publicdata/nist-gov
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nist-gov/nvd.nist.gov/developers/products-1
Scott Williams 4063bef310 Initital commit.
2025-03-05 18:59:57 +00:00

1068 lines
No EOL
43 KiB
Text
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<title>Deprecated Products API</title>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<meta http-equiv="content-style-type" content="text/css" />
<meta http-equiv="content-script-type" content="text/javascript" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link href="/site-scripts/font-awesome/css/font-awesome.min.css"
type="text/css" rel="stylesheet" />
<link href="/site-media/bootstrap/css/bootstrap.min.css"
type="text/css" rel="stylesheet" />
<link href="/site-media/bootstrap/css/bootstrap-theme.min.css"
type="text/css" rel="stylesheet" />
<link
href="/site-scripts/eonasdan-bootstrap-datetimepicker/build/css/bootstrap-datetimepicker.min.css"
type="text/css" rel="stylesheet" />
<link href="/site-media/css/nist-fonts.css" type="text/css"
rel="stylesheet" />
<link href="/site-media/css/base-style.css" type="text/css"
rel="stylesheet" />
<link href="/site-media/css/media-resize.css" type="text/css"
rel="stylesheet" />
<meta name="theme-color" content="#000000">
<script src="/site-scripts/jquery/dist/jquery.min.js"
type="text/javascript"></script>
<script src="/site-scripts/jquery-visible/jquery.visible.min.js"
type="text/javascript"></script>
<script src="/site-scripts/underscore/underscore-min.js"
type="text/javascript"></script>
<script src="/site-media/bootstrap/js/bootstrap.js"
type="text/javascript"></script>
<script src="/site-scripts/moment/min/moment.min.js"
type="text/javascript"></script>
<script
src="/site-scripts/eonasdan-bootstrap-datetimepicker/build/js/bootstrap-datetimepicker.min.js"
type="text/javascript"></script>
<script src="/site-media/js/megamenu.js" type="text/javascript"></script>
<script src="/site-media/js/nist-exit-script.js"
type="text/javascript"></script>
<script src="/site-media/js/forms.js" type="text/javascript"></script>
<script
src="/site-media/js/federated-analytics.all.min.js?agency=NIST&amp;subagency=nvd&amp;pua=UA-37115410-41&amp;yt=true"
type="text/javascript" id="_fed_an_js_tag"></script>
<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-4KKFZP12LQ"></script>
<script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-4KKFZP12LQ'); </script>
<style id="antiClickjack">
body>* {
display: none !important;
}
#antiClickjack {
display: block !important;
}
</style>
<noscript>
<style id="antiClickjackNoScript">
body>* {
display: block !important;
}
#antiClickjack {
display: none !important;
}
</style>
</noscript>
<script type="text/javascript" id="antiClickjackScript">
if (self === top) {
// no clickjacking
var antiClickjack = document.getElementById("antiClickjack");
antiClickjack.parentNode.removeChild(antiClickjack);
} else {
setTimeout(tryForward(), 5000);
}
function tryForward() {
top.location = self.location;
}
</script>
<meta charset="UTF-8">
<link href="/site-media/css/nvd-style.css" type="text/css"
rel="stylesheet" />
<link href="/site-media/images/favicons/apple-touch-icon.png"
rel="apple-touch-icon" type="image/png" sizes="180x180" />
<link href="/site-media/images/favicons/favicon-32x32.png"
rel="icon" type="image/png" sizes="32x32" />
<link href="/site-media/images/favicons/favicon-16x16.png"
rel="icon" type="image/png" sizes="16x16" />
<link href="/site-media/images/favicons/manifest.json"
rel="manifest" />
<link href="/site-media/images/favicons/safari-pinned-tab.svg"
rel="mask-icon" color="#000000" />
<link href="/site-media/images/favicons/favicon.ico"
rel="shortcut icon" />
<meta name="msapplication-config" content="/site-media/images/favicons/browserconfig.xml" />
<link href="/site-media/images/favicons/favicon.ico"
rel="shortcut icon" type="image/x-icon" />
<link href="/site-media/images/favicons/favicon.ico" rel="icon"
type="image/x-icon" />
<meta charset="UTF-8">
<script>
function toggleMoreCode(elementId, iconId) {
var x = document.getElementById(elementId);
if (x.style.display === "none") {
x.style.display = "block";
} else {
x.style.display = "none";
}
if(typeof iconId !== 'undefined') {
var y = document.getElementById(iconId);
if (x.style.display === "block") {
y.classList.add("fa-minus");
y.classList.remove("fa-plus");
} else {
y.classList.add("fa-plus");
y.classList.remove("fa-minus");
}
}
}
</script>
<style>
.json-code {
width: 100%;
background-color: rgb(245, 245, 245);
margin-top: 10px;
font-family:'Lucida Console', monospace;
}
</style>
</head>
<body>
<header role="banner" title="Site Banner">
<div id="antiClickjack" style="display: none">
<h1>You are viewing this page in an unauthorized frame window.</h1>
<p>
This is a potential security issue, you are being redirected to
<a href="https://nvd.nist.gov">https://nvd.nist.gov</a>
</p>
</div>
<div>
<section class="usa-banner" aria-label="Official government website">
<div class="usa-accordion container">
<header class="usa-banner__header">
<noscript>
<p style="font-size: 0.85rem; font-weight: bold;">You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.</p>
</noscript>
<img class="usa-banner__header-flag"
src="/site-media/images/usbanner/us_flag_small.png" alt="U.S. flag">
&nbsp;
<span class="usa-banner__header-text">An official website of the United States government</span>
<button id="gov-banner-button" class="usa-accordion__button usa-banner__button" data-toggle="collapse" data-target="#gov-banner" aria-expanded="false" aria-controls="gov-banner">
<span class="usa-banner__button-text">Here's how you know</span>
</button>
</header>
<div class="usa-banner__content usa-accordion__content collapse" role="tabpanel" id="gov-banner" aria-expanded="true">
<div class="row">
<div class="col-md-5 col-sm-12">
<div class="row">
<div class="col-sm-2 col-xs-3">
<img class="usa-banner__icon usa-media-block__img"
src="/site-media/images/usbanner/icon-dot-gov.svg" alt="Dot gov">
</div>
<div class="col-sm-10 col-xs-9">
<p>
<strong>Official websites use .gov</strong>
<br>
A <strong>.gov</strong> website belongs to an official government organization in the United States.
</p>
</div>
</div>
</div>
<div class="col-md-5 col-sm-12">
<div class="row">
<div class="col-sm-2 col-xs-3">
<img class="usa-banner__icon usa-media-block__img"
src="/site-media/images/usbanner/icon-https.svg" alt="Https">
</div>
<div class="col-sm-10 col-xs-9">
<p>
<strong>Secure .gov websites use HTTPS</strong>
<br>
A <strong>lock</strong> (<img class="usa-banner__lock"
src="/site-media/images/usbanner/lock.svg" alt="Dot gov">) or <strong>https://</strong> means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
</p>
</div>
</div>
</div>
</div>
</div>
</div>
</section>
</div>
<div>
<div>
<nav id="navbar" class="navbar">
<div id="nist-menu-container" class="container">
<div class="row">
<!-- Brand -->
<div class="col-xs-6 col-md-4 navbar-header"
style="height:104px">
<a class="navbar-brand"
href="https://www.nist.gov"
target="_blank" rel="noopener noreferrer"
id="navbar-brand-image"
style="padding-top: 36px">
<img alt="National Institute of Standards and Technology"
src="/site-media/images/nist/nist-logo.svg"
width="110" height="30">
</a>
</div>
<div class="col-xs-6 col-md-8 navbar-nist-logo">
<span id="nvd-menu-button" class="pull-right" style="margin-top: 26px"> <a href="#">
<span class="fa fa-bars"></span> <span id="nvd-menu-full-text"><span
class="hidden-xxs">NVD </span>MENU</span>
</a>
</span>
</div>
</div>
</div>
<div class="main-menu-row container">
<!-- Collect the nav links, forms, and other content for toggling -->
<div id="main-menu-drop" class="col-lg-12" style="display: none;">
<ul>
<li><a href="/general"> General <span
class="expander fa fa-plus" id="nvd-header-menu-general"
data-expander-name="general" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="general">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/general/nvd-dashboard">NVD Dashboard</a>
</p>
<p>
<a href="https://www.nist.gov/itl/nvd">News and Status Updates</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/general/faq">FAQ</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/general/visualizations">Visualizations</a>
</p>
<p>
<a href="/general/legal-disclaimer">Legal Disclaimer</a>
</p>
</div>
</div>
</div></li>
<li><a href="/vuln"> Vulnerabilities <span
class="expander fa fa-plus"
id="nvd-header-menu-vulnerabilities"
data-expander-name="vulnerabilities" data-expanded="false">
<span class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="vulnerabilities">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/vuln/search">Search &amp; Statistics</a>
</p>
<p>
<a href="/vuln/categories">Weakness Types</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/vuln/data-feeds">Legacy Data Feeds</a>
</p>
<p>
<a href="/vuln/vendor-comments">Vendor Comments</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/vuln/cvmap">CVMAP</a>
</p>
</div>
</div>
</div></li>
<li><a href="/vuln-metrics/cvss#"> Vulnerability Metrics <span
class="expander fa fa-plus" id="nvd-header-menu-metrics"
data-expander-name="metrics" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="metrics">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/vuln-metrics/cvss/v4-calculator">CVSS v4.0
Calculators</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/vuln-metrics/cvss/v3-calculator">CVSS v3.x
Calculators</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/vuln-metrics/cvss/v2-calculator">CVSS v2.0
Calculator</a>
</p>
</div>
</div>
</div></li>
<li><a href="/products"> Products <span
class="expander fa fa-plus" id="nvd-header-menu-products"
data-expander-name="products" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="products">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/products/cpe">CPE Dictionary</a>
</p>
<p>
<a href="/products/cpe/search">CPE Search</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/products/cpe/statistics">CPE Statistics</a>
</p>
<p>
<a href="/products/swid">SWID</a>
</p>
</div>
<div class="col-lg-4"></div>
</div>
</div></li>
<li>
<a href="/developers">Developers<span
class="expander fa fa-plus" id="nvd-header-menu-developers"
data-expander-name="developers" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="developers">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/developers/start-here">Start Here</a>
</p>
<p>
<a href="/developers/request-an-api-key">Request an API Key</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/developers/vulnerabilities">Vulnerabilities</a>
</p>
<p>
<a href="/developers/products">Products</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/developers/data-sources">Data Sources</a>
</p>
<p>
<a href="/developers/terms-of-use">Terms of Use</a>
</p>
</div>
</div>
</div>
</li>
<li><a href="/contact"> Contact NVD </a></li>
<li><a href="/other"> Other Sites <span
class="expander fa fa-plus" id="nvd-header-menu-othersites"
data-expander-name="otherSites" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="otherSites">
<div class="row">
<div class="col-lg-4">
<p>
<a href="https://ncp.nist.gov">Checklist (NCP) Repository</a>
</p>
<p>
<a href="https://ncp.nist.gov/cce">Configurations (CCE)</a>
</p>
<p>
<a href="https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search">800-53 Controls</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a
href="https://csrc.nist.gov/projects/scap-validation-program">SCAP
Validated Tools</a>
</p>
<p>
<a
href="https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a
href="https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB</a>
</p>
</div>
</div>
</div></li>
<li><a href="/search"> Search <span
class="expander fa fa-plus" id="nvd-header-menu-search"
data-expander-name="search" data-expanded="false"> <span
class="element-invisible">Expand or Collapse</span>
</span>
</a>
<div style="display: none;" class="sub-menu"
data-expander-trigger="search">
<div class="row">
<div class="col-lg-4">
<p>
<a href="/vuln/search">Vulnerability Search</a>
</p>
</div>
<div class="col-lg-4">
<p>
<a href="/products/cpe/search">CPE Search</a>
</p>
</div>
</div>
</div></li>
</ul>
</div>
<!-- /#mobile-nav-container -->
</div>
</nav>
<section id="itl-header" class="has-menu">
<div class="container">
<div class="row">
