publicdata/nist-gov
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nist-gov/nvd.nist.gov/developers/vulnerabilities-1
Scott Williams 4063bef310 Initital commit.
2025-03-05 18:59:57 +00:00

1466 lines
No EOL
62 KiB
Text
Raw Permalink Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<title>Deprecated Vulnerabilities API</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<meta http-equiv="content-style-type" content="text/css" />
<meta http-equiv="content-script-type" content="text/javascript" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link href="/site-scripts/font-awesome/css/font-awesome.min.css"
type="text/css" rel="stylesheet" />
<link href="/site-media/bootstrap/css/bootstrap.min.css"
type="text/css" rel="stylesheet" />
<link href="/site-media/bootstrap/css/bootstrap-theme.min.css"
type="text/css" rel="stylesheet" />
<link
href="/site-scripts/eonasdan-bootstrap-datetimepicker/build/css/bootstrap-datetimepicker.min.css"
type="text/css" rel="stylesheet" />
<link href="/site-media/css/nist-fonts.css" type="text/css"
rel="stylesheet" />
<link href="/site-media/css/base-style.css" type="text/css"
rel="stylesheet" />
<link href="/site-media/css/media-resize.css" type="text/css"
rel="stylesheet" />
<meta name="theme-color" content="#000000">
<script src="/site-scripts/jquery/dist/jquery.min.js"
type="text/javascript"></script>
<script src="/site-scripts/jquery-visible/jquery.visible.min.js"
type="text/javascript"></script>
<script src="/site-scripts/underscore/underscore-min.js"
type="text/javascript"></script>
<script src="/site-media/bootstrap/js/bootstrap.js"
type="text/javascript"></script>
<script src="/site-scripts/moment/min/moment.min.js"
type="text/javascript"></script>
<script
src="/site-scripts/eonasdan-bootstrap-datetimepicker/build/js/bootstrap-datetimepicker.min.js"
type="text/javascript"></script>
<script src="/site-media/js/megamenu.js" type="text/javascript"></script>
<script src="/site-media/js/nist-exit-script.js"
type="text/javascript"></script>
<script src="/site-media/js/forms.js" type="text/javascript"></script>
<script
src="/site-media/js/federated-analytics.all.min.js?agency=NIST&amp;subagency=nvd&amp;pua=UA-37115410-41&amp;yt=true"
type="text/javascript" id="_fed_an_js_tag"></script>
<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-4KKFZP12LQ"></script>
<script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-4KKFZP12LQ'); </script>
<style id="antiClickjack">
body>* {
display: none !important;
}
#antiClickjack {
display: block !important;
}
</style>
<noscript>
<style id="antiClickjackNoScript">
body>* {
display: block !important;
}
#antiClickjack {
display: none !important;
}
</style>
</noscript>
<script type="text/javascript" id="antiClickjackScript">
if (self === top) {
// no clickjacking
var antiClickjack = document.getElementById("antiClickjack");
antiClickjack.parentNode.removeChild(antiClickjack);
} else {
setTimeout(tryForward(), 5000);
}
function tryForward() {
top.location = self.location;
}
</script>
<meta charset="UTF-8">
<link href="/site-media/css/nvd-style.css" type="text/css"
rel="stylesheet" />
<link href="/site-media/images/favicons/apple-touch-icon.png"
rel="apple-touch-icon" type="image/png" sizes="180x180" />
<link href="/site-media/images/favicons/favicon-32x32.png"
rel="icon" type="image/png" sizes="32x32" />
<link href="/site-media/images/favicons/favicon-16x16.png"
rel="icon" type="image/png" sizes="16x16" />
<link href="/site-media/images/favicons/manifest.json"
rel="manifest" />
<link href="/site-media/images/favicons/safari-pinned-tab.svg"
rel="mask-icon" color="#000000" />
<link href="/site-media/images/favicons/favicon.ico"
rel="shortcut icon" />
<meta name="msapplication-config" content="/site-media/images/favicons/browserconfig.xml" />
<link href="/site-media/images/favicons/favicon.ico"
rel="shortcut icon" type="image/x-icon" />
<link href="/site-media/images/favicons/favicon.ico" rel="icon"
type="image/x-icon" />
<meta charset="UTF-8">
<meta name="viewport1" content="width=device-width, initial-scale=1">
<script>
function toggleMoreCode(elementId, iconId) {
var x = document.getElementById(elementId);
if (x.style.display === "none") {
x.style.display = "block";
} else {
x.style.display = "none";
}
if(typeof iconId !== 'undefined') {
var y = document.getElementById(iconId);
if (x.style.display === "block") {
y.classList.add("fa-minus");
y.classList.remove("fa-plus");
} else {
y.classList.add("fa-plus");
y.classList.remove("fa-minus");
}
}
}
</script>
<style>
.json-code {
width: 100%;
background-color: rgb(245, 245, 245);
margin-top: 10px;
font-family:'Lucida Console', monospace;
}
/* Tooltip container */
.tooltip {
position: relative;
display: inline-block;
border-bottom: 1px dotted black; /* If you want dots under the hoverable text */
}
/* Tooltip text */
.tooltip .tooltiptext {
visibility: hidden;
width: 120px;
background-color: black;
color: #fff;
text-align: center;
padding: 5px 0;
border-radius: 6px;
/* Position the tooltip text - see examples below! */
position: absolute;
z-index: 1;
}
/* Show the tooltip text when you mouse over the tooltip container */
.tooltip:hover .tooltiptext {
visibility: visible;
}
</style>
<meta name="viewport1" content="width=device-width, initial-scale=1">
</head>
<body>
<header role="banner" title="Site Banner">
<div id="antiClickjack" style="display: none">
<h1>You are viewing this page in an unauthorized frame window.</h1>
<p>
This is a potential security issue, you are being redirected to
<a href="https://nvd.nist.gov">https://nvd.nist.gov</a>
</p>
</div>
<div>
<section class="usa-banner" aria-label="Official government website">
<div class="usa-accordion container">
<header class="usa-banner__header">
<noscript>
<p style="font-size: 0.85rem; font-weight: bold;">You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.</p>
</noscript>
<img class="usa-banner__header-flag"
src="/site-media/images/usbanner/us_flag_small.png" alt="U.S. flag">
&nbsp;
<span class="usa-banner__header-text">An official website of the United States government</span>
<button id="gov-banner-button" class="usa-accordion__button usa-banner__button" data-toggle="collapse" data-target="#gov-banner" aria-expanded="false" aria-controls="gov-banner">
<span class="usa-banner__button-text">Here's how you know</span>
</button>
</header>
<div class="usa-banner__content usa-accordion__content collapse" role="tabpanel" id="gov-banner" aria-expanded="true">
<div class="row">
<div class="col-md-5 col-sm-12">
<div class="row">
<div class="col-sm-2 col-xs-3">
<img class="usa-banner__icon usa-media-block__img"
src="/site-media/images/usbanner/icon-dot-gov.svg" alt="Dot gov">
</div>
<div class="col-sm-10 col-xs-9">
<p>
<strong>Official websites use .gov</strong>
<br>
A <strong>.gov</strong> website belongs to an official government organization in the United States.
