CVE Vulnerability Monitor (NVD) avatar

CVE Vulnerability Monitor (NVD)

Pricing

$1.00 / 1,000 cve returneds

Go to Apify Store
CVE Vulnerability Monitor (NVD)

CVE Vulnerability Monitor (NVD)

Search and monitor CVE vulnerabilities from the NVD by keyword, product, severity, or date, with CVSS scores and references.

Pricing

$1.00 / 1,000 cve returneds

Rating

0.0

(0)

Developer

Ken Agland

Ken Agland

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

12 hours ago

Last modified

Share

Search and monitor CVE vulnerabilities from the NVD by keyword, product, severity, or date, with CVSS scores and references.

This Actor queries the National Vulnerability Database (NVD) CVE API and returns normalized vulnerabilities: CVSS score and severity, CWE weakness type, description, and reference links. Use it to track new CVEs for a product, watch for critical severity issues, or build a feed of vulnerabilities matching a keyword.

Features

  • Keyword search across CVE descriptions (product, vendor, or software name).
  • Filter by CVSS v3 severity: low, medium, high, or critical.
  • Filter to CVEs published in the last N days (up to 120).
  • CVSS score, severity, and vector string from the best available metric (v3.1, then v3.0, then v2).
  • Primary CWE weakness type and all reference URLs for each CVE.
  • Aggregate summary (total matched, returned, severity breakdown) in the run's OUTPUT.

Example input

New critical CVEs for a product in the last 30 days:

{ "keyword": "openssl", "severity": "CRITICAL", "sinceDays": 30, "maxItems": 50 }

All recent log4j CVEs, any severity:

{ "keyword": "log4j", "maxItems": 20 }

Input

FieldTypeDescription
keywordstringSearch term matched against CVE descriptions (product, vendor, or software name). Required.
severitystringany, LOW, MEDIUM, HIGH, or CRITICAL. Filters on CVSS v3 severity.
sinceDaysintegerOnly return CVEs published in the last N days. 0 disables the date filter. Maximum 120.
maxItemsintegerHow many CVEs to return (auto-paginated). Default 40.

Output

Each dataset item is one CVE:

{
"id": "CVE-2021-44228",
"published": "2021-12-10T10:15:09.143",
"lastModified": "2026-05-20T14:03:11.000",
"description": "Apache Log4j2 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints...",
"cvssScore": 10.0,
"cvssSeverity": "CRITICAL",
"cvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"cwe": "CWE-502",
"references": [
"https://logging.apache.org/log4j/2.x/security.html",
"https://www.cve.org/CVERecord?id=CVE-2021-44228"
],
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
}

Run summary (OUTPUT)

The run's default key-value store record OUTPUT holds an aggregate for the whole result set:

{
"query": { "keyword": "log4j", "severity": "any", "sinceDays": 0, "pubStartDate": null, "pubEndDate": null },
"totalMatched": 31,
"returned": 15,
"requestedMaxItems": 15,
"severityBreakdown": { "CRITICAL": 3, "HIGH": 5, "MEDIUM": 4, "LOW": 3, "UNKNOWN": 0 },
"generatedFrom": "https://services.nvd.nist.gov/rest/json/cves/2.0"
}

How it works

The Actor calls the public NVD CVE API with your keyword and filters, paginating through results until it reaches the requested count or runs out of matches. Without an API key, NVD allows only about 5 requests per 30 seconds, so the Actor sleeps between page requests to stay within that limit. Each CVE is normalized to its best available CVSS metric (v3.1, falling back to v3.0, then v2), its primary CWE weakness, and its reference URLs.

Use cases

  • Track new vulnerabilities for a product or library you depend on.
  • Build a feed of critical or high severity CVEs published this week.
  • Feed CVE data into a vulnerability management or alerting pipeline.
  • Research the history and CVSS scoring of a known CVE family.

MIT licensed.