A mirror of CVE json provided by NVD's API 2.0.
Maintained using nvd-api-client.
For git blame history before the 2024-12-17 nested JSON reformat, run git-blame with --ignore-rev 659116f2321 or configure blame.ignoreRevsFile:
git config blame.ignoreRevsFile .git-blame-ignore-revs
(See Rob Allen's Ignoring mass reformatting commits with git blame)
The CVE Program's cvelistV5 is the upstream source of truth for all CVE data. CNAs send data directly to the CVE Program. NVD's data is based on the CVE List, but may contain additional information such as NVD severity scoring or CWEs. NVD also fixes errors in the CVE List data set.
The CVE Program's CVE Numbering Authority (CNA) Rules which govern what constitutes a CVE and more.
cvelint for validating CVE List data.
cvelib for CNAs to operate the CVE Services API.
@jgamblin's blog, cve.icu, and monthyCVEStats for CVE publication trends.
nvdcve which is a mirror of merged NVD and CVE List data.