</p>
</div>
</div>
</div>
<div class="col-md-5 col-sm-12">
<div class="row">
<div class="col-sm-2 col-xs-3">
<img class="usa-banner__icon usa-media-block__img"
src="/site-media/images/usbanner/icon-https.svg" alt="Https">
</div>
<div class="col-sm-10 col-xs-9">
<p>
<strong>Secure .gov websites use HTTPS</strong>
<br>
A <strong>lock</strong> (<img class="usa-banner__lock"
src="/site-media/images/usbanner/lock.svg" alt="Dot gov">) or <strong>https://</strong> means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
</p>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
</div>
<div>
<div>
<nav id="navbar" class="navbar">
<div id="nist-menu-container" class="container">
<div class="row">
<!-- Brand -->
<div class="col-xs-6 col-md-4 navbar-header"
style="height:104px">
<a class="navbar-brand"
href="https://www.nist.gov"
target="_blank" rel="noopener noreferrer"
id="navbar-brand-image"
style="padding-top: 36px">
<img alt="National Institute of Standards and Technology"
src="/site-media/images/nist/nist-logo.svg"
width="110" height="30">
</a>
</div>
<div class="col-xs-6 col-md-8 navbar-nist-logo">
<span id="nvd-menu-button" class="pull-right" style="margin-top: 26px"> <a href="#">
<span class="fa fa-bars"></span> <span id="nvd-menu-full-text"><span
class="hidden-xxs">NVD </span>MENU</span>
</a>
</span>
</div>
</div>
</div>
<div class="main-menu-row container">
<!-- Collect the nav links, forms, and other content for toggling -->
<div id="main-menu-drop" class="col-lg-12" style="display: none;">
<ul>
<li><a href="/general"> General <span
class="expander fa fa-plus" id="nvd-header-menu-general"
data-expander-name="general" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="general">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/general/nvd-dashboard">NVD Dashboard</a>
</p>
<p>
<a href="https://www.nist.gov/itl/nvd">News and Status Updates</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/general/faq">FAQ</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/general/visualizations">Visualizations</a>
</p>
<p>
<a href="/general/legal-disclaimer">Legal Disclaimer</a>
</p>
</div>
</div>
</div></li>
<li><a href="/vuln"> Vulnerabilities <span
class="expander fa fa-plus"
id="nvd-header-menu-vulnerabilities"
data-expander-name="vulnerabilities" data-expanded="false">
<span class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="vulnerabilities">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/vuln/search">Search &amp; Statistics</a>
</p>
<p>
<a href="/vuln/categories">Weakness Types</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/vuln/data-feeds">Legacy Data Feeds</a>
</p>
<p>
<a href="/vuln/vendor-comments">Vendor Comments</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/vuln/cvmap">CVMAP</a>
</p>
</div>
</div>
</div></li>
<li><a href="/vuln-metrics/cvss#"> Vulnerability Metrics <span
class="expander fa fa-plus" id="nvd-header-menu-metrics"
data-expander-name="metrics" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="metrics">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/vuln-metrics/cvss/v4-calculator">CVSS v4.0
Calculators</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/vuln-metrics/cvss/v3-calculator">CVSS v3.x
Calculators</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/vuln-metrics/cvss/v2-calculator">CVSS v2.0
Calculator</a>
</p>
</div>
</div>
</div></li>
<li><a href="/products"> Products <span
class="expander fa fa-plus" id="nvd-header-menu-products"
data-expander-name="products" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="products">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/products/cpe">CPE Dictionary</a>
</p>
<p>
<a href="/products/cpe/search">CPE Search</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/products/cpe/statistics">CPE Statistics</a>
</p>
<p>
<a href="/products/swid">SWID</a>
</p>
</div>
<div class="col-lg-4"></div>
</div>
</div></li>
<li>
<a href="/developers">Developers<span
class="expander fa fa-plus" id="nvd-header-menu-developers"
data-expander-name="developers" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="developers">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/developers/start-here">Start Here</a>
</p>
<p>
<a href="/developers/request-an-api-key">Request an API Key</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/developers/vulnerabilities">Vulnerabilities</a>
</p>
<p>
<a href="/developers/products">Products</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/developers/data-sources">Data Sources</a>
</p>
<p>
<a href="/developers/terms-of-use">Terms of Use</a>
</p>
</div>
</div>
</div>
</li>
<li><a href="/contact"> Contact NVD </a></li>
<li><a href="/other"> Other Sites <span
class="expander fa fa-plus" id="nvd-header-menu-othersites"
data-expander-name="otherSites" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="otherSites">
<div class="row">
<div class="col-lg-4">
<p>
<a href="https://ncp.nist.gov">Checklist (NCP) Repository</a>
</p>
<p>
<a href="https://ncp.nist.gov/cce">Configurations (CCE)</a>
</p>
<p>
<a href="https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search">800-53 Controls</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a
href="https://csrc.nist.gov/projects/scap-validation-program">SCAP
Validated Tools</a>