<div class="col-sm-12 col-md-8">
<h2 class="hidden-xs hidden-sm">
<a href="https://www.nist.gov/itl" target="_blank" rel="noopener noreferrer">Information Technology Laboratory</a>
</h2>
<h1 class="hidden-xs hidden-sm">
<a id="nvd-header-link"
href="/">National Vulnerability Database</a>
</h1>
<h1 class="hidden-xs text-center hidden-md hidden-lg"
>National Vulnerability Database</h1>
<h1 class="hidden-sm hidden-md hidden-lg text-center"
>NVD</h1>
</div>
<div class="col-sm-12 col-md-4">
<a style="width: 100%; text-align: center; display: block;padding-top: 14px">
<img id="img-logo-nvd-lg"
alt="National Vulnerability Database"
src="/site-media/images/F_NIST-Logo-NVD-white.svg"
width="500" height="100">
</a>
</div>
</div>
</div>
</section>
</div>
</div>
</header>
<main>
<div>
<div id="body-section" class="container">
<div class="row">
<ol class="breadcrumb">
<li><a href="/developers" class="CMSBreadCrumbsLink">Developers</a></li>
</ol>
</div>
<div>
<div id="divRetirementBanner" class="bs-callout bs-callout-warning">
<p>
<strong>The 1.0 APIs have been retired and are no longer accessible.
<a href="/General/News/change-timeline">Click here</a> for more information on
the retirement timeline.</strong>
</p>
</div>
<div id="divProducts" class="row">
<h2>Products</h2>
<p>
The <a href="/products/cpe">Official CPE Dictionary</a>, is a searchable repository of hardware and software products
maintained by the National Vulnerability Database (NVD). The CPE API allows computer applications to access the Official CPE Dictionary and associated
vulnerabilities. The purpose of this document is to describe how applications can interact with the CPE web service, version 1.0.
</p>
<p>
This quickstart assumes that you already understand at least one common programming language and are generally familiar with RESTful JSON services.
REST refers to a style of services that allow computers to communicate via HTTP over the Internet. JSON specifies the format of the data returned
by the REST service.
</p>
<p>
The terms product and CPE are used interchangeably throughout this page. CPE means Common Platform Enumeration, version 2.3, a standard for
identifying and searching products. For more information, see the naming specification provided by the
<a href="https://csrc.nist.gov/publications/detail/nistir/7695/final">Computer Security Resource Center</a>.
The <a href="https://csrc.nist.gov/publications/detail/nistir/7696/final">CPE Name Matching specification</a> provides a method for conducting a
one-to-one comparison of a source CPE name to a target CPE name.
</p>
</div>
<div id="divRequests" class="row">
<h3>Requests</h3>
<p>
All requests to the API use the HTTP GET method. REST parameters allow you to control and customize which products are returned. The parameters
are akin to those found on the <a href="/products/cpe/search">NVD product search page</a>.
</p>
</div>
<div id="divGetCPE" class="row">
<h3>Retrieve CPE information</h3>
<p>
The URL stem for retrieving CPE information is shown below.
</p>
<p class="urlSnippet">
https://services.nvd.nist.gov/rest/json/cpes/1.0/
</p>
</div>
<h4 title="Click to expand or collapse">
<a id="toggleGetCPEParameters"
onclick="toggleMoreCode('divGetCPEParameters', 'iconCpeParams')">
<span class="fa fa-plus" id="iconCpeParams"></span>
Parameters
</a>
</h4>
<div id="divGetCPEParameters"
class="row"
style="display: none">
<table class="table">
<tr>
<td>
<a id="cpes-addOns"><p class="paramName">
addOns <span class="paramOptional"> optional </span>
</p></a>
<p>
This parameter is part of the URL query.
</p>
<p>
<code>
cves
</code>
By default, the response returns all CPE that meet the search criteria. Including <code>addOns=cves</code> adds the vulnerabilities
associated with the CPE.
</p>
</td>
</tr>
<tr>
<td>
<a id="cpes-apiKey"><p class="paramName">
apiKey <span class="paramOptional"> optional </span>
</p></a>
<p>
The API Key provided to the user. Including <code>apiKey={key value}</code>, (without brackets or spaces) allows users to make a greater number of requests in a given time than they could otherwise.
