common Vulnerabilities and Exposures) record from the NIST National Vulnerability Database
SecurityCVECPEVulnerabilityCVSS
Properties
| Name | Type | Description |
|---|---|---|
| id | string | CVE identifier |
| sourceIdentifier | string | CNA (CVE Numbering Authority) that assigned the CVE |
| published | string | Date the CVE was published in NVD |
| lastModified | string | |
| vulnStatus | string | |
| descriptions | array | |
| metrics | object | |
| weaknesses | array | |
| configurations | array | |
| references | array | |
| cisaExploitAdd | stringnull | Date added to CISA Known Exploited Vulnerabilities catalog |
| cisaActionDue | stringnull | |
| cisaRequiredAction | stringnull | |
| cisaVulnerabilityName | stringnull |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://raw.githubusercontent.com/api-evangelist/nvd/refs/heads/main/json-schema/nvd-cve-schema.json",
"title": "NVD CVE Record",
"description": "A CVE (Common Vulnerabilities and Exposures) record from the NIST National Vulnerability Database",
"type": "object",
"required": ["id", "published", "lastModified", "vulnStatus"],
"properties": {
"id": {
"type": "string",
"description": "CVE identifier",
"pattern": "^CVE-[0-9]{4}-[0-9]{4,}$"
},
"sourceIdentifier": {
"type": "string",
"description": "CNA (CVE Numbering Authority) that assigned the CVE"
},
"published": {
"type": "string",
"format": "date-time",
"description": "Date the CVE was published in NVD"
},
"lastModified": {
"type": "string",
"format": "date-time"
},
"vulnStatus": {
"type": "string",
"enum": ["Analyzed", "Awaiting Analysis", "Undergoing Analysis", "Modified", "Deferred", "Rejected", "Received"]
},
"descriptions": {
"type": "array",
"items": {
"type": "object",
"required": ["lang", "value"],
"properties": {
"lang": { "type": "string", "description": "ISO 639-1 language code" },
"value": { "type": "string", "description": "CVE description text" }
}
}
},
"metrics": {
"type": "object",
"properties": {
"cvssMetricV31": {
"type": "array",
"items": { "$ref": "#/$defs/CVSSMetricV3" }
},
"cvssMetricV30": {
"type": "array",
"items": { "$ref": "#/$defs/CVSSMetricV3" }
},
"cvssMetricV2": {
"type": "array",
"items": { "$ref": "#/$defs/CVSSMetricV2" }
}
}
},
"weaknesses": {
"type": "array",
"items": {
"type": "object",
"properties": {
"source": { "type": "string" },
"type": { "type": "string" },
"description": {
"type": "array",
"items": {
"type": "object",
"properties": {
"lang": { "type": "string" },
"value": { "type": "string", "description": "CWE ID (e.g., CWE-79)" }
}
}
}
}
}
},
"configurations": {
"type": "array",
"items": {
"type": "object",
"properties": {
"nodes": {
"type": "array",
"items": { "$ref": "#/$defs/ConfigNode" }
}
}
}
},
"references": {
"type": "array",
"items": {
"type": "object",
"properties": {
"url": { "type": "string", "format": "uri" },
"source": { "type": "string" },
"tags": {
"type": "array",
"items": { "type": "string" }
}
}
}
},
"cisaExploitAdd": {
"type": ["string", "null"],
"format": "date",
"description": "Date added to CISA Known Exploited Vulnerabilities catalog"
},
"cisaActionDue": {
"type": ["string", "null"],
"format": "date"
},
"cisaRequiredAction": {
"type": ["string", "null"]
},
"cisaVulnerabilityName": {
"type": ["string", "null"]
}
},
"$defs": {
"CVSSMetricV3": {
"type": "object",
"properties": {
"source": { "type": "string" },
"type": { "type": "string", "enum": ["Primary", "Secondary"] },
"cvssData": {
"type": "object",
"required": ["version", "vectorString", "baseScore", "baseSeverity"],
"properties": {
"version": { "type": "string", "enum": ["3.0", "3.1"] },
"vectorString": { "type": "string" },
"attackVector": { "type": "string", "enum": ["NETWORK", "ADJACENT_NETWORK", "LOCAL", "PHYSICAL"] },
"attackComplexity": { "type": "string", "enum": ["LOW", "HIGH"] },
"privilegesRequired": { "type": "string", "enum": ["NONE", "LOW", "HIGH"] },
"userInteraction": { "type": "string", "enum": ["NONE", "REQUIRED"] },
"scope": { "type": "string", "enum": ["UNCHANGED", "CHANGED"] },
"confidentialityImpact": { "type": "string", "enum": ["NONE", "LOW", "HIGH"] },
"integrityImpact": { "type": "string", "enum": ["NONE", "LOW", "HIGH"] },
"availabilityImpact": { "type": "string", "enum": ["NONE", "LOW", "HIGH"] },
"baseScore": { "type": "number", "minimum": 0, "maximum": 10 },
"baseSeverity": { "type": "string", "enum": ["NONE", "LOW", "MEDIUM", "HIGH", "CRITICAL"] }
}
},
"exploitabilityScore": { "type": "number", "minimum": 0, "maximum": 10 },
"impactScore": { "type": "number", "minimum": 0, "maximum": 10 }
}
},
"CVSSMetricV2": {
"type": "object",
"properties": {
"source": { "type": "string" },
"type": { "type": "string", "enum": ["Primary", "Secondary"] },
"cvssData": {
"type": "object",
"properties": {
"version": { "type": "string", "enum": ["2.0"] },
"vectorString": { "type": "string" },
"baseScore": { "type": "number", "minimum": 0, "maximum": 10 }
}
},
"baseSeverity": { "type": "string", "enum": ["LOW", "MEDIUM", "HIGH"] }
}
},
"ConfigNode": {
"type": "object",
"properties": {
"operator": { "type": "string", "enum": ["AND", "OR"] },
"negate": { "type": "boolean" },
"cpeMatch": {
"type": "array",
"items": {
"type": "object",
"properties": {
"vulnerable": { "type": "boolean" },
"criteria": { "type": "string", "description": "CPE 2.3 name string" },
"matchCriteriaId": { "type": "string", "format": "uuid" },
"versionStartIncluding": { "type": "string" },
"versionStartExcluding": { "type": "string" },
"versionEndIncluding": { "type": "string" },
"versionEndExcluding": { "type": "string" }
}
}
}
}
}
}
}