</p>
<p>
<a
href="https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a
href="https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB</a>
</p>
</div>
</div>
</div></li>
<li><a href="/search"> Search <span
class="expander fa fa-plus" id="nvd-header-menu-search"
data-expander-name="search" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="search">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/vuln/search">Vulnerability Search</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/products/cpe/search">CPE Search</a>
</p>
</div>
</div>
</div></li>
</ul>
</div>
<!-- /#mobile-nav-container -->
</div>
</nav>
<section id="itl-header" class="has-menu">
<div class="container">
<div class="row">
<div class="col-sm-12 col-md-8">
<h2 class="hidden-xs hidden-sm">
<a href="https://www.nist.gov/itl" target="_blank" rel="noopener noreferrer">Information Technology Laboratory</a>
</h2>
<h1 class="hidden-xs hidden-sm">
<a id="nvd-header-link"
href="/">National Vulnerability Database</a>
</h1>
<h1 class="hidden-xs text-center hidden-md hidden-lg"
>National Vulnerability Database</h1>
<h1 class="hidden-sm hidden-md hidden-lg text-center"
>NVD</h1>
</div>
<div class="col-sm-12 col-md-4">
<a style="width: 100%; text-align: center; display: block;padding-top: 14px">
<img id="img-logo-nvd-lg"
alt="National Vulnerability Database"
src="/site-media/images/F_NIST-Logo-NVD-white.svg"
width="500" height="100">
</a>
</div>
</div>
</div>
</section>
</div>
</div>
</header>
<main>
<div>
<div id="body-section" class="container">
<div class="row">
<ol class="breadcrumb">
<li><a href="/developers" class="CMSBreadCrumbsLink">Developers</a></li>
</ol>
</div>
<div>
<div id="divRetirementBanner" class="bs-callout bs-callout-warning">
<p>
<strong>The 1.0 APIs have been retired and are no longer accessible.
<a href="/General/News/change-timeline">Click here</a> for more information on
the retirement timeline.</strong>
</p>
</div>
<div id="divVulnerabilities" class="row">
<h2>Vulnerabilities</h2>
<p>
This quickstart assumes that you already understand at least one common programming language and are generally familiar with JSON RESTful services.
JSON specifies the format of the data returned by the REST service. REST refers to a style of services that allow computers to communicate via HTTP
over the Internet.
</p>
</div>
<div id="divRequests" class="row">
<h3>Requests</h3>
<p>
All requests to the API use the HTTP GET method. The URL stem for making requests is different depending on whether the request is for one specific
CVE, or a collection of CVEs. REST parameters allow you to control and customize which vulnerabilities are returned. The parameters are akin to those
found on the NVD public vulnerability search page, https://nvd.nist.gov/vuln/search.
</p>
</div>
<div id="divGetCVE" class="row">
<h3>Retrieve a specific CVE</h3>
<p>
The URL stem for retrieving a single CVE is shown below. Please note how the required <code>{cveId}</code> appears in the URL path.
</p>
<p class="urlSnippet">
https://services.nvd.nist.gov/rest/json/cve/1.0/CVE-2021-41172?addOns=dictionaryCpes
</p>
</div>
<h4 title="Click to expand or collapse">
<a id="toggleGetCVEParameters"
onclick="toggleMoreCode('divGetCVEParameters', 'iconGetCveParams')">
<span class="fa fa-plus" id="iconGetCveParams"></span>
Parameters
</a>
</h4>
<div id="divGetCVEParameters"
class="row"
style="display: none">
<div class="tooltip">
<span class="tooltiptext">Click to expand or collapse</span>
</div>
<table class="table">
<tr>
<td>
<a>
<a id="cve-addOns"><p class="paramName">
addOns <span class="paramOptional"> optional </span>
</p></a>
<p>
This parameter is part of the URL query.
</p>
<p>
<code>
dictionaryCpes
</code>
By default, the response includes all CPE applicability statements associated with the vulnerability.
Applicability statements are CPE match strings that may be used in searching the Official CPE Dictionary.
Including <code>addOns=dictionaryCpes</code> adds the official CPE names to the request, but can return
a significantly denser amount of text.
</p>
<p class="urlSnippet">
https://services.nvd.nist.gov/rest/json/cve/1.0/CVE-2000-0266?addOns=dictionaryCpes
</p>
</td>
</tr>
<tr>
<td>
<a>
<a id="cve-apiKey"><p class="paramName">
apiKey <span class="paramOptional"> optional </span>
</p></a>
<p>
This parameter is part of the URL query but beginning in September 2022, API keys
may also be passed to the 1.0 APIs in the request header.
This approach is required with the 2.0 APIs.
The exact method of passing header information with a GET request varies
based on the user agent.
</p>
<p>
The API Key provided to the user. Including <code>apiKey={key value}</code>, (without brackets
or spaces) allows users to make a greater number of requests for a given time than they could otherwise.
</p>
</td>
</tr>
</table>
</div>
<div id="divCollectionCVE" class="row">
<h3>Retrieve a collection of CVE</h3>
<p>
The parameters used to retrieve a collection are intended to limit or filter results. The parameters selected
for the request are known as the search criteria, and all parameters should be included in the URL query. Please
note how the only difference between the URL for requesting a single CVE and requesting a collection is a single "s".
