This repository contains a current compilation of Common Vulnerabilities and Exposures (CVE) sourced from the National Vulnerability Database (NVD). The CVE entries are presented in JSON format to facilitate seamless integration and use.
We are also sharing information (CVE-ID) from this repository through alternative channels. Feel free to participate if interested.(No Cost, Just FREE)
| ID | Item | Channel |
|---|---|---|
| 1 | NVD Latest CVEs (Sync with this Repo) |  |
| 2 | NVD Latest High Risky CVEs (For Engineers) | |
This repository contains lightweight CVE data describing vulnerabilities sourced from the NVD and CVE® dictionaries.
{
"totalResults": 4,
"datePublished": "2024-03-20T06:58:25.276459Z",
"vulnerabilities": [
{
"cve": {
"id": "CVE-2024-2333",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-09T16:15:42.790",
"lastModified": "2024-03-11T01:32:29.610",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"description": "A vulnerability classified as critical has been found in CodeAstro Membership Management System 1.0. Affected is an unknown function of the file /add_members.php. The manipulation of the argument fullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256284.",
"cweIds": [
{
"id": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
],
"references": [
{
"url": "https://github.com/0x404Ming/CVE_Hunter/blob/main/SQLi-3.md"
},
{
"url": "https://vuldb.com/?ctiid.256284"
},
{
"url": "https://vuldb.com/?id.256284"
}
]
}
},
...
The CVE® is maintained by the Mitre Corporation.
Mitre CVE®'s Terms of use:
CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive,
no-charge, royalty-free, irrevocable copyright license to reproduce, prepare
derivative works of, publicly display, publicly perform, sublicense, and
distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for
such purposes is authorized provided that you reproduce MITRE's copyright
designation and this license in any such copy.
The National Vulnerability Database is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP).
It is a superset of the CVE® dictionary augmented with additional analysis, a database, and a fine-grained search engine.
NVD's FAQ:
All NVD data is freely available from our XML Data Feeds. There are no fees,
licensing restrictions, or even a requirement to register. All NIST
publications are available in the public domain according to Title 17 of the
United States Code. Acknowledgment of the NVD when using our information is
appreciated. In addition, please email nvd@nist.gov to let us know how the
information is being used.
We provide streamlined data by selectively extracting essential components from the original CVE information without altering the source data.
In cases where there are errors in the original CVE source data, such errors may also manifest in the CVE data within this repository. Additionally, interruptions or system downtimes in the original CVE source may lead to the omission of some CVE-IDs.
Please be aware that we do not operate a system of 1000% integrity synchronization with the original CVE sources. We suggest being aware of the potential consequences that may arise from such situations. We are confident that the information in this repository is free of issues in typical circumstances.
If you find this helpful, please the "star"🌟 to support further improvements.