Vulnerabilities Checklists Product Dictionary Impact Metrics Data Feeds Statistics
Home ISAP/SCAP SCAP Validated Tools SCAP Events About Contact Vendor Comments
Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status

NVD contains:

32678 CVE Vulnerabilities
161Checklists
151 US-CERT Alerts
2257 US-CERT Vuln Notes
2097OVAL Queries

Last updated:  09/15/08

CVE Publication rate:

11 vulnerabilities / day
Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 6.66
About Us

NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security’s National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).

NVD Contact Information

General questions, comments, or suggestions:
nvd@nist.gov

Incident Response Assistance and Non-NVD Related Technical Cyber Security Questions:
US-CERT Security Operations Center
Email: soc@us-cert.gov
Phone: 1-888-282-0870

Federal Desktop Core Configuration Support:
Matt Barrett, 301-975-3390
fdcc@nist.gov

National Checklist Program Manager:
Stephen Quinn, 301-975-6967
NIST, Computer Security Division, Information Technology Laboratory
checklists@nist.gov

National Vulnerability Database Program Manager:
Peter Mell, 301-975-5572
NIST, Computer Security Division, Information Technology Laboratory
nvd@nist.gov

National Vulnerability Database Operations Manager:
Chris Johnson, 301-975-5981
NIST, Computer Security Division, Information Technology Laboratory
nvd@nist.gov

ISAP Co-Leads:
Matthew Barrett, 301-975-3390
Peter Mell, 301-975-5572
Chris Johnson, 301-975-5981
Stephen Quinn, 301-975-6967
NIST, Computer Security Division, Information Technology Laboratory

NIST ITL Cyber Security Program
Tim Grance, 301-975-4242
NIST, Computer Security Division, Information Technology Laboratory

DHS Project Manager:
Annabelle Lee
DHS National Cyber Security Division (US-CERT Contact Information)

The NIST NVD/SCAP team would like to thank several organizations

06/01/2008: Thanks to netVigilance, Inc for providing detailed feedback on NVD CVSS v2 scores.

07/03/2007: Thanks to Tenable for providing detailed feedback on NVD CVSS v2 scores. Their consistent and detailed feedback has greatly improved NVD CVSS v2 scoring.

07/03/2007:: Thanks to Secure Elements for volunteering to help create the Federal Desktop Core configuration XCCDF and OVAL for Windows Vista and XP.

06/01/2007:Thanks to ThreatGuard for volunteering countless hours to help refine the Windows XP security content automation files and for providing patch content for the XP and Vista SCAP files.

03/01/2007:Thanks to Inteco (the Spanish government) for donating translations of vulnerabilities into Spanish for public use.

08/01/2006: Thanks to Red Hat for coming up with the idea for the NVD CVE vendor statement service.


Disclaimer Notice & Privacy Statement / Security Notice

Send comments or suggestions to nvd@nist.gov

NIST Computer Security Resource Center (CSRC)

NIST is an Agency of the U.S. Commerce Department

Full vulnerability listing