</p>
<p class="urlSnippet">
https://services.nvd.nist.gov/rest/json/cves/1.0/
</p>
</div>
<h4 title="Click to expand or collapse">
<a id="toggleGetCollectionParameters"
onclick="toggleMoreCode('divCollectionParameters', 'iconColParams')">
<span class="fa fa-plus" id="iconColParams"></span>
Parameters
</a>
</h4>
<div id="divCollectionParameters"
class="row"
style="display: none">
<table class="table">
<tr>
<td>
<a id="cves-addOns"><p class="paramName">
addOns <span class="paramOptional"> optional </span>
</p></a>
<p>
<code>
dictionaryCpes
</code>
By default, the response includes all CPE applicability statements associated with the vulnerability. Applicability statements are
CPE match strings that may be used in searching the Official CPE Dictionary. Including <code>addOns=dictionaryCpes</code>
adds the official CPE names to the request.
</p>
<p>
Please note that each CVE may have a dozen or more CPE associated with them. Including this parameter can return a large amount of data,
which in some cases may become truncated. Reducing the <code>resultsPerPage</code> may prevent the data from being truncated.
</p>
</td>
</tr>
<tr>
<td>
<a id="cves-apiKey"><p class="paramName">
apiKey <span class="paramOptional"> optional </span>
</p></a>
<p>
The API Key provided to the user. Including <code>apiKey={key value}</code>, (without brackets or spaces)
allows users to make a greater number of requests in a given time than they could otherwise.
</p>
<p>
Beginning in September 2022, API keys may also be passed to the 1.0 APIs
in the request header. This approach is required with the 2.0 APIs.
The exact method of passing header information with a GET request varies
based on the user agent.
</p>
</td>
</tr>
</tr>
<tr>
<td>
<a id="cves-cpeMatchString"><p class="paramName">
cpeMatchString <span class="paramOptional"> optional </span>
</p></a>
<p>
This parameter is used to filter vulnerabilities more broadly than <code>cpeName</code>. The value of
<code>cpeMatchString</code> is compared against the CPE Match Criteria present on CVE applicability
statements. <code>cpeName</code> is a recommended alternative for many use cases. Please note,
when both <code>cpeName</code> and <code>cpeMatchString</code> are provided, only the <code>cpeName</code> is used.
</p>
</td>
</tr>
<tr>
<td>
<a id="cves-cpeName"><p class="paramName">
cpeName <span class="paramOptional"> optional </span>
</p></a>
<p>
This parameter is used to find CVEs that affect specific products. The exact value of <code>cpeName</code>
is compared to the CPE Match Criteria so that only CVE affecting the named CPE are returned. Please note,
when both <code>cpeName</code> and <code>cpeMatchString</code> are provided, only the <code>cpeName</code> is used.
<code>cpeName</code> will accept CPE not yet present in the CPE Dictionary, but the value must be a
<a href="https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7696.pdf">well-formed CPE name (WFN)</a>.
</p>
<p style="font-family:'Lucida Console', monospace;font-size: smaller; margin-left: 40px">
https://services.nvd.nist.gov/rest/json/cves/1.0?cpeName=cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*
</p>
</td>
</tr>
<tr>
<td>
<a id="cves-cvssV2Metrics"><p class="paramName">
cvssV2Metrics <span class="paramOptional"> optional </span>
</p></a>
<p>
These parameters are used to filter vulnerabilities based on <a href="https://www.first.org/cvss/specification-document">CVSS vector strings.</a>
Either full or partial vector strings may be used.
</p>
<p style="font-family:'Lucida Console', monospace;font-size: smaller; margin-left: 40px">
https://services.nvd.nist.gov/rest/json/cves/1.0?cvssV2Metrics=AV:L/AC:H/Au:M/C:N/I:N/A:N
</p>
<p style="font-family:'Lucida Console', monospace; font-size: smaller; margin-left: 40px">
https://services.nvd.nist.gov/rest/json/cves/1.0?cvssV2Metrics=A:N/C:H
</p>
</td>
</tr>
<tr>
<td>
<a id="cves-cvssV2Severity"><p class="paramName">
cvssV2Severity <span class="paramOptional"> optional </span>
</p></a>
<p>
CVSS refers to the scoring system used by NIST to assess the severity of vulnerabilities, <a href="https://cwe.mitre.org/"> https://www.first.org/cvss/</a>.
Either the <code>cvssV2Severity</code> or <code>cvssV3Severity</code> parameter may be used to find vulnerabilities having a severity of LOW, MEDIUM, or HIGH. For CVSS V3.x, <code>cvssV3Severity=CRITICAL</code>
is also supported.
</p>
</td>
</tr>
<tr>
<td>
<a id="cves-cvssV3Metrics"><p class="paramName">
cvssV3Metrics <span class="paramOptional"> optional </span>
</p></a>
<p>
These parameters are used to filter vulnerabilities based on <a href="https://www.first.org/cvss/specification-document">CVSS vector strings.</a>
Either full or partial vector strings may be used.
</p>
<p style="font-family:'Lucida Console', monospace;font-size: smaller; margin-left: 40px">
https://services.nvd.nist.gov/rest/json/cves/1.0?cvssV3Metrics=AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
</p>
<p style="font-family:'Lucida Console', monospace; font-size: smaller; margin-left: 40px">
https://services.nvd.nist.gov/rest/json/cves/1.0?cvssV3Metrics=S:U/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
</p>
</td>
</tr>
<tr>
<td>
<a id="cves-cvssV3Severity"><p class="paramName">
cvssV3Severity <span class="paramOptional"> optional </span>
</p></a>
<p>
CVSS refers to the scoring system used by NIST to assess the severity of vulnerabilities, <a href="https://cwe.mitre.org/"> https://www.first.org/cvss/</a>.
Either the <code>cvssV2Severity</code> or <code>cvssV3Severity</code> parameter may be used to find vulnerabilities having a severity of LOW, MEDIUM, or HIGH. For CVSS V3.x, <code>cvssV3Severity=CRITICAL</code>
is also supported.
