VulnCheck Exploit & Vulnerability Intelligence service provides vulnerability enrichment such as CVSS temporal/threat scores, vulnerability categorization data, and embeds rich exploit intelligence to go well above and beyond what the NIST National Vulnerability Database (NVD) provides.
VulnCheck Exploit & Vulnerability Intelligence is an autonomous system that tracks hundreds of vendor and government advisories, and then marries that data with best-in-class exploit intelligence from VulnCheck.
VulnCheck Exploit & Vulnerability Intelligence makes it easy to migrate from using the NIST NVD to using VulnCheck as your primary source of vulnerability information.
To start, if you already consume the NIST NVD, from NIST, then you're likely aware of the challenges. NIST NVD 1.0 previously had offline backups that were quite popular, but NIST deprecated the NVD 1.0 offline backups in favor of the NVD 1.0 API, which suffered from frequent API timeout issues and dropped requests. Then NIST abruptly stopped supporting NIST NVD 1.0, which everyone had integrated with, and forced everyone to move to NIST NVD 2.0's API.
Unfortunately, the NIST NVD 2.0 API suffered from the same challenges of frequent API timeout issues and dropped requests. At VulnCheck, with our Community tier, we offer NVD 1.0 and NVD 2.0 with a stable and reliable API, as well as offline backups. NVD 1.0 is also supported, mitigating the damage of NIST's end of life of the NVD 1.0 offline backup and the NVD 1.0 API.
If you're a licensed paid subscriber of VulnCheck Exploit & Vulnerability Intelligence, it's easy to begin using NVD 1.0, NVD 2.0, NVD 1.0 with VulnCheck extensions, or NVD 2.0 with VulnCheck extensions.
At this time, VulnCheck would recommend new customers start with NVD 2.0 with VulnCheck extensions. To download this offline backup, simply call:
curl --request GET \
--url https://api.vulncheck.com/v3/backup/vulncheck-nvd2 \
--header 'Accept: application/json' \
--header 'Authorization: Bearer insert_token_here'
package main
import (
"fmt"
"github.com/vulncheck-oss/sdk-go"
)
func main() {
client := sdk.Connect("https://api.vulncheck.com", "insert_token_here")
response, err := client.GetIndexBackup("vulncheck-nvd2")
if err != nil {
panic(err)
}
fmt.Println(response.Urls())
}
import vulncheck_sdk
configuration = vulncheck_sdk.Configuration(host="https://api.vulncheck.com/v3")
configuration.api_key["Bearer"] = "insert_token_here"
with vulncheck_sdk.ApiClient(configuration) as api_client:
endpoints_client = vulncheck_sdk.EndpointsApi(api_client)
api_response = endpoints_client.backup_index_get("vulncheck-nvd2")
print(api_response.data[0].url)
vulncheck backup download vulncheck-nvd2
VulnCheck Exploit & Vulnerability Intelligence includes four (4) versions of NVD. These include:
| Index | Source | Description |
|---|---|---|
| vulncheck-nvd2 | VulnCheck | NVD 2.0 with VulnCheck extensions (more fields and earlier data) |
| vulncheck-nvd | VulnCheck | NVD 1.0 with VulnCheck extensions (more fields and earlier data) |
| nist-nvd2 | NIST | NVD 2.0 with an SLA |
| nist-nvd | NIST | NVD 1.0 with an SLA generated from NVD 2.0; unlike NIST, supported indefinitely |
VulnCheck Community includes two (2) versions of NVD. These include:
| Index | Source | Description |
|---|---|---|
| nist-nvd2 | NIST | NVD 2.0 with auto-generated CPEs for much of the NIST backlog |
| nist-nvd | NIST | NVD 1.0 generated from NVD 2.0; unlike NIST, supported indefinitely; also includes auto-generated CPEs for much of the NIST backlog |