M
API Matrix

National Vulnerability Database API

⭐ Beginner's Pick Security / No Auth Required Beginner HTTPS
Free to Use Varies (check documentation)
87 Score
Grade A
Visit Official Site Compare Alternatives

Overview

The National Vulnerability Database (NVD) API gives you access to the U.S. government's comprehensive catalog of known cybersecurity vulnerabilities. Each entry (CVE) includes severity scores, affected software, and remediation details. It's a go-to source for building security dashboards or checking whether software you use has known flaws.

💡

Beginner Tip

Use the resultsPerPage and startIndex parameters to paginate through results — the default page size is 2,000 entries, which can be slow; start with resultsPerPage=20 while exploring.

Available Data

country name and code
population
capital city
region and subregion
flag image URL

Example Response

JSON Response 
{
  "name": "Japan",
  "capital": "Tokyo",
  "population": 125800000,
  "region": "Asia",
  "languages": [
    "Japanese"
  ],
  "flag": "https://flagcdn.com/jp.svg",
  "currencies": [
    {
      "code": "JPY",
      "name": "Japanese yen"
    }
  ]
}

Field Reference

resultsPerPage Number of CVE records returned in this response page.
startIndex Zero-based offset used for pagination.
totalResults Total number of CVEs matching your query.
vulnerabilities List of CVE objects, each containing ID, description, severity, and affected product details.
cve.id The CVE identifier (e.g., CVE-2024-12345) for the vulnerability.
cve.metrics CVSS scoring data including base score and severity level (LOW/MEDIUM/HIGH/CRITICAL).

Implementation Example 

const url = "https://nvd.nist.gov/vuln/Data-Feeds/JSON-feed-changelog";
const response = await fetch(url);
if (!response.ok) throw new Error(`Request failed: ${response.status}`);
const data = await response.json();
console.log(data);

What Can You Build?

Note: These code examples are AI-generated and unverified. Always refer to the official API documentation for accurate usage.

Common Errors & Troubleshooting

403 Forbidden or rate limit errors NVD enforces a rate limit of 5 requests per 30 seconds for unauthenticated requests.
Add a 6-second delay between requests, or register for a free API key at nvd.nist.gov to get a higher rate limit.
Very slow response times Requesting too many results at once strains the API.
Lower resultsPerPage to 20-100 and paginate through results with startIndex.
400 Bad Request on date filters Date parameters must follow ISO 8601 format with timezone offset.
Use the format pubStartDate=2024-01-01T00:00:00.000+00:00 for date range queries.

Matrix Score Breakdown

🌐 Reachability 30/30
⚡ Speed 15/20
🔒 Security 15/15
🛠 Developer XP 20/20
✓ Reliability 7/15
Response Time 286ms

Fully tested on Apr 5, 2026

Technical Specifications

Auth No Auth
HTTPS REQUIRED
CORS UNKNOWN
Category Security
Difficulty Beginner
Verified: 2026-04-04

Similar APIs

View All →

Classify

0

Classify provides programmatic access to encrypting & decrypting text messages via REST API.

No Auth Beginner HTTPS 1ms

Dehash.lt

0

Dehash.lt provides programmatic access to hash decryption md5, sha1, sha3, sha256, sha384, sha512 via REST API.

No Auth Beginner HTTPS 52ms

EmailRep

⭐ Beginner's Pick
95

EmailRep is a free API that evaluates the risk and reputation of an email address in seconds.

No Auth Beginner HTTPS 36ms

Escape

⭐ Beginner's Pick
84

EscapeAPI is a simple open-source utility API that takes raw user input and returns properly escaped versions safe for use in HTML, SQL, shell, and other contexts.

No Auth Beginner HTTPS 80ms

FilterLists

⭐ Beginner's Pick
87

FilterLists is a community-maintained directory API that catalogs hundreds of filter lists used by ad blockers and firewalls like uBlock Origin and Pi-hole.

No Auth Beginner HTTPS 83ms