# NIST NVD CVE Scraper (`parseforge/nist-nvd-cve-scraper`) Actor Scrape CVE vulnerabilities from the NIST National Vulnerability Database (NVD) API 2.0. Filter by severity, CWE, keyword, date range, or single CVE ID. Returns CVSS v3/v2 scores, CWE weaknesses, CPE configurations, and references. - **URL**: https://apify.com/parseforge/nist-nvd-cve-scraper.md - **Developed by:** [ParseForge](https://apify.com/parseforge) (community) - **Categories:** Developer tools, Business, Automation - **Stats:** 2 total users, 1 monthly users, 100.0% runs succeeded, NaN bookmarks - **User rating**: No ratings yet ## Pricing from $22.50 / 1,000 results This Actor is paid per event. You are not charged for the Apify platform usage, but only a fixed price for specific events. Since this Actor supports Apify Store discounts, the price gets lower the higher subscription plan you have. Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-event ## What's an Apify Actor? Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases. In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours, and optionally produces a well-defined JSON output, datasets with results, or files in key-value store. In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server. Actors are written with capital "A". ## How to integrate an Actor? If asked about integration, you help developers integrate Actors into their projects. You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready. The best way to integrate Actors is as follows. In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md): ```bash npm install apify-client ``` In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md): ```bash pip install apify-client ``` In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md): ````bash # MacOS / Linux curl -fsSL https://apify.com/install-cli.sh | bash # Windows irm https://apify.com/install-cli.ps1 | iex ```bash In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md). If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md). For usage examples, see the [API](#api) section below. For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt). # README ![ParseForge Banner](https://github.com/ParseForge/apify-assets/blob/main/banners/banner-default.jpg?raw=true) ## ๐Ÿ›ก๏ธ NIST NVD CVE Scraper > ๐Ÿš€ **Export the global CVE catalogue in seconds.** Pull **240,000+ CVE records** from the official NIST National Vulnerability Database with CVSS v4, v3.1, and v2 scores, CWE weaknesses, CPE configurations, and full reference lists. No sign-up, no rate-limit headaches, no parser engineering. > ๐Ÿ•’ **Last updated:** 2026-05-15 ยท **๐Ÿ“Š 21 fields** per record ยท **๐Ÿ›ก๏ธ 240,000+ CVEs** ยท **๐ŸŽฏ 4 scoring systems** ยท **๐Ÿ“š 800+ CWE weakness types** The **NIST NVD CVE Scraper** pulls vulnerabilities from the official NIST National Vulnerability Database (NVD) and returns **21 normalised fields per record**, including CVSS v4 / v3 / v2 base scores, weakness classifications, CPE 2.3 configurations, and curated reference links. The underlying catalogue is the canonical source of truth for U.S. federal vulnerability tracking and is consumed by every major SIEM, vulnerability scanner, and cloud security platform on the planet. The catalogue covers **every published CVE since 1999, four CVSS scoring systems, hundreds of CWE weakness families, and millions of CPE product mappings** spanning operating systems, applications, libraries, and