</p>
</td>
</tr>
<tr>
<td>
<a id="cves-cweId"><p class="paramName">
cweId <span class="paramOptional"> optional </span>
</p></a>
<p>
CWE refers to the classification of vulnerabilities used by NIST and managed by MITRE at <a href="https://cwe.mitre.org/"> https://cwe.mitre.org/</a>.
NVD analysts associate one or more CWE to each vulnerability during the analysis process.
</p>
</td>
</tr>
<tr>
<td>
<a id="cves-includeMatchStringChange"><p class="paramName">
includeMatchStringChange <span class="paramOptional"> optional </span>
</p></a>
<p>
<code>
true
</code>
By default, the <code>modStartDate</code> and <code>modEndDate</code> parameters include only a collection of CVE where the CVE
information was modified. The modification of product names by NIST in the Official CPE Dictionary does not modify related CVE.
<code>includeMatchStringChange=true</code> returns a collection of CVE where either the vulnerabilities or the associated product
names were modified.
</p>
</td>
</tr>
<tr>
<td>
<a id="cves-isExactMatch"><p class="paramName">
isExactMatch <span class="paramOptional"> optional </span>
</p></a>
<p>
<code>
true
</code>
If the keyword is a phrase, i.e., contains more than one term, including <code>isExactMatch=true</code> retrieves records matching
the exact phrase. Otherwise, the results contain any record having any of the terms.
</p>
</td>
</tr>
<tr>
<td>
<a id="cves-keyword"><p class="paramName">
keyword <span class="paramOptional"> optional </span>
</p></a>
<p>
This parameter is used to retrieve records where a word or phrase is found in the vulnerability description or reference links.
</p>
</td>
</tr>
<tr>
<td>
<a id="cves-modStartDate"><p class="paramName">
modStartDate <span class="paramOptional"> optional </span>
</p></a>
<a id="cves-modEndDate"><p class="paramName">
modEndDate <span class="paramOptional"> optional </span>
</p></a>
<p>
These parameters specify a collection of CVE that were last modified during the period. If a CVE has been modified more recently
than the specified period it will not be included in the response. If filtering by the last modified date, both
<code>modStartDate</code> and <code>modEndDate</code> are <span style="font-family:'Lucida Console', monospace; color:orangered">REQUIRED</span>.
Filtering with only one parameter will return a successful response without data. The maximum allowable range when using
the date range parameters is 120 consecutive days. Date range parameters are in the form:
</p>
<p class="urlSnippet">
yyyy-MM-ddTHH:mm:ss:SSS Z
</p>
<p>
The T is a literal to separate the date from the time. The Z indicates an offset-from-UTC. If a positive Z value is used
(such as +01:00 for Central European Time) then the "+" should be encoded in the request as "%2B". This may be handled
automatically by the user agent. An example is provided below showing a +01:00 offset-from-UTC.
</p>
<p style="font-family:'Lucida Console', monospace; font-size: smaller; margin-left: 40px">
https://services.nvd.nist.gov/rest/json/cves/1.0/?modStartDate=2021-08-04T13:00:00:000 UTC%2B01:00&modEndDate=2021-10-22T13:36:00:000 UTC%2B01:00
</p>
</td>
</tr>
<tr>
<td>
<a id="cves-pubStartDate"><p class="paramName">
pubStartDate <span class="paramOptional"> optional </span>
</p></a>
<a id="cves-pubEndDate"><p class="paramName">
pubEndDate <span class="paramOptional"> optional </span>
</p></a>
<p>
These parameters specify a collection of CVE that were added to the NVD (i.e., published) during the period. If filtering by the
publication date, both <code>pubStartDate</code> and <code>pubEndDate</code> are <span style="font-family:'Lucida Console', monospace; color:orangered">REQUIRED</span>.
Filtering with only one parameter will return a successful response without data. The maximum allowable range when using
the date range parameters is 120 consecutive days. Date range parameters are in the form:
</p>
<p class="urlSnippet">
yyyy-MM-ddTHH:mm:ss:SSS Z
</p>
<p>
The T is a literal to separate the date from the time. The Z indicates an offset-from-UTC. If a positive Z value is used
(such as +01:00 for Central European Time) then the "+" should be encoded in the request as "%2B". This may be handled
automatically by the user agent. An example is provided below showing a -05:00 offset-from-UTC.
</p>
<p style="font-family:'Lucida Console', monospace; font-size: smaller; margin-left: 40px">
https://services.nvd.nist.gov/rest/json/cves/1.0/?pubStartDate=2021-08-04T13:00:00:000 UTC-05:00&pubEndDate=2021-10-22T13:36:00:000 UTC-05:00
</p>
</td>
</tr>
<tr>
<td>
<a id="cves-resultsPerPage"></a><p class="paramName">
resultsPerPage <span class="paramOptional"> optional </span>
</p></a>
<p>
This parameter specifies the maximum number of results that are returned based on the request parameters. The default value is 20.
For network considerations, maximum allowable limit is 2,000.
</p>
<p>
The response content <code>totalResults</code> indicates the number of CVE results that match request parameters. If the value of
<code>totalResults</code> is greater than the value of <code>resultsPerPage</code>, the parameter <code>startIndex</code>
may be used in subsequent requests to identify the starting point for the request.
</p>
</td>
</tr>
<tr>
<td>
<a id="cves-sortBy"><p class="paramName">
sortBy <span class="paramOptional"> optional </span>
</p></a>
<p>
<code>
modifiedDate
</code>
By default, the API responds with the most recently modified CVE first.
<p>
</p>
<code>
publishDate
</code>
Including <code>sortBy=publishDate</code> changes the sort order so that the API responds with the most recently published
CVE first.
</p>
<p>
When making iterative requests for a large number of CVE, such as the initial population of all CVE in a local database, sorting
by the modified date may occasionally result in missing CVE. This may happen if new CVE are added during the iterative requests.
Sorting by the published date avoids these errors.