</p>
<p>
Beginning in September 2022, API keys may also be passed to the 1.0 APIs
in the request header. This approach is required with the 2.0 APIs.
The exact method of passing header information with a GET request varies
based on the user agent.
</p>
</td>
</tr>
<tr>
<td>
<a id="cpes-cpeMatchString"><p class="paramName">
cpeMatchString <span class="paramOptional"> optional </span>
</p></a>
<p>
This parameter is used to filter products based on the CPE match criteria. The value of <code>cpeMatchString</code> is compared
it against the CPE Match Criteria present on all CVE applicability statements. For more information on Common Platform Enumeration
(CPE) please visit NIST's <a href="https://csrc.nist.gov/projects/security-content-automation-protocol/specifications/cpe">Computer
Security Resource Center</a>. Examples of CPE match strings are provided below for illustration.
</p>
<p>
To find CPE names for Microsoft Windows 10, use:
</p>
<p class="urlSnippet">
cpes/1.0?cpeMatchString=cpe:2.3:o:microsoft:windows_10
</p>
<p>
To find CPE names for Microsoft Windows 10, version 1511 use:
</p>
<p class="urlSnippet">
cpes/1.0?cpeMatchString=cpe:2.3:o:microsoft:windows_10:1511
</p>
<p>
To find all CPE names for Microsoft, use:
</p>
<p class="urlSnippet">
cpes/1.0?cpeMatchString=cpe:2.3:*:microsoft
</p>
</td>
</tr>
<tr>
<td>
<a id="cpes-includeDeprecated"><p class="paramName">
includeDeprecated <span class="paramOptional"> optional </span>
</p></a>
<p>
<code>
true
</code>
A deprecated CPE is one that previously appeared in the Official CPE Dictionary but has since been replaced by one or more other CPE.
CPE are deprecated for various reasons, such as when the original CPE name is discovered to be incorrect, when a more specific CPE
name is added, and when a vendor name or product name evolves. By default, deprecated CPE names are not returned by the web service.
<code>includeDeprecated=true</code> adds deprecated CPE to the request.
</p>
</td>
</tr>
<tr>
<td>
<a id="cpes-keyword"><p class="paramName">
keyword <span class="paramOptional"> optional </span>
</p></a>
<p>
This parameter is used to retrieve records where a word or phrase is found in the CPE title or reference links.
</p>
</td>
</tr>
<tr>
<td>
<a id="cpes-modStartDate"><p class="paramName">
modStartDate <span class="paramOptional"> optional </span>
</p></a>
<a id="cpes-modEndDate"><p class="paramName">
modEndDate <span class="paramOptional"> optional </span>
</p></a>
<p>
These parameters specify a collection of CPE that were last modified during the period. If a CPE has been modified more recently
than the specified period it will not be included in the response. If filtering by the modification date, both
<code>modStartDate</code> and <code>modEndDate</code> are <span style="font-family:'Lucida Console', monospace; color:orangered">REQUIRED</span>.
Filtering with only one parameter will return a successful response without data. The maximum allowable range when using
the date range parameters is 120 consecutive days. Date range parameters are in the form:
</p>
<p class="urlSnippet">
yyyy-MM-ddTHH:mm:ss:SSS Z
</p>
<p>
The T is a literal to separate the date from the time. The Z indicates an offset-from-UTC. If a positive Z value is used
(such as +01:00 for Central European Time) then the "+" should be encoded in the request as "%2B". This may be handled
automatically by the user agent. An example is provided below showing a +01:00 offset-from-UTC.
</p>
<p style="font-family:'Lucida Console', monospace; font-size: smaller; margin-left: 40px">
https://services.nvd.nist.gov/rest/json/cpes/1.0/?modStartDate=2021-08-04T13:00:00:000 UTC%2B01:00&modEndDate=2021-10-22T13:36:00:000 UTC%2B01:00
</p>
</td>
</tr>
<tr>
<td>
<a id="cpes-resultsPerPage"><p class="paramName">
resultsPerPage <span class="paramOptional"> optional </span>
</p></a>
<p>
This parameter specifies the maximum number of results that are returned based on the request parameters. The default value is 20.