firmware. This Actor makes that data downloadable as CSV, Excel, JSON, or XML in minutes. Filters apply at the source, so you skip pagination, rate-limit handling, and field normalisation entirely. | ๐ŸŽฏ Target Audience | ๐Ÿ’ก Primary Use Cases | |---|---| | Security teams, vulnerability managers, threat researchers, SOC analysts, DevSecOps engineers, compliance officers, security tool builders | CVE feed enrichment, patch prioritisation, SIEM integration, CVSS-based reporting, CPE matching, supply-chain risk, security dashboard automation | --- ### ๐Ÿ“‹ What the NIST NVD CVE Scraper does Five workflows in a single Actor: - ๐Ÿ”Ž **Single CVE lookup.** Fetch one record by its identifier, e.g. `CVE-2021-44228`. - ๐Ÿ“ฆ **Batch CVE lookup.** Pass an array of IDs and get every match in one run. - ๐Ÿ”  **Keyword search.** Free-text search across CVE descriptions for terms like `openssl`, `log4j`, or `remote code execution`. - ๐ŸŽš๏ธ **Severity + CWE filters.** Restrict to Critical / High / Medium / Low or to a specific weakness type. - ๐Ÿ“… **Date-window crawl.** Pull every CVE published inside a 120-day window for incremental syncs. Each record includes the CVE identifier, source CNA, publication and modification timestamps, English description, all available CVSS scores, weakness list, affected configurations (CPE 2.3 with version ranges), and curated references with tags. > ๐Ÿ’ก **Why it matters:** the NVD is the foundation of every vulnerability scanner, patch-management workflow, and security advisory pipeline. Building your own ingestion means handling pagination, the 120-day window cap, retry-after headers, and CVSS v2/v3/v4 normalisation by hand. This Actor skips all of that and gives you a clean, downloadable dataset. --- ### ๐ŸŽฌ Full Demo _๐Ÿšง Coming soon: a 3-minute walkthrough showing how to go from sign-up to a downloaded CVE dataset._ --- ### โš™๏ธ Input
InputTypeDefaultBehavior
cveIdstring""Single CVE ID (e.g. CVE-2024-1234). Overrides all other filters.
cveIdsstring[][]Batch list of CVE IDs (recommended max ~100 per run).
keywordstring""Free-text search across CVE descriptions.
severityenum""One of CRITICAL / HIGH / MEDIUM / LOW. Empty for all.
cweIdstring""Filter by CWE weakness ID (e.g. CWE-79).
pubStartDate, pubEndDateISO 8601""Publish-date window. Both required together. Max 120-day span.
hasKevbooleanfalseRestrict to CVEs in the CISA Known Exploited Vulnerabilities catalog.
hasOval, hasCertAlerts, hasCertNotesbooleanfalseRestrict to records with OVAL / US-CERT alerts / US-CERT notes.
noRejectedbooleanfalseSkip CVEs in REJECTED status.
sourceIdentifierstring""Filter by submitting CNA (e.g. cve@mitre.org).
virtualMatchStringstring""CPE 2.3 match string (e.g. cpe:2.3:a:apache:log4j).
maxItemsinteger10Records to return. Free plan caps at 10, paid plan at 1,000,000.
**Example: every Critical CVE published in Q1 2024.** ```json { "maxItems": 500, "severity": "CRITICAL", "pubStartDate": "2024-01-01T00:00:00.000", "pubEndDate": "2024-03-31T23:59:59.999" } ```` **Example: batch lookup of the Log4Shell family.