</p>
</td>
</tr>
<tr>
<td>
<a id="cves-startIndex"><p class="paramName">
startIndex <span class="paramOptional"> optional </span>
</p></a>
<p>
This parameter determines the first CVE in the collection returned by the response. The index is zero-based, meaning the first CVE is
at index zero. The response header <code>totalResults</code> indicates the number of CVE results that match request parameters. If
the value of <code>totalResults</code> is greater than the value of <code>resultsPerPage</code>, the parameter <code>startIndex</code>
may be used in subsequent requests to identify the first CVE for the request.
</p>
<p>
The best, most efficient, practice for keeping up to date with the NVD is to use the date range parameters in order to request only
those CVE that have been published or modified since the last request.
</p>
<p>
Presently NVD contains more than 160,000 vulnerabilities relating to thousands of vendor products. Multiple consecutive requests are
required to return all available records. Requesting an API key significantly raises the number of requests that can be made in a
given time frame. However, NIST firewall rules put in place to prevent denial of service attacks on NVD can thwart your application. To
avoid this, it is recommended that your application sleeps for several seconds between requests so that legitimate requests
are not denied.
</p>
</td>
</tr>
</table>
</div>
<div id="divResponse" class="row">
<h3>Response</h3>
<p>
This section describes the response returned by the vulnerability API. Each CVE has a text description and reference links. Vulnerabilities that
have undergone NVD analysis include CVSS scores, product applicability statements, and more. The response is based on four JSON schema that were
developed independently as part of three separate initiatives. Hence the stylistic differences in data element names. The following diagram shows
where the main feed schema is dependent on the other three.
</p>
<div id="divImage" class="row">
<div class="col-md-6" style="padding:0px;">
<div class="text-center">
<span>
<a href="https://csrc.nist.gov/schema/nvd/feed/1.1/nvd_cve_feed_json_1.1.schema">
<img alt="Graphical representation of the JSON response schema"
src="/site-media/images/vuln/cve-json-schema.svg"
style="width: 992px; height: 292px"/>
<br>
Click to view the full JSON response schema
</a>
</span>
</div>
</div>
</div>
<br>
</div>
<h4 title="Click to expand or collapse">
<a id="toggleResponseBody"
onclick="toggleMoreCode('divResponseBody', 'iconResponseBody')">
<span class="fa fa-plus" id="iconResponseBody"></span>
Response Body
</a>
</h4>
<div id="divResponseBody"
class="row"
style="display: none">
<p>
The vulnerabilities API returns four primary elements in the body of the response: <code>resultsPerPage</code>, <code>startIndex</code>,
<code>totalResults</code>, and <code>result</code>.
<p>
<p>
The first three elements identify how how many CVE meet the search criteria and how many CVE have been returned in this response. The element
<code>totalResults</code> indicates the number of CVE results that match search criteria. If the value of <code>totalResults</code> is greater
than the value of <code>resultsPerPage</code>, then additional requests are necessary to return the remaining CVE. The parameter <code>startIndex</code>
may be used in subsequent requests to identify the starting point for the request next. More information and the best practices for using <code>resultsPerPage</code>
and <code>startIndex</code> are described above.
</p>
<p>
The <code>result</code> element contains an array of five additional elements. <code>CVE_data_type</code>, <code>CVE_data_format</code>, <code>CVE_data_version</code>,
and <code>CVE_data_timestamp</code> describe the request while the fifth element <code>CVE_Items</code> contains the CVE.
</p>
<h5 style="font-family:'Lucida Console', monospace">CVE Items</h5>
<p>
At the high-level, each vulnerability in the <code>CVE_Items</code> array can have the following elements:
</p>
<table class="table">
<tr>
<td>
<a id="response-cve"><p class="paramName">
cve <span class="paramRequired">required</span>
</p></a>
<p>
This element contains the CVE identifier, description, reference links, and problem type (CWE). In rare occasions <code>description_data</code>
can contain multiple values. All vulnerabilities have at least one Internet link under <code>references</code> that provides additional
information about the vulnerability. NIST categorizes link using the <code>tags</code> elements, e.g., Third Party Advisory. All CWE assigned to a
vulnerability are found in <code>problem_type</code>. In some cases there are more than one CWE.
</p>
<button onclick="toggleMoreCode('jsonWindowCve')">Toggle JSON</button>
<div id="jsonWindowCve"
style="display: none;">
<pre class="json-code">
"cve":{
"data_type":"CVE",
"data_format":"MITRE",
"data_version":"4.0",
"CVE_data_meta":{
"ID":"CVE-2019-1010218",
"ASSIGNER":"cve@mitre.org"
},
"description":{
"description_data":[{
"lang":"en",
"value":"Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 (Current stable) is affected by: Buffer Overflow - CWE-120. The impact is: Crash. The component is: Main cherokee command. The attack vector is: Overwrite argv[0] to an insane length with execl. The fixed version is: There's no fix yet."
}]
},
"references":{
"reference_data":[{
"url":"https://i.imgur.com/PWCCyir.png",
"name":"https://i.imgur.com/PWCCyir.png",
"refsource":"MISC",
"tags":["Exploit","Third Party Advisory"]
}]
},
"problemtype":{
"problemtype_data":[{
"description":[{
"lang":"en",
"value":"CWE-119"
}]
}]
},
}
</pre>
</div>
</td>
</tr>
<tr>
<td>
<a id="response-configurations"><p class="paramName">
configurations <span class="paramOptional">not required</span>
</p></a>
<p>
The configurations element has the CVE applicability statements that convey which product, or products, are associated with the
vulnerability according to analysis by NIST. Recall that each CPE shown here is a match string that can be used to search the
Official CPE Dictionary.
</p>
<p>
Configurations are a tree, or hierarchical data structure consisting of nodes where each node contains CPE match string or child nodes.
(A node will never contain both CPEs and child nodes, and is never empty.)