For network considerations, maximum allowable limit is 2,000.
</p>
<p>
The response content <code>totalResults</code> indicates the number of CPE results that match request parameters. If the value of
<code>totalResults</code> is greater than the value of <code>resultsPerPage</code>, the parameter <code>startIndex</code>
may be used in subsequent requests to identify the starting point for the request.
</p>
</td>
</tr>
<tr>
<td>
<a id="cpes-startIndex"><p class="paramName">
startIndex <span class="paramOptional"> optional </span>
</p></a>
<p>
This parameter determines the first CPE in the collection returned by the response. The index is zero-based, meaning the first CPE is
at index zero. The response element <code>totalResults</code> indicates the number of CPE results that match request parameters. If
the value of <code>totalResults</code> is greater than the value of <code>resultsPerPage</code>, the parameter <code>startIndex</code>
may be used in subsequent requests to identify the first CPE for the request.
</p>
<p>
The best, most efficient, practice for keeping up to date with the NVD is to use the date range parameters in order to request only
those CPE that have been published or modified since the last request.
</p>
<p>
Presently NVD contains more than 325,000 products relating to thousands of vendors and vulnerabilities. Multiple consecutive requests
are required to return all available records. Requesting an API key significantly raises the number of requests that can be made in a
given time frame. However, NIST firewall rules put in place to prevent denial of service attacks on NVD can thwart your application. To
avoid this, it is recommended that your application sleeps for several seconds between requests so that legitimate requests are not denied.
</p>
</td>
</tr>
</table>
</div>
<div id="divResponse" class="row">
<h3>Response</h3>
<p>
This section describes the response returned by the product API.
</p>
</div>
<h4 title="Click to expand or collapse">
<a id="toggleResponseBody"
onclick="toggleMoreCode('divResponseBody', 'iconCpeResponseBody')">
<span class="fa fa-plus" id="iconCpeResponseBody"></span>
Response Body
</a>
</h4>
<div id="divResponseBody"
class="row"
style="display: none">
<p>
The products API returns four primary elements in the body of the response: <code>resultsPerPage</code>, <code>startIndex</code>,
<code>totalResults</code>, and <code>result</code>.
<p>
<p>
The first three elements identify how many CPE meet the search criteria and how many CPE have been returned in this response. The element
<code>totalResults</code> indicates the number of CPE results that match search criteria. If the value of <code>totalResults</code> is greater
than the value of <code>resultsPerPage</code>, then additional requests are necessary to return the remaining CPE. The parameter <code>startIndex</code>
may be used in subsequent requests to identify the starting point for the request next. More information and the best practices for using <code>resultsPerPage</code>
and <code>startIndex</code> are described above.
</p>
<p>
The <code>result</code> element contains an array of five additional elements. <code>dataType</code>, <code>feedVersion</code>, <code>cpeCount</code>,
and <code>feedTimestamp</code> describe the request while the fifth element <code>cpes</code> contains the CPE.
</p>
<button onclick="toggleMoreCode('jsonWindowCpes')">Toggle JSON</button>
<div id="jsonWindowCpes"
style="display: none;">
<p class="commentInJson">
The following example shows the JSON response to the request:
</p>
<p>
https://services.nvd.nist.gov/rest/json/cpes/1.0/?cpeMatchString=cpe:2.3:*:microsoft&amp;resultsPerPage=1
</p>
<pre class="json-code">
{
"resultsPerPage": 1,
"startIndex": 0,
"totalResults": 5278,
"result": {
"dataType": "CPE",
"feedVersion": "1.0",
"cpeCount": 5278,
"feedTimestamp": "2021-08-05T12:34Z",
"cpes": [
{
"deprecated": false,
"cpe23Uri": "cpe:2.3:a:microsoft:antispyware:-:*:*:*:*:*:*:*",
"lastModifiedDate": "2007-09-14T17:36Z",
"titles": [
{
"title": "Microsoft antispyware",
"lang": "en_US"
}
],
"refs": [],
"deprecatedBy": [],
"vulnerabilities": []
}
]
}
}
</pre>
</div>
<h5 style="font-family:'Lucida Console', monospace">cpes</h5>
<p>
At the high-level, each vulnerability in the <code>cpes</code> array can have the following elements:
</p>
<table class="table">
<tr>
<td>
<a id="response-cpe23Uri"><p class="paramName">
cpe23Uri <span class="paramRequired">required</span>
</p></a>
<p>
This element identifies a CPE by the <a href="https://csrc.nist.gov/publications/detail/nistir/7695/final">CPE 2.3 Naming specification</a>.
