Exploit And Vulnerability Intelligence

NVD Migration

VulnCheck makes it easy to migrate from the NIST NVD to VulnCheck Exploit & Vulnerability Intelligence.

VulnCheck Exploit & Vulnerability Intelligence service provides vulnerability enrichment such as CVSS temporal/threat scores, vulnerability categorization data, and embeds rich exploit intelligence to go well above and beyond what the NIST National Vulnerability Database (NVD) provides.

VulnCheck Exploit & Vulnerability Intelligence is an autonomous system that tracks hundreds of vendor and government advisories, and then marries that data with best-in-class exploit intelligence from VulnCheck.

NVD Migration

VulnCheck Exploit & Vulnerability Intelligence makes it easy to migrate from using the NIST NVD to using VulnCheck as your primary source of vulnerability information.

To start, if you already consume the NIST NVD, from NIST, then you're likely aware of the challenges. NIST NVD 1.0 previously had offline backups that were quite popular, but NIST deprecated the NVD 1.0 offline backups in favor of the NVD 1.0 API, which suffered from frequent API timeout issues and dropped requests. Then NIST abruptly stopped supporting NIST NVD 1.0, which everyone had integrated with, and forced everyone to move to NIST NVD 2.0's API.

Unfortunately, the NIST NVD 2.0 API suffered from the same challenges of frequent API timeout issues and dropped requests. At VulnCheck, with our Community tier, we offer NVD 1.0 and NVD 2.0 with a stable and reliable API, as well as offline backups. NVD 1.0 is also supported, mitigating the damage of NIST's end of life of the NVD 1.0 offline backup and the NVD 1.0 API.

If you're a licensed paid subscriber of VulnCheck Exploit & Vulnerability Intelligence, it's easy to begin using NVD 1.0, NVD 2.0, NVD 1.0 with VulnCheck extensions, or NVD 2.0 with VulnCheck extensions.

At this time, VulnCheck would recommend new customers start with NVD 2.0 with VulnCheck extensions. To download this offline backup, simply call:

curl --request GET \
    --url https://api.vulncheck.com/v3/backup/vulncheck-nvd2 \
    --header 'Accept: application/json' \
    --header 'Authorization: Bearer insert_token_here'

Versions of NVD Available to Licensed Subscribers

VulnCheck Exploit & Vulnerability Intelligence includes four (4) versions of NVD. These include:

IndexSourceDescription
vulncheck-nvd2VulnCheckNVD 2.0 with VulnCheck extensions (more fields and earlier data)
vulncheck-nvdVulnCheckNVD 1.0 with VulnCheck extensions (more fields and earlier data)
nist-nvd2NISTNVD 2.0 with an SLA
nist-nvdNISTNVD 1.0 with an SLA generated from NVD 2.0; unlike NIST, supported indefinitely

Versions of NVD Available to Community Users

VulnCheck Community includes two (2) versions of NVD. These include:

IndexSourceDescription
nist-nvd2NISTNVD 2.0 with auto-generated CPEs for much of the NIST backlog
nist-nvdNISTNVD 1.0 generated from NVD 2.0; unlike NIST, supported indefinitely; also includes auto-generated CPEs for much of the NIST backlog

Early Access to CVEs

VulnCheck Exploit & Vulnerability Intelligence includes early access to CVEs not yet published in the NIST National Vulnerability Database (NVD).

Package Manager Support

VulnCheck Exploit & Vulnerability Intelligence supports a wide range of both Open Source Software library package managers and Operating System package managers.