# NVD Vulnerability Scraper (`crawlerbros/nvd-vulnerability-scraper`) Actor Scrape the NIST National Vulnerability Database (NVD) - the U.S. government repository of CVE records, CVSS scores, CWE classifications, and Known Exploited Vulnerabilities (KEV). Search by keyword, lookup by CVE ID, filter by severity, date range, or CWE weakness. - **URL**: https://apify.com/crawlerbros/nvd-vulnerability-scraper.md - **Developed by:** [Crawler Bros](https://apify.com/crawlerbros) (community) - **Categories:** Automation, Developer tools, Integrations - **Stats:** 2 total users, 1 monthly users, 100.0% runs succeeded, NaN bookmarks - **User rating**: No ratings yet ## Pricing from $3.00 / 1,000 results This Actor is paid per event and usage. You are charged both the fixed price for specific events and for Apify platform usage. Since this Actor supports Apify Store discounts, the price gets lower the higher subscription plan you have. Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-event ## What's an Apify Actor? Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases. In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours, and optionally produces a well-defined JSON output, datasets with results, or files in key-value store. In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server. Actors are written with capital "A". ## How to integrate an Actor? If asked about integration, you help developers integrate Actors into their projects. You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready. The best way to integrate Actors is as follows. In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md): ```bash npm install apify-client ``` In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md): ```bash pip install apify-client ``` In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md): ````bash # MacOS / Linux curl -fsSL https://apify.com/install-cli.sh | bash # Windows irm https://apify.com/install-cli.ps1 | iex ```bash In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md). If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md). For usage examples, see the [API](#api) section below. For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt). # README ## NVD Vulnerability Scraper Extract CVE (Common Vulnerabilities and Exposures) records from the **NIST National Vulnerability Database (NVD)** — the U.S. government's authoritative repository of vulnerability management data, used by security teams, DevSecOps engineers, and threat intelligence analysts worldwide. No API key required. All data is freely available from NIST. ### What is the NVD? The [National Vulnerability Database](https://nvd.nist.gov/) is maintained by NIST (National Institute of Standards and Technology) and provides: - **CVE records** for 250,000+ known vulnerabilities - **CVSS scores** (v2, v3.x) measuring vulnerability severity - **CWE classifications** for weakness types (SQL injection, XSS, buffer overflow, etc.) - **CPE data** listing affected products and versions - **CISA KEV catalog** — Known Exploited Vulnerabilities being actively targeted ### Use Cases - **Security operations** — Monitor for new critical CVEs affecting your stack - **Vulnerability management** — Prioritize patching by CVSS score and KEV status - **Threat intelligence** — Research CVEs affecting specific vendors or products - **Compliance reporting** — Generate CVE reports for audits and regulatory requirements - **DevSecOps** — Integrate vulnerability feeds into CI/CD pipelines - **Research** — Analyze vulnerability trends, CWE distributions, and exploit patterns ### Input | Field | Type | Required | Default | Description | |---|---|---|---|---| | `mode` | Select | Yes | `latestCVEs` | Scraping mode (see Modes section) | | `searchQuery` | String | For `search` | `log4j` | Keyword to search CVEs | | `cveId` | String | For `byCveId` | `CVE-2021-44228` | Exact CVE ID to fetch | | `severity` | Select | No | (all) | CVSS v3 severity: LOW/MEDIUM/HIGH/CRITICAL | | `cvssMinScore` | Number | No | — | Minimum CVSS v3 score (0.0–10.0) | | `cvssMaxScore` | Number | No | — | Maximum CVSS v3 score (0.0–10.0) | | `dateRangeFrom` | String | For `byDateRange` | — | Start date (ISO 8601, e.g. `2024-01-01`) | | `dateRangeTo` | String | For `byDateRange` | — | End date (ISO 8601, e.g. `2024-12-31`) | | `cweId` | String | No | — | Filter by CWE ID (e.g. `CWE-79`, `CWE-89`) | | `isKnownExploited` | Boolean | No | `false` | Only KEV-listed vulnerabilities | | `maxItems` | Integer | No | `50` | Maximum records to return (1–2000) | ### Modes | Mode | Description | |---|---| | `latestCVEs` | Most recently added/modified CVEs (default) | | `search` | Search CVEs by keyword | | `byCveId` | Fetch a single CVE by exact ID | | `bySeverity` | Browse CVEs filtered by CVSS severity level | | `byDateRange` | CVEs published in a specific date range | ### Output Each CVE record contains: | Field | Type | Description | |---|---|---| | `cveId` | String | CVE identifier (e.g. CVE-2021-44228) | | `description` | String | Full English vulnerability description | | `status` | String | NVD analysis status (Analyzed, Modified, etc.) | | `severity` | String | CVSS v3 severity (LOW/MEDIUM/HIGH/CRITICAL) | | `cvssV3Score` | Number | CVSS v3 base score (0.0–10.0) | | `cvssV3Vector` | String | CVSS v3 vector string | | `cvssV2Score` | Number | CVSS v2 base score (0.0–10.0) | | `publishedDate` | String | NVD publication timestamp | | `lastModifiedDate` | String | Last modification timestamp | | `weaknesses` | Array | CWE IDs (e.g. ["CWE-917", "CWE-502"]) | | `affectedProducts` | Array | CPE strings for affected products/versions | | `references` | Array | URLs to advisories, patches, and write-ups | | `patchAvailable` | Boolean | True if any reference has a "Patch" tag | | `isKnownExploited` | Boolean | True if in CISA KEV catalog | | `kevExploitAddDate` | String | Date added to KEV catalog | | `kevRequiredAction` | String | CISA-required remediation action | | `kevVulnerabilityName` | String | CISA's descriptive name for the vulnerability | | `sourceUrl` | String | NVD detail page URL | | `scrapedAt` | String | UTC timestamp of data extraction | | `recordType` | String | Always `vulnerability` | ### Sample Output ```json { "cveId": "CVE-2021-44228", "description": "Apache Log4j2 2.0-beta9 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.", "status": "Analyzed", "severity": "CRITICAL", "cvssV3Score": 10.0, "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvssV2Score": 9.3, "publishedDate": "2021-12-10T10:15:09.143", "lastModifiedDate": "2024-01-21T02:15:07.687", "weaknesses": ["CWE-917", "CWE-502"], "affectedProducts": ["cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*"], "references": [ "https://logging.apache.org/log4j/2.x/security.html", "https://github.com/apache/logging-log4j2/releases/tag/rel%2F2.15.0" ], "patchAvailable": true, "isKnownExploited": true, "kevExploitAddDate": "2021-12-10", "kevRequiredAction": "Apply updates per vendor instructions.", "kevVulnerabilityName": "Apache Log4j2 Remote Code Execution Vulnerability", "sourceUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228", "scrapedAt": "2026-06-01T12:00:00+00:00", "recordType": "vulnerability" } ```` ### FAQs **Do I need an API key?** No. The NVD API is publicly accessible without authentication. Without an API key, requests are rate-limited to approximately 5 requests per 30 seconds. The actor handles this automatically with appropriate delays. **What is CVSS?** The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. Scores range from 0.0 (none) to 10.0 (critical). CVSS v3.x is the current standard; the actor extracts v3.1, v3.0, and v2 scores. **What is KEV?** CISA's Known Exploited Vulnerabilities (KEV) catalog lists CVEs that are actively being exploited in the wild. These represent the highest-priority vulnerabilities to patch. Use `isKnownExploited=true` to focus on these. **What is CWE?** Common Weakness Enumeration (CWE) is a category system for software weaknesses. Examples: CWE-79 (Cross-site Scripting), CWE-89 (SQL Injection), CWE-79 (Buffer Overflow). Use `cweId` to filter by weakness type. **How do I find CVEs for a specific product?** Use `mode=search` with the product name as the keyword (e.g. `openssl`, `apache httpd`, `windows rdp`). For more precise results, use the full CPE name in your search. **What is the maximum date range I can query?** NVD API allows date ranges up to 120 days per request for historical queries. For larger ranges, run multiple actor calls with sequential date windows. **How fresh is the data?** The NVD is updated continuously. New CVEs are typically published within days of their CNA (CVE Numbering Authority) submission. Use `mode=latestCVEs` to get the most recently added records. **Can I filter by both severity and CWE?