** ```json { "cveIds": ["CVE-2021-44228", "CVE-2021-45046", "CVE-2021-45105", "CVE-2021-44832"] } ``` > โš ๏ธ **Good to Know:** the official NIST NVD source enforces a 120-day publish-date window per query. The Actor respects this limit and warns when only one of `pubStartDate` / `pubEndDate` is supplied. For longer date ranges, run the Actor on a schedule with rolling windows. *** ### ๐Ÿ“Š Output Each record contains **21 fields**. Download the dataset as CSV, Excel, JSON, or XML. #### ๐Ÿงพ Schema | Field | Type | Example | |---|---|---| | ๐Ÿ†” `cveId` | string | `"CVE-2021-44228"` | | ๐Ÿ”— `url` | string | `"https://nvd.nist.gov/vuln/detail/CVE-2021-44228"` | | ๐Ÿข `sourceIdentifier` | string | null | `"security-advisories@github.com"` | | ๐Ÿ“… `published` | ISO 8601 | null | `"2021-12-10T10:15:09.143"` | | ๐Ÿ•’ `lastModified` | ISO 8601 | null | `"2025-04-03T01:03:51.193"` | | ๐Ÿšฆ `vulnStatus` | string | null | `"Modified"` | | ๐Ÿ“ `description` | string | null | `"Apache Log4j2 2.0-beta9 through 2.15.0..."` | | ๐ŸŽฏ `cvssV4BaseScore` | number | null | `null` | | ๐ŸŽฏ `cvssV4Severity` | string | null | `null` | | ๐ŸŽฏ `cvssV4VectorString` | string | null | `null` | | ๐ŸŽฏ `cvssV3BaseScore` | number | null | `10.0` | | ๐ŸŽฏ `cvssV3BaseSeverity` | string | null | `"CRITICAL"` | | ๐ŸŽฏ `cvssV3VectorString` | string | null | `"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"` | | ๐ŸŽฏ `cvssV2BaseScore` | number | null | `9.3` | | ๐ŸŽฏ `cvssV2BaseSeverity` | string | null | `"HIGH"` | | ๐ŸŽฏ `cvssV2VectorString` | string | null | `"AV:N/AC:M/Au:N/C:C/I:C/A:C"` | | ๐Ÿงฌ `weaknesses` | string\[] | `["CWE-20", "CWE-400", "CWE-502"]` | | ๐Ÿงฑ `configurations` | object\[] | `[{ "operator": "OR", "cpeMatches": [...] }]` | | ๐Ÿ“š `references` | object\[] | `[{ "url": "https://logging.apache.org/...", "tags": ["Vendor Advisory"] }]` | | ๐Ÿ•’ `scrapedAt` | ISO 8601 | `"2026-05-15T00:00:00.000Z"` | | โŒ `error` | string | null | `null` | #### ๐Ÿ“ฆ Sample record
๐Ÿ”ฅ Critical RCE: Log4Shell (CVE-2021-44228) ```json { "cveId": "CVE-2021-44228", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228", "sourceIdentifier": "security-advisories@github.com", "published": "2021-12-10T10:15:09.143", "lastModified": "2025-04-03T01:03:51.193", "vulnStatus": "Modified", "description": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.", "cvssV3BaseScore": 10.0, "cvssV3BaseSeverity": "CRITICAL", "cvssV3VectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cvssV2BaseScore": 9.3, "cvssV2BaseSeverity": "HIGH", "cvssV2VectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "weaknesses": ["CWE-20", "CWE-400", "CWE-502", "CWE-917"], "configurations": [{ "operator": "OR", "cpeMatches": [{ "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "2.0.0", "versionEndExcluding": "2.3.1" }] }], "references": [ { "url": "https://logging.apache.org/log4j/2.x/security.html", "tags": ["Vendor Advisory"] }, { "url": "https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance", "tags": ["Third Party Advisory", "US Government Resource"] } ], "scrapedAt": "2026-05-15T00:00:00.000Z" } ```
*** ### โœจ Why choose this Actor | | Capability | |---|---| | ๐Ÿ›ก๏ธ | **Authoritative source.** Pulls directly from the official NIST National Vulnerability Database, the canonical CVE catalogue. | | ๐ŸŽฏ | **Multi-version CVSS.** v4, v3.1, v3.0, and v2 base scores plus vector strings, all normalised in one record. | | ๐Ÿงฑ | **CPE 2.3 configurations.** Affected product matches with version ranges, ready to join with asset inventories. | | ๐Ÿงฌ | **CWE weakness mapping.** Each CVE comes with its full list of associated weakness types. | | ๐Ÿ“š | **Curated references.** Vendor advisories, exploit links, US-CERT notes, and third-party analysis tagged at the source. | | ๐Ÿ” | **Always fresh.