The CPE 2.3 Naming specification requires that special charters are preceded by a backslash. When backlashes appear in the JSON syntax
of the response they are represented as <code>\\</code>. While the schema requires only the cpe23Uri element to be present, in practice
each CPE always contains a <code>lastModifiedDate</code>.
</p>
</td>
</tr>
<tr>
<td>
<a id="response-lastModifiedDate"><p class="paramName">
lastModifiedDate <span class="paramRequired">required</span>
</p></a>
<p>
This element specifies when the CPE was last modified.
</p>
</td>
</tr>
<tr>
<td>
<a id="response-deprecated"><p class="paramName">
deprecated <span class="paramOptional">not required</span>
</p></a>
<a id="response-deprecatedBy"><p class="paramName">
deprecatedBy <span class="paramOptional">not required</span>
</p></a>
<p>
This element identifies whether the CPE is deprecated. By default, deprecated CPE are not included in the response. The
value of this element is either <code>true</code> or <code>false</code>. When <code>deprecated=true</code>, the <code>deprecatedBy</code>
element shows one or more other CPE that replace this CPE.
</p>
</td>
</tr>
<tr>
<td>
<a id="response-titles"><p class="paramName">
titles <span class="paramOptional">not required</span>
</p></a>
<p>
This element contains the human-readable, English title for the CPE.
</p>
</td>
</tr>
<tr>
<td>
<a id="response-refs"><p class="paramName">
refs <span class="paramOptional">not required</span>
</p></a>
<p>
This element contains one or more Internet links associated with the CPE. NIST categorizes links using the type elements, e.g.,
Advisory.
</p>
</td>
</tr>
<tr>
<td>
<a id="response-vulnerabilities"><p class="paramName">
vulnerabilities <span class="paramOptional">not required</span>
</p></a>
<p>
This element identifies the vulnerabilities associated with the CPE. By default, <code>vulnerabilities</code> are not included in the
response. Including the optional query parameter <code>addOns=cves</code> adds the vulnerabilities associated with the CPE.
</p>
</td>
</tr>
</table>
</div>
<div id="divContact" class="row">
<br>
<p>
Questions, comments, or concerns may be shared with the NVD by emailing <a href="mailto:nvd@nist.gov">nvd@nist.gov</a>
</p>
</div>
<div class="col-md-12 historical-data-area" id="historical-data-area">
<span>
Created
<span id="page-created-date">
<span>September 20, 2022</span>
</span>,
</span>
Updated
<span id="page-updated-date">
<span>August 27, 2024</span>
</span>
</div>
</div>
</div>
</div>
</main>
<footer id="footer" role="contentinfo">
<div class="container">
<div class="row">
<div class="col-sm-12">
<ul class="social-list pull-right">
<li class="field-item service-twitter list-horiz"><a
href="https://twitter.com/NISTCyber" target="_blank" rel="noopener noreferrer"
class="social-btn social-btn--large extlink ext"> <i
class="fa fa-twitter fa-fw"><span class="element-invisible">twitter</span></i><span
class="ext"><span class="element-invisible"> (link
is external)</span></span>
</a></li>
<li class="field-item service-facebook list-horiz"><a
href="https://www.facebook.com/NIST" target="_blank" rel="noopener noreferrer"
class="social-btn social-btn--large extlink ext"> <i
class="fa fa-facebook fa-fw"><span class="element-invisible">facebook</span></i><span
class="ext"><span class="element-invisible"> (link
is external)</span></span></a></li>
<li class="field-item service-linkedin list-horiz"><a
href="https://www.linkedin.com/company/nist" target="_blank" rel="noopener noreferrer"
class="social-btn social-btn--large extlink ext"> <i
class="fa fa-linkedin fa-fw"><span class="element-invisible">linkedin</span></i><span
class="ext"><span class="element-invisible"> (link