</p>
<p>
Each node has either an OR- or an AND-operator (and in rare cases a NEGATE flag) to covey the logical
relationship of the CPE or child nodes within. For example, if the vulnerability exists only when both
CPE products are present, the operator is “AND”. If the vulnerability exists if either CPE is present, then
the operator is “OR”.
</p>
<button onclick="toggleMoreCode('jsonWindowConfig')">Toggle JSON</button>
<div id="jsonWindowConfig"
style="display: none;">
<pre class="json-code">
"configurations":{
"CVE_data_version":"4.0",
"nodes":[{
"operator":"AND",
"children":[{
"operator":"OR",
"cpe_match":[{
"vulnerable":true,
"cpe23Uri":"cpe:2.3:o:tesla:model_3_firmware:-:*:*:*:*:*:*:*"
}]
},{
"operator":"OR",
"cpe_match":[{
"vulnerable":false,
"cpe23Uri":"cpe:2.3:h:tesla:model_3:-:*:*:*:*:*:*:*"
}]
}
]
}]
},
</pre>
<p class="commentInJson">
Notice that the first product is marked as vulnerable, but the second is not. (The vulnerability is said to exist only if the
firmware in this example is running on the hardware.) Configurations vary in complexity, partly due to their recursive nature.
Some vulnerabilities have one node with one CPE, while others have more than one configuration, i.e., more than one root node
element. Nodes may contain a single CPE match string or dozens.
</p>
<p class="commentInJson">
In some cases, the CPE match string indicates a range of product versions. Notice in the following example that the version
is not specified in the <code>cpe23Uri</code> element; instead, the <code>versionEndIncluding</code> indicates the last
vulnerable version. Other possible elements are <code>versionEndExcluding</code>, <code>versionStartIncluding</code>, and
<code>versionStartExcluding</code>.
</p>
<pre class="json-code">
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" :
"cpe:2.3:a:imapfilter_project:imapfilter:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.6.12"
} ]
} ]
},
</pre>
<p class="commentInJson">
Recall that the vulnerability service has an optional query parameter, <code>addOns=dictionaryCpes</code>, described above.
When the request has this parameter, the response returns official CPE names for each CPE match string in the configuration, in
so far as they are present in the Official CPE Dictionary. The following example shows matching CPE names for a match string.
</p>
<pre class="json-code">
"configurations":{
"CVE_data_version":"4.0",
"nodes":[{
"operator":"OR",
"negate":false,
"cpe_match":[{
"vulnerable":true,
"cpe23Uri":"cpe:2.3:a:elementor:elementor:*:*:*:*:*:*:*:*",
"versionEndExcluding":"1.8.0",
"cpe_name":[{
"cpe23Uri":"cpe:2.3:a:elementor:elementor:-:*:*:*:*:*:*:*",
"lastModifiedDate":"2019-09-10T15:38Z"},
{"cpe23Uri":"cpe:2.3:a:elementor:elementor:0.1.0:*:*:*:*:*:*:*",
"lastModifiedDate":"2019-09-10T15:38Z"},
{"cpe23Uri":"cpe:2.3:a:elementor:elementor:0.1.1:*:*:*:*:*:*:*",
"lastModifiedDate":"2019-09-10T15:38Z"},
{"cpe23Uri":"cpe:2.3:a:elementor:elementor:0.1.2:*:*:*:*:*:*:*",
"lastModifiedDate":"2019-09-10T15:38Z"},
{"cpe23Uri":"cpe:2.3:a:elementor:elementor:0.1.3:*:*:*:*:*:*:*",
"lastModifiedDate":"2019-09-10T15:38Z"},
</pre>
<p class="commentInJson">
Since configurations can be large, and the number of matches can be many, applications are cautioned from using this parameter
for requests that return large numbers of vulnerabilities.
</p>
</div>
</td>
</tr>
<tr>
<td>
<a id="response-impact"><p class="paramName">
impact <span class="paramOptional">not required</span>
</p></a>
<p>
The impact element provides the CVSS severity scores for the vulnerability if it has been analyzed by NIST. The <code>cvssV3</code> and
<code>cvssV2</code> elements within the impact element conform to the cvss-v3.x.json and cvssv2.0.json schemas, respectively. Additional
elements provided by NIST conform to the parent nvd_cve_feed_json_1.1.schema such as the exploitability and impact sub-scores.
</p>
<button onclick="toggleMoreCode('jsonWindowImpact')">Toggle JSON</button>
<div id="jsonWindowImpact"
style="display: none;">
<pre class="json-code">
"impact":{
"baseMetricV3":{
"cvssV3":{
"version":"3.0",
"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector":"NETWORK",
"attackComplexity":"LOW",
"privilegesRequired":"NONE",
"userInteraction":"REQUIRED",
"scope":"UNCHANGED",
"confidentialityImpact":"HIGH",
"integrityImpact":"HIGH",
"availabilityImpact":"HIGH",
"baseScore":8.8,
"baseSeverity":"HIGH"
},
"exploitabilityScore":2.8,
"impactScore":5.9
},
"impact":{
"baseMetricV2":{
"cvssV2":{
"version":"2.0",
"vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector":"NETWORK",
"accessComplexity":"MEDIUM",
"authentication":"NONE",
"confidentialityImpact":"PARTIAL",
"integrityImpact":"PARTIAL",
"availabilityImpact":"PARTIAL",
"baseScore":6.8
},
"severity":"MEDIUM",
"exploitabilityScore":8.6,
"impactScore":6.4,
"obtainAllPrivilege":false,
"obtainUserPrivilege":false,
"obtainOtherPrivilege":false,
"userInteractionRequired":true
}
}
</pre>
</div>
</td>
</tr>
<tr>
<td>
<a id="response-publishedDate"><p class="paramName">
publishedDate <span class="paramOptional">not required</span>
</p></a>
<p>
The date that the CVE was published.
</p>
</td>
</tr>
<tr>
<td>
<a id="response-lastModifiedDate"><p class="paramName">
lastModifiedDate <span class="paramOptional">not required</span>
</p></a>
<p>
The date that the CVE was last modified.