** Every run hits the live catalogue, so the dataset reflects current scoring and modification dates. | | ๐Ÿšซ | **No sign-up.** Works with public vulnerability data. No login or token needed. | > ๐Ÿ“Š The NVD is consumed by every major SIEM, EDR, vulnerability scanner, and cloud security platform on the planet. Owning a clean local copy is a multiplier for every downstream security workflow. *** ### ๐Ÿ“ˆ How it compares to alternatives | Approach | Cost | Coverage | Refresh | Filters | Setup | |---|---|---|---|---|---| | **โญ NIST NVD CVE Scraper** *(this Actor)* | $5 free credit, then pay-per-use | **240,000+ CVEs** | **Live per run** | severity, CWE, CPE, date, KEV, source | โšก 2 min | | Commercial threat-intel feeds | $10,000+/year | Curated subset | Streaming | Many | โณ Days | | Manual exports | Free | Full | Stale | None | ๐Ÿข Hours | | Self-built ingestion | Engineering time | Full | Custom | Custom | ๐Ÿ› ๏ธ Weeks | Pick this Actor when you want the canonical CVE catalogue without writing pagination, retry, or normalisation code. *** ### ๐Ÿš€ How to use 1. ๐Ÿ“ **Sign up.** [Create a free account with $5 credit](https://console.apify.com/sign-up?fpr=vmoqkp) (takes 2 minutes). 2. ๐ŸŒ **Open the Actor.** Go to the NIST NVD CVE Scraper page on the Apify Store. 3. ๐ŸŽฏ **Set input.** Pick a severity, keyword, CVE ID, or date window, then set `maxItems`. 4. ๐Ÿš€ **Run it.** Click **Start** and let the Actor collect your data. 5. ๐Ÿ“ฅ **Download.** Grab your results in the **Dataset** tab as CSV, Excel, JSON, or XML. > โฑ๏ธ Total time from signup to downloaded dataset: **3-5 minutes.** No coding required. *** ### ๐Ÿ’ผ Business use cases
#### ๐Ÿ›ก๏ธ Vulnerability Management - Daily ingestion of new CVEs into your scanner backend - CVSS-based prioritisation queues for patch teams - KEV-aware triage workflows for active exploitation - Compliance evidence packs for SOC 2, ISO 27001, FedRAMP #### ๐Ÿ” Threat Intelligence & Research - Track new Critical and High CVEs in near real time - Build research datasets filtered by CWE family - Map CVE growth by vendor, product, or year - Cross-reference with KEV and exploit prediction feeds
#### ๐Ÿ› ๏ธ DevSecOps & SBOM - Match CPE strings against your software bill of materials - CI gate that fails builds on Critical CVEs in dependencies - Supply-chain risk reports filtered by ecosystem - Pull requests that auto-link CVEs to fix branches #### ๐Ÿ“Š Security Reporting & Dashboards - Executive dashboards showing CVE counts by severity over time - Vendor scorecards based on CVE volume and median CVSS - Customer-facing trust pages with patch SLAs - Regulatory reporting for finance, healthcare, and energy
*** ### ๐Ÿ”Œ Automating NIST NVD CVE Scraper Control the scraper programmatically for scheduled runs and pipeline integrations: - ๐ŸŸข **Node.js.** Install the `apify-client` NPM package. - ๐Ÿ **Python.** Use the `apify-client` PyPI package. - ๐Ÿ“š See the [Apify documentation](https://docs.apify.com/) for full details. The [Apify Schedules feature](https://docs.apify.com/platform/schedules) lets you trigger this Actor on any cron interval. Hourly, daily, or weekly refreshes keep your downstream vulnerability database in sync automatically. *** ### ๐ŸŒŸ Beyond business use cases Data like this powers more than commercial workflows. The same structured records support research, education, civic projects, and personal initiatives.