is external)</span></span></a></li>
<li class="field-item service-youtube list-horiz"><a
href="https://www.youtube.com/user/USNISTGOV" target="_blank" rel="noopener noreferrer"
class="social-btn social-btn--large extlink ext"> <i
class="fa fa-youtube fa-fw"><span class="element-invisible">youtube</span></i><span
class="ext"><span class="element-invisible"> (link
is external)</span></span></a></li>
<li class="field-item service-rss list-horiz"><a
href="https://www.nist.gov/news-events/nist-rss-feeds"
target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink">
<i class="fa fa-rss fa-fw"><span class="element-invisible">rss</span></i>
</a></li>
<li class="field-item service-govdelivery list-horiz last"><a
href="https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3"
target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext">
<i class="fa fa-envelope fa-fw"><span
class="element-invisible">govdelivery</span></i><span class="ext"><span
class="element-invisible"> (link is external)</span></span>
</a></li>
</ul>
<span class="hidden-xs"> <a
title="National Institute of Standards and Technology" rel="home"
class="footer-nist-logo"> <img
src="/site-media/images/nist/nist-logo.png"
alt="National Institute of Standards and Technology logo" />
</a>
</span>
</div>
</div>
<div class="row hidden-sm hidden-md hidden-lg">
<div class="col-sm-12">
<a href="https://www.nist.gov"
title="National Institute of Standards and Technology" rel="home"
target="_blank" rel="noopener noreferrer" class="footer-nist-logo"> <img
src="/site-media/images/nist/nist-logo.png"
alt="National Institute of Standards and Technology logo" />
</a>
</div>
</div>
<div class="row footer-contact-container">
<div class="col-sm-6">
<strong>HEADQUARTERS</strong>
<br>
100 Bureau Drive
<br>
Gaithersburg, MD 20899
<br>
<a href="tel:301-975-2000">(301) 975-2000</a>
<br>
<br>
<a href="mailto:nvd@nist.gov">Webmaster</a> | <a
href="https://www.nist.gov/about-nist/contact-us">Contact Us</a>
| <a href="https://www.nist.gov/about-nist/visit"
style="display: inline-block;">Our Other Offices</a>
</div>
<div class="col-sm-6">
<div class="pull-right"
style="text-align:right">
<strong>Incident Response Assistance and Non-NVD Related<br>Technical Cyber Security Questions:</strong>
<br>
US-CERT Security Operations Center
<br> Email: <a href="mailto:soc@us-cert.gov">soc@us-cert.gov</a>
<br> Phone: 1-888-282-0870
</div>
</div>
</div>
<div class="row">
<nav title="Footer Navigation" role="navigation"
class="row footer-bottom-links-container">
<!-- https://github.com/usnistgov/nist-header-footer/blob/nist-pages/boilerplate-footer.html -->
<p>
<a href="https://www.nist.gov/oism/site-privacy">Site Privacy</a>
|
<a href="https://www.nist.gov/oism/accessibility">Accessibility</a>
|
<a href="https://www.nist.gov/privacy">Privacy Program</a>
|
<a href="https://www.nist.gov/oism/copyrights">Copyrights</a>
|
<a href="https://www.commerce.gov/vulnerability-disclosure-policy">Vulnerability Disclosure</a>
|
<a href="https://www.nist.gov/no-fear-act-policy">No Fear Act Policy</a>
|
<a href="https://www.nist.gov/foia">FOIA</a>
|
<a href="https://www.nist.gov/environmental-policy-statement">Environmental Policy</a>
|
<a href="https://www.nist.gov/summary-report-scientific-integrity">Scientific Integrity</a>
|
<a href="https://www.nist.gov/nist-information-quality-standards">Information Quality Standards</a>
|
<a href="https://www.commerce.gov/">Commerce.gov</a>
|
<a href="https://www.science.gov/">Science.gov</a>
|
<a href="https://www.usa.gov/">USA.gov</a>
</p>
</nav>
</div>
</div>
</footer>
</body>
</html>
Reference in a new issue View git blame Copy permalink