CVE Vulnerability Monitor (NVD)
Pricing
$1.00 / 1,000 cve returneds
CVE Vulnerability Monitor (NVD)
Search and monitor CVE vulnerabilities from the NVD by keyword, product, severity, or date, with CVSS scores and references.
Pricing
$1.00 / 1,000 cve returneds
Rating
0.0
(0)
Developer
Ken Agland
Maintained by CommunityActor stats
0
Bookmarked
2
Total users
1
Monthly active users
12 hours ago
Last modified
Categories
Share
Search and monitor CVE vulnerabilities from the NVD by keyword, product, severity, or date, with CVSS scores and references.
This Actor queries the National Vulnerability Database (NVD) CVE API and returns normalized vulnerabilities: CVSS score and severity, CWE weakness type, description, and reference links. Use it to track new CVEs for a product, watch for critical severity issues, or build a feed of vulnerabilities matching a keyword.
Features
- Keyword search across CVE descriptions (product, vendor, or software name).
- Filter by CVSS v3 severity: low, medium, high, or critical.
- Filter to CVEs published in the last N days (up to 120).
- CVSS score, severity, and vector string from the best available metric (v3.1, then v3.0, then v2).
- Primary CWE weakness type and all reference URLs for each CVE.
- Aggregate summary (total matched, returned, severity breakdown) in the run's OUTPUT.
Example input
New critical CVEs for a product in the last 30 days:
{ "keyword": "openssl", "severity": "CRITICAL", "sinceDays": 30, "maxItems": 50 }
All recent log4j CVEs, any severity:
{ "keyword": "log4j", "maxItems": 20 }
Input
| Field | Type | Description |
|---|---|---|
keyword | string | Search term matched against CVE descriptions (product, vendor, or software name). Required. |
severity | string | any, LOW, MEDIUM, HIGH, or CRITICAL. Filters on CVSS v3 severity. |
sinceDays | integer | Only return CVEs published in the last N days. 0 disables the date filter. Maximum 120. |
maxItems | integer | How many CVEs to return (auto-paginated). Default 40. |
Output
Each dataset item is one CVE:
{"id": "CVE-2021-44228","published": "2021-12-10T10:15:09.143","lastModified": "2026-05-20T14:03:11.000","description": "Apache Log4j2 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints...","cvssScore": 10.0,"cvssSeverity": "CRITICAL","cvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","cwe": "CWE-502","references": ["https://logging.apache.org/log4j/2.x/security.html","https://www.cve.org/CVERecord?id=CVE-2021-44228"],"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"}
Run summary (OUTPUT)
The run's default key-value store record OUTPUT holds an aggregate for the whole result set:
{"query": { "keyword": "log4j", "severity": "any", "sinceDays": 0, "pubStartDate": null, "pubEndDate": null },"totalMatched": 31,"returned": 15,"requestedMaxItems": 15,"severityBreakdown": { "CRITICAL": 3, "HIGH": 5, "MEDIUM": 4, "LOW": 3, "UNKNOWN": 0 },"generatedFrom": "https://services.nvd.nist.gov/rest/json/cves/2.0"}
How it works
The Actor calls the public NVD CVE API with your keyword and filters, paginating through results until it reaches the requested count or runs out of matches. Without an API key, NVD allows only about 5 requests per 30 seconds, so the Actor sleeps between page requests to stay within that limit. Each CVE is normalized to its best available CVSS metric (v3.1, falling back to v3.0, then v2), its primary CWE weakness, and its reference URLs.
Use cases
- Track new vulnerabilities for a product or library you depend on.
- Build a feed of critical or high severity CVEs published this week.
- Feed CVE data into a vulnerability management or alerting pipeline.
- Research the history and CVSS scoring of a known CVE family.
MIT licensed.