#### ๐ŸŽ“ Research and academia - Vulnerability disclosure trend analysis for academic papers - CWE family co-occurrence studies and ML training sets - Reproducible studies with cited, versioned dataset pulls - Coursework on secure software engineering and risk modelling #### ๐ŸŽจ Personal and creative - Hobbyist security dashboards and home-lab CVE feeds - Newsletter and blog research on the latest disclosures - Portfolio projects that show off security data engineering - Personal alerting bots for vendors you actually use
#### ๐Ÿค Non-profit and civic - Local government IT teams tracking exposure to known threats - Civic-tech projects mapping CVE risk for critical infrastructure - Open-source maintainers monitoring downstream impact - Educational outreach for security literacy programmes #### ๐Ÿงช Experimentation - Train CVE-classification or severity-prediction models - Prototype agent pipelines that summarise advisories - Test SIEM rules against historical CVE waves - Build dashboards on top of live vulnerability feeds
*** ### ๐Ÿค– Ask an AI assistant about this scraper Open a ready-to-send prompt about this ParseForge actor in the AI of your choice: - ๐Ÿ’ฌ [**ChatGPT**](https://chat.openai.com/?q=How%20do%20I%20use%20the%20NIST%20NVD%20CVE%20Scraper%20by%20ParseForge%20on%20Apify%3F%20Show%20me%20input%20examples%2C%20output%20fields%2C%20common%20use%20cases%2C%20and%20how%20to%20integrate%20it%20into%20a%20workflow.) - ๐Ÿง  [**Claude**](https://claude.ai/new?q=How%20do%20I%20use%20the%20NIST%20NVD%20CVE%20Scraper%20by%20ParseForge%20on%20Apify%3F%20Show%20me%20input%20examples%2C%20output%20fields%2C%20common%20use%20cases%2C%20and%20how%20to%20integrate%20it%20into%20a%20workflow.) - ๐Ÿ” [**Perplexity**](https://perplexity.ai/search?q=How%20do%20I%20use%20the%20NIST%20NVD%20CVE%20Scraper%20by%20ParseForge%20on%20Apify%3F%20Show%20me%20input%20examples%2C%20output%20fields%2C%20common%20use%20cases%2C%20and%20how%20to%20integrate%20it%20into%20a%20workflow.) - ๐Ÿ…’ [**Copilot**](https://copilot.microsoft.com/?q=How%20do%20I%20use%20the%20NIST%20NVD%20CVE%20Scraper%20by%20ParseForge%20on%20Apify%3F%20Show%20me%20input%20examples%2C%20output%20fields%2C%20common%20use%20cases%2C%20and%20how%20to%20integrate%20it%20into%20a%20workflow.) *** ### โ“ Frequently Asked Questions #### ๐Ÿงฉ How does it work? Configure your filters in the input form, click Start, and the Actor pulls matching CVEs from the official NIST NVD source, normalises CVSS v4 / v3 / v2 scoring, and emits one clean record per vulnerability. #### ๐Ÿ“ How accurate is the data? The records are mirror-copies of the official NIST NVD catalogue at run time. Description text, CVSS scores, CWE mappings, and CPE configurations are taken verbatim from the source. #### ๐Ÿ” How often is the dataset refreshed? The official NIST source updates continuously as CNAs publish new CVEs and analysts revise existing ones. Every run of this Actor reflects the catalogue as of run time. #### ๐ŸŽฏ Which CVSS versions are included? All four. The Actor surfaces CVSS v4.0, v3.1, v3.0, and v2 base scores plus vector strings whenever the source provides them. Older CVEs may carry only v2; newer ones may have v3 and v4. #### ๐Ÿ“… Why does the date filter cap at 120 days? The official source enforces this window per query. To pull longer ranges, schedule the Actor with rolling 120-day windows or fetch by CVE ID list instead. #### ๐Ÿงฌ What is a CWE? CWE (Common Weakness Enumeration) is the standard taxonomy of software weaknesses. Each CVE is mapped to one or more CWE IDs that classify the underlying flaw type, like buffer overflow or cross-site scripting. #### ๐Ÿงฑ What is a CPE? CPE (Common Platform Enumeration) 2.3 is the standard product naming scheme. The Actor returns full CPE match strings with version ranges, ready to join against asset inventories or software bills of materials. #### โฐ Can I schedule regular runs? Yes. Use Apify Schedules to run this Actor on any cron interval. A common pattern is a 60-minute schedule that pulls the latest published CVEs and pushes them into a SIEM or ticketing system. #### โš–๏ธ Is this data legal to use? The NIST NVD is a U.S. government public dataset with no restrictions on use, including commercial use. You should still review the official terms for your specific application. #### ๐Ÿ’ณ Do I need a paid Apify plan to use this Actor? No. The free Apify plan is enough for testing and small runs (10 records per run). A paid plan lifts the limit and gives you scheduling, higher concurrency, and larger datasets. #### ๐Ÿ†˜ What if I need help? Our support team is here to help. Contact us through the Apify platform or use the Tally form linked below. *** ### ๐Ÿ”Œ Integrate with any app NIST NVD CVE Scraper connects to any cloud service via [Apify integrations](https://apify.com/integrations): - [**Make**](https://docs.apify.com/platform/integrations/make) - Automate multi-step workflows - [**Zapier**](https://docs.apify.com/platform/integrations/zapier) - Connect with 5,000+ apps - [**Slack**](https://docs.apify.com/platform/integrations/slack) - Get CVE alerts in your security channels - [**Airbyte**](https://docs.apify.com/platform/integrations/airbyte) - Pipe CVE data into your warehouse - [**GitHub**](https://docs.apify.com/platform/integrations/github) - Trigger runs from commits and releases - [**Google Drive**](https://docs.apify.com/platform/integrations/drive) - Export datasets straight to Sheets You can also use webhooks to trigger downstream actions when a run finishes. Push fresh CVE data into your ticketing system, or alert your team in Slack when a new Critical hits the catalogue. *** ### ๐Ÿ”— Recommended Actors - [**๐Ÿšจ CISA KEV Scraper**](https://apify.com/parseforge/cisa-kev-scraper) - Known Exploited Vulnerabilities catalogue with due dates - [**๐Ÿ“ˆ EPSS Exploit Prediction Scraper**](https://apify.com/parseforge/epss-exploit-prediction-scraper) - 30-day exploitation probability scores - [**๐Ÿ™ GitHub Security Advisories Scraper**](https://apify.com/parseforge/github-security-advisories-scraper) - GHSA + CVE advisories with patched versions - [**๐Ÿ“ฆ OSV Vulnerabilities Scraper**](https://apify.com/parseforge/osv-vulnerabilities-scraper) - Open source vulnerabilities across PyPI, npm, Go, Maven and more - [**๐Ÿ”ฌ CIRCL CVE Scraper**](https://apify.com/parseforge/circl-cve-scraper) - CIRCL Luxembourg CVE catalogue with CWE and CAPEC > ๐Ÿ’ก **Pro Tip:** browse the complete [ParseForge collection](https://apify.com/parseforge) for more security and reference-data scrapers. *** **๐Ÿ†˜ Need Help?** [**Open our contact form**](https://tally.so/r/BzdKgA) to request a new scraper, propose a custom data project, or report an issue. *** > **โš ๏ธ Disclaimer:** this Actor is an independent tool and is not affiliated with, endorsed by, or sponsored by NIST, the U.S. government, or any of the CNAs that contribute to the NVD catalogue. All trademarks mentioned are the property of their respective owners. Only publicly available vulnerability data is collected. # Actor input Schema ## `cveId` (type: `string`): Look up a single CVE by ID (e.g. CVE-2024-1234). When set, all other filters are ignored. ## `cveIds` (type: `array`): Array of CVE IDs to fetch in one run (e.g. \["CVE-2021-44228", "CVE-2021-45046"]). Takes precedence over single cveId. Recommended max ~100 per call. ## `keyword` (type: `string`): Free-text keyword search across CVE descriptions (e.g. 