** Yes. All filters can be combined: set `severity=CRITICAL` and `cweId=CWE-79` to find critical-severity XSS vulnerabilities. # Actor input Schema ## `mode` (type: `string`): What to fetch from the NVD API. ## `searchQuery` (type: `string`): Keyword to search CVEs by. E.g. 'log4j', 'apache', 'buffer overflow'. ## `cveId` (type: `string`): Exact CVE ID to fetch. E.g. 'CVE-2021-44228' (Log4Shell). ## `severity` (type: `string`): Filter or browse by CVSS v3 severity level. ## `cvssMinScore` (type: `number`): Only include CVEs with CVSS v3 score >= this value (0.0 – 10.0). ## `cvssMaxScore` (type: `number`): Only include CVEs with CVSS v3 score <= this value (0.0 – 10.0). ## `dateRangeFrom` (type: `string`): Start of publication date range in ISO 8601 format. E.g. '2024-01-01' or '2024-01-01T00:00:00'. ## `dateRangeTo` (type: `string`): End of publication date range in ISO 8601 format. E.g. '2024-12-31' or '2024-12-31T23:59:59'. ## `cweId` (type: `string`): Filter by Common Weakness Enumeration ID. E.g. 'CWE-79' (XSS), 'CWE-89' (SQL injection). ## `isKnownExploited` (type: `boolean`): Only include CVEs listed in CISA's Known Exploited Vulnerabilities catalog. ## `maxItems` (type: `integer`): Hard cap on emitted records. ## Actor input object example ```json { "mode": "latestCVEs", "searchQuery": "log4j", "cveId": "CVE-2021-44228", "severity": "", "isKnownExploited": false, "maxItems": 50 } ``` # Actor output Schema ## `vulnerabilities` (type: `string`): Dataset containing all scraped CVE records from the NVD. # API You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup. ## JavaScript example ```javascript import { ApifyClient } from 'apify-client'; // Initialize the ApifyClient with your Apify API token // Replace the '' with your token const client = new ApifyClient({ token: '', }); // Prepare Actor input const input = { "mode": "latestCVEs", "searchQuery": "log4j", "cveId": "CVE-2021-44228", "severity": "", "isKnownExploited": false, "maxItems": 50 }; // Run the Actor and wait for it to finish const run = await client.actor("crawlerbros/nvd-vulnerability-scraper").call(input); // Fetch and print Actor results from the run's dataset (if any) console.log('Results from dataset'); console.log(`💾 Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`); const { items } = await client.dataset(run.defaultDatasetId).listItems(); items.forEach((item) => { console.dir(item); }); // 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/js/docs ``` ## Python example ```python from apify_client import ApifyClient # Initialize the ApifyClient with your Apify API token # Replace '' with your token. client = ApifyClient("") # Prepare the Actor input run_input = { "mode": "latestCVEs", "searchQuery": "log4j", "cveId": "CVE-2021-44228", "severity": "", "isKnownExploited": False, "maxItems": 50, } # Run the Actor and wait for it to finish run = client.actor("crawlerbros/nvd-vulnerability-scraper").call(run_input=run_input) # Fetch and print Actor results from the run's dataset (if there are any) print("💾 Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"]) for item in client.dataset(run["defaultDatasetId"]).iterate_items(): print(item) # 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/python/docs/quick-start ``` ## CLI example ```bash echo '{ "mode": "latestCVEs", "searchQuery": "log4j", "cveId": "CVE-2021-44228", "severity": "", "isKnownExploited": false, "maxItems": 50 }' | apify call crawlerbros/nvd-vulnerability-scraper --silent --output-dataset ``` ## MCP server setup ```json { "mcpServers": { "apify": { "command": "npx", "args": [ "mcp-remote", "https://mcp.apify.com/?tools=crawlerbros/nvd-vulnerability-scraper", "--header", "Authorization: Bearer " ] } } } ``` ## OpenAPI specification ```json { "openapi": "3.0.1", "info": { "title": "NVD Vulnerability Scraper", "description": "Scrape the NIST National Vulnerability Database (NVD) - the U.S. government repository of CVE records, CVSS scores, CWE classifications, and Known Exploited Vulnerabilities (KEV). Search by keyword, lookup by CVE ID, filter by severity, date range, or CWE weakness.", "version": "1.0", "x-build-id": "KCTgnsLJ2xRQ2xOnF" }, "servers": [ { "url": "https://api.apify.com/v2" } ], "paths": { "/acts/crawlerbros~nvd-vulnerability-scraper/run-sync-get-dataset-items": { "post": { "operationId": "run-sync-get-dataset-items-crawlerbros-nvd-vulnerability-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } }, "/acts/crawlerbros~nvd-vulnerability-scraper/runs": { "post": { "operationId": "runs-sync-crawlerbros-nvd-vulnerability-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor and returns information about the initiated run in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/runsResponseSchema" } } } } } } }, "/acts/crawlerbros~nvd-vulnerability-scraper/run-sync": { "post": { "operationId": "run-sync-crawlerbros-nvd-vulnerability-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } } }, "components": { "schemas": { "inputSchema": { "type": "object", "required": [ "mode" ], "properties": { "mode": { "title": "Mode", "enum": [ "search", "byCveId", "bySeverity", "byDateRange", "latestCVEs" ], "type": "string", "description": "What to fetch from the NVD API.", "default": "latestCVEs" }, "searchQuery": { "title": "Search keyword (mode=search)", "type": "string", "description": "Keyword to search CVEs by. E.g. 'log4j', 'apache', 'buffer overflow'.", "default": "log4j" }, "cveId": { "title": "CVE ID (mode=byCveId)", "type": "string", "description": "Exact CVE ID to fetch. E.g. 'CVE-2021-44228' (Log4Shell).", "default": "CVE-2021-44228" }, "severity": { "title": "CVSS v3 severity (mode=bySeverity / filter)", "enum": [ "", "LOW", "MEDIUM", "HIGH", "CRITICAL" ], "type": "string", "description": "Filter or browse by CVSS v3 severity level.", "default": "" }, "cvssMinScore": { "title": "CVSS min score filter", "minimum": 0, "maximum": 10, "type": "number", "description": "Only include CVEs with CVSS v3 score >= this value (0.0 – 10.0)." }, "cvssMaxScore": { "title": "CVSS max score filter", "minimum": 0, "maximum": 10, "type": "number", "description": "Only include CVEs with CVSS v3 score <= this value (0.0 – 10.0)." }, "dateRangeFrom": { "title": "Published date from (mode=byDateRange / filter)", "type": "string", "description": "Start of publication date range in ISO 8601 format. E.g. '2024-01-01' or '2024-01-01T00:00:00'." }, "dateRangeTo": { "title": "Published date to (mode=byDateRange / filter)", "type": "string", "description": "End of publication date range in ISO 8601 format. E.g. '2024-12-31' or '2024-12-31T23:59:59'." }, "cweId": { "title": "CWE ID filter", "type": "string", "description": "Filter by Common Weakness Enumeration ID. E.g. 'CWE-79' (XSS), 'CWE-89' (SQL injection)." }, "isKnownExploited": { "title": "Known Exploited Vulnerabilities (KEV) only", "type": "boolean", "description": "Only include CVEs listed in CISA's Known Exploited Vulnerabilities catalog.", "default": false }, "maxItems": { "title": "Max items", "minimum": 1, "maximum": 2000, "type": "integer", "description": "Hard cap on emitted records.", "default": 50 } } }, "runsResponseSchema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string" }, "actId": { "type": "string" }, "userId": { "type": "string" }, "startedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "finishedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "status": { "type": "string", "example": "READY" }, "meta": { "type": "object", "properties": { "origin": { "type": "string", "example": "API" }, "userAgent": { "type": "string" } } }, "stats": { "type": "object", "properties": { "inputBodyLen": { "type": "integer", "example": 2000 }, "rebootCount": { "type": "integer", "example": 0 }, "restartCount": { "type": "integer", "example": 0 }, "resurrectCount": { "type": "integer", "example": 0 }, "computeUnits": { "type": "integer", "example": 0 } } }, "options": { "type": "object", "properties": { "build": { "type": "string", "example": "latest" }, "timeoutSecs": { "type": "integer", "example": 300 }, "memoryMbytes": { "type": "integer", "example": 1024 }, "diskMbytes": { "type": "integer", "example": 2048 } } }, "buildId": { "type": "string" }, "defaultKeyValueStoreId": { "type": "string" }, "defaultDatasetId": { "type": "string" }, "defaultRequestQueueId": { "type": "string" }, "buildNumber": { "type": "string", "example": "1.0.0" }, "containerUrl": { "type": "string" }, "usage": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "integer", "example": 1 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } }, "usageTotalUsd": { "type": "number", "example": 0.00005 }, "usageUsd": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "number", "example": 0.00005 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } } } } } } } } } ```