National Vulnerability Database

The National Vulnerability Database (NVD) is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics. NVD supports the Information Security Automation Program (ISAP). NVD is managed by the U.S. government agency the National Institute of Standards and Technology (NIST).

On Friday March 8, 2013, the database was taken offline after it was discovered that the system used to run multiple government sites had been compromised by a software vulnerability of Adobe ColdFusion.^[1]^[2]

The vulnerabilities in the NVD originate from the Common Vulnerabilities and Exposures (CVE) list, maintained by MITRE. New vulnerabilities are assigned by MITRE and CVE Numbering Authorities and subsequently added to the NVD.^[3]

^ at 17:55, Jack Clark in San Francisco 14 Mar 2013. "Downed US vuln catalog infected for at least TWO MONTHS". www.theregister.co.uk. Retrieved 2019-10-29.{{cite web}}: CS1 maint: numeric names: authors list (link)
^ "US national vulnerability database hacked."
^ NIST. "CVEs and the NVD Process". nvd.nist.gov.

[1] t 17:55, Jack Clark in San Francisco 14 Mar 2013. "Downed US vuln catalog infected for at least TWO MONTHS". www.theregister.co.uk. Retrieved 2019-10-29.{{cite web}}: CS1 maint: numeric names: authors list (link)

[2] "US national vulnerability database hacked."

[3] NIST. "CVEs and the NVD Process". nvd.nist.gov.

[1]

[2]

[3]