</p>
</td>
</tr>
</table>
</div>
<div id="divContact" class="row">
<br>
<p>
Questions, comments, or concerns may be shared with the NVD by emailing <a href="mailto:nvd@nist.gov">nvd@nist.gov</a>
</p>
</div>
<div class="col-md-12 historical-data-area" id="historical-data-area">
<span>
Created
<span id="page-created-date">
<span>September 20, 2022</span>
</span>,
</span>
Updated
<span id="page-updated-date">
<span>August 27, 2024</span>
</span>
</div>
</div>
</div>
</div>
</main>
<footer id="footer" role="contentinfo">
<div class="container">
<div class="row">
<div class="col-sm-12">
<ul class="social-list pull-right">
<li class="field-item service-twitter list-horiz"><a
href="https://twitter.com/NISTCyber" target="_blank" rel="noopener noreferrer"
class="social-btn social-btn--large extlink ext"> <i
class="fa fa-twitter fa-fw"><span class="element-invisible">twitter</span></i><span
class="ext"><span class="element-invisible"> (link
is external)</span></span>
</a></li>
<li class="field-item service-facebook list-horiz"><a
href="https://www.facebook.com/NIST" target="_blank" rel="noopener noreferrer"
class="social-btn social-btn--large extlink ext"> <i
class="fa fa-facebook fa-fw"><span class="element-invisible">facebook</span></i><span
class="ext"><span class="element-invisible"> (link
is external)</span></span></a></li>
<li class="field-item service-linkedin list-horiz"><a
href="https://www.linkedin.com/company/nist" target="_blank" rel="noopener noreferrer"
class="social-btn social-btn--large extlink ext"> <i
class="fa fa-linkedin fa-fw"><span class="element-invisible">linkedin</span></i><span
class="ext"><span class="element-invisible"> (link
is external)</span></span></a></li>
<li class="field-item service-youtube list-horiz"><a
href="https://www.youtube.com/user/USNISTGOV" target="_blank" rel="noopener noreferrer"
class="social-btn social-btn--large extlink ext"> <i
class="fa fa-youtube fa-fw"><span class="element-invisible">youtube</span></i><span
class="ext"><span class="element-invisible"> (link
is external)</span></span></a></li>
<li class="field-item service-rss list-horiz"><a
href="https://www.nist.gov/news-events/nist-rss-feeds"
target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink">
<i class="fa fa-rss fa-fw"><span class="element-invisible">rss</span></i>
</a></li>
<li class="field-item service-govdelivery list-horiz last"><a
href="https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3"
target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext">
<i class="fa fa-envelope fa-fw"><span
class="element-invisible">govdelivery</span></i><span class="ext"><span
class="element-invisible"> (link is external)</span></span>
</a></li>
</ul>
<span class="hidden-xs"> <a
title="National Institute of Standards and Technology" rel="home"
class="footer-nist-logo"> <img
src="/site-media/images/nist/nist-logo.png"
alt="National Institute of Standards and Technology logo" />
</a>
</span>
</div>
</div>
<div class="row hidden-sm hidden-md hidden-lg">
<div class="col-sm-12">
<a href="https://www.nist.gov"
title="National Institute of Standards and Technology" rel="home"
target="_blank" rel="noopener noreferrer" class="footer-nist-logo"> <img
src="/site-media/images/nist/nist-logo.png"
alt="National Institute of Standards and Technology logo" />
</a>
</div>
</div>
<div class="row footer-contact-container">
<div class="col-sm-6">
<strong>HEADQUARTERS</strong>
<br>
100 Bureau Drive
<br>
Gaithersburg, MD 20899
<br>
<a href="tel:301-975-2000">(301) 975-2000</a>
<br>
<br>
<a href="mailto:nvd@nist.gov">Webmaster</a> | <a
href="https://www.nist.gov/about-nist/contact-us">Contact Us</a>
| <a href="https://www.nist.gov/about-nist/visit"
style="display: inline-block;">Our Other Offices</a>
</div>
<div class="col-sm-6">
<div class="pull-right"
style="text-align:right">
<strong>Incident Response Assistance and Non-NVD Related<br>Technical Cyber Security Questions:</strong>
<br>
US-CERT Security Operations Center
<br> Email: <a href="mailto:soc@us-cert.gov">soc@us-cert.gov</a>
<br> Phone: 1-888-282-0870
</div>
</div>
</div>
<div class="row">
<nav title="Footer Navigation" role="navigation"
class="row footer-bottom-links-container">
<!-- https://github.com/usnistgov/nist-header-footer/blob/nist-pages/boilerplate-footer.html -->
<p>
<a href="https://www.nist.gov/oism/site-privacy">Site Privacy</a>
|
<a href="https://www.nist.gov/oism/accessibility">Accessibility</a>
|
<a href="https://www.nist.gov/privacy">Privacy Program</a>
|
<a href="https://www.nist.gov/oism/copyrights">Copyrights</a>
|
<a href="https://www.commerce.gov/vulnerability-disclosure-policy">Vulnerability Disclosure</a>
|
<a href="https://www.nist.gov/no-fear-act-policy">No Fear Act Policy</a>
|
<a href="https://www.nist.gov/foia">FOIA</a>
|
<a href="https://www.nist.gov/environmental-policy-statement">Environmental Policy</a>
|
<a href="https://www.nist.gov/summary-report-scientific-integrity">Scientific Integrity</a>
|
<a href="https://www.nist.gov/nist-information-quality-standards">Information Quality Standards</a>
|
<a href="https://www.commerce.gov/">Commerce.gov</a>
|
<a href="https://www.science.gov/">Science.gov</a>
|
<a href="https://www.usa.gov/">USA.gov</a>
</p>
</nav>
</div>
</div>
</footer>
</body>
</html>
Reference in a new issue View git blame Copy permalink