July 24, 2025: NVD Technical Update
We have deployed updates to NVD systems on July 24th 2025. This deployment includes the following relevant changes:
Vulnerability Search:
The NVD Vulnerability Search Page has been redesigned, along with improved filtering and searching capabilities.
Vulnerability Detail Pages:
The References section no longer lists duplicated URLs and instead displays source attribution for each.
Vulnerability Dashboard Statistics Page:
Total counts have been corrected to reflect adjustments in New CVEs Received by NVD along with corresponding updates to CVEs Undergoing Analysis.
Vulnerability (/cves/) API:
Added new parameters related to CISA KEV
- KevStartDate and kevEndDate return CVEs that were added to the CISA Known Exploited Vulnerabilities (KEV) catalog during a specific period. If a CVE was added to the KEV catalog outside of the specified window, it will not be included.
- For additional details, please visit the /cves/ parameter documentation.
We have iterated the /cves/ schema to version 2.2.3 to align the `url` definition with the CVE 5.1.x schema:
- Removed:
- "pattern": "^(ftp|http)s?://\S+$"
- Added:
- "format": "uri"
- "minLength": 1
- Changed:
- "maxLength": 2048 (was 500)
General Reminder
The following unsupported legacy data feed files will remain available in parallel of the updated 2.0 data feed files until August 20th, 2025 as a courtesy. After that time, the legacy data feed files will be removed from the data feeds page and will no longer be accessible.
Any organizations making use of the legacy feed files will need to update their systems to use the 2.0 APIs or the 2.0 data feed files.
For additional questions or concerns, please reach out to nvd@nist.gov!
NIST Cybersecurity and Privacy Program
National Vulnerability Database (NVD)
Questions/Comments about this notice: nvd@nist.gov
|