'openssl', 'log4j', 'remote code execution'). ## `severity` (type: `string`): Filter by CVSS v3 base severity. Leave empty for all severities. ## `cweId` (type: `string`): Filter by CWE weakness ID (e.g. CWE-79, CWE-89, CWE-787). ## `pubStartDate` (type: `string`): Filter CVEs published on or after this date (ISO 8601, e.g. 2024-01-01T00:00:00.000). NIST NVD requires both pubStartDate and pubEndDate together, max 120-day window. ## `pubEndDate` (type: `string`): Filter CVEs published on or before this date (ISO 8601, e.g. 2024-12-31T23:59:59.999). ## `hasOval` (type: `boolean`): Only include CVEs with OVAL (Open Vulnerability and Assessment Language) records. ## `hasKev` (type: `boolean`): Only include CVEs that appear in the CISA Known Exploited Vulnerabilities (KEV) catalog. ## `hasCertAlerts` (type: `boolean`): Only include CVEs referenced in US-CERT Technical Alerts. ## `hasCertNotes` (type: `boolean`): Only include CVEs referenced in US-CERT Vulnerability Notes. ## `noRejected` (type: `boolean`): Skip CVEs in REJECTED status (duplicates or withdrawn entries that lack scoring data). Recommended on. ## `sourceIdentifier` (type: `string`): Filter by the CNA / source that submitted the CVE (e.g. 'cve@mitre.org', 'security-advisories@github.com'). ## `virtualMatchString` (type: `string`): CPE 2.3 match string to filter by affected product (e.g. 'cpe:2.3:a:apache:log4j'). Returns CVEs that match the CPE. ## `maxItems` (type: `integer`): Free users: Limited to 10 items (preview). Paid users: Optional, max 1,000,000 ## Actor input object example ```json { "cveId": "", "cveIds": [], "keyword": "", "severity": "", "cweId": "", "pubStartDate": "", "pubEndDate": "", "hasOval": false, "hasKev": false, "hasCertAlerts": false, "hasCertNotes": false, "noRejected": true, "sourceIdentifier": "", "virtualMatchString": "", "maxItems": 10 } ``` # Actor output Schema ## `overview` (type: `string`): Overview of scraped data ## `fullData` (type: `string`): Complete dataset # API You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup. ## JavaScript example ```javascript import { ApifyClient } from 'apify-client'; // Initialize the ApifyClient with your Apify API token // Replace the '' with your token const client = new ApifyClient({ token: '', }); // Prepare Actor input const input = { "cveId": "", "keyword": "", "severity": "", "cweId": "", "pubStartDate": "", "pubEndDate": "", "sourceIdentifier": "", "virtualMatchString": "", "maxItems": 10 }; // Run the Actor and wait for it to finish const run = await client.actor("parseforge/nist-nvd-cve-scraper").call(input); // Fetch and print Actor results from the run's dataset (if any) console.log('Results from dataset'); console.log(`๐Ÿ’พ Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`); const { items } = await client.dataset(run.defaultDatasetId).listItems(); items.forEach((item) => { console.dir(item); }); // ๐Ÿ“š Want to learn more ๐Ÿ“–? Go to โ†’ https://docs.apify.com/api/client/js/docs ``` ## Python example ```python from apify_client import ApifyClient # Initialize the ApifyClient with your Apify API token # Replace '' with your token. client = ApifyClient("") # Prepare the Actor input run_input = { "cveId": "", "keyword": "", "severity": "", "cweId": "", "pubStartDate": "", "pubEndDate": "", "sourceIdentifier": "", "virtualMatchString": "", "maxItems": 10, } # Run the Actor and wait for it to finish run = client.actor("parseforge/nist-nvd-cve-scraper").call(run_input=run_input) # Fetch and print Actor results from the run's dataset (if there are any) print("๐Ÿ’พ Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"]) for item in client.dataset(run["defaultDatasetId"]).iterate_items(): print(item) # ๐Ÿ“š Want to learn more ๐Ÿ“–? Go to โ†’ https://docs.apify.com/api/client/python/docs/quick-start ``` ## CLI example ```bash echo '{ "cveId": "", "keyword": "", "severity": "", "cweId": "", "pubStartDate": "", "pubEndDate": "", "sourceIdentifier": "", "virtualMatchString": "", "maxItems": 10 }' | apify call parseforge/nist-nvd-cve-scraper --silent --output-dataset ``` ## MCP server setup ```json { "mcpServers": { "apify": { "command": "npx", "args": [ "mcp-remote", "https://mcp.apify.com/?tools=parseforge/nist-nvd-cve-scraper", "--header", "Authorization: Bearer " ] } } } ``` ## OpenAPI specification ```json { "openapi": "3.0.1", "info": { "title": "NIST NVD CVE Scraper", "description": "Scrape CVE vulnerabilities from the NIST National Vulnerability Database (NVD) API 2.0. Filter by severity, CWE, keyword, date range, or single CVE ID. Returns CVSS v3/v2 scores, CWE weaknesses, CPE configurations, and references.", "version": "0.0", "x-build-id": "raJ74ZvRqMElr3r0y" }, "servers": [ { "url": "https://api.apify.com/v2" } ], "paths": { "/acts/parseforge~nist-nvd-cve-scraper/run-sync-get-dataset-items": { "post": { "operationId": "run-sync-get-dataset-items-parseforge-nist-nvd-cve-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } }, "/acts/parseforge~nist-nvd-cve-scraper/runs": { "post": { "operationId": "runs-sync-parseforge-nist-nvd-cve-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor and returns information about the initiated run in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/runsResponseSchema" } } } } } } }, "/acts/parseforge~nist-nvd-cve-scraper/run-sync": { "post": { "operationId": "run-sync-parseforge-nist-nvd-cve-scraper", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } } }, "components": { "schemas": { "inputSchema": { "type": "object", "properties": { "cveId": { "title": "CVE ID (single lookup)", "type": "string", "description": "Look up a single CVE by ID (e.g. CVE-2024-1234). When set, all other filters are ignored.", "default": "" }, "cveIds": { "title": "CVE IDs (batch lookup)", "type": "array", "description": "Array of CVE IDs to fetch in one run (e.g. [\"CVE-2021-44228\", \"CVE-2021-45046\"]). Takes precedence over single cveId. Recommended max ~100 per call.", "default": [], "items": { "type": "string" } }, "keyword": { "title": "Keyword Search", "type": "string", "description": "Free-text keyword search across CVE descriptions (e.g. 'openssl', 'log4j', 'remote code execution').", "default": "" }, "severity": { "title": "CVSS v3 Severity", "enum": [ "", "CRITICAL", "HIGH", "MEDIUM", "LOW" ], "type": "string", "description": "Filter by CVSS v3 base severity. Leave empty for all severities.", "default": "" }, "cweId": { "title": "CWE ID", "type": "string", "description": "Filter by CWE weakness ID (e.g. CWE-79, CWE-89, CWE-787).", "default": "" }, "pubStartDate": { "title": "Published After", "type": "string", "description": "Filter CVEs published on or after this date (ISO 8601, e.g. 2024-01-01T00:00:00.000). NIST NVD requires both pubStartDate and pubEndDate together, max 120-day window.", "default": "" }, "pubEndDate": { "title": "Published Before", "type": "string", "description": "Filter CVEs published on or before this date (ISO 8601, e.g. 2024-12-31T23:59:59.999).", "default": "" }, "hasOval": { "title": "Has OVAL Records", "type": "boolean", "description": "Only include CVEs with OVAL (Open Vulnerability and Assessment Language) records.", "default": false }, "hasKev": { "title": "Listed in CISA KEV", "type": "boolean", "description": "Only include CVEs that appear in the CISA Known Exploited Vulnerabilities (KEV) catalog.", "default": false }, "hasCertAlerts": { "title": "Has CERT Alerts", "type": "boolean", "description": "Only include CVEs referenced in US-CERT Technical Alerts.", "default": false }, "hasCertNotes": { "title": "Has CERT Notes", "type": "boolean", "description": "Only include CVEs referenced in US-CERT Vulnerability Notes.", "default": false }, "noRejected": { "title": "Exclude Rejected CVEs", "type": "boolean", "description": "Skip CVEs in REJECTED status (duplicates or withdrawn entries that lack scoring data). Recommended on.", "default": true }, "sourceIdentifier": { "title": "Source Identifier", "type": "string", "description": "Filter by the CNA / source that submitted the CVE (e.g. 'cve@mitre.org', 'security-advisories@github.com').", "default": "" }, "virtualMatchString": { "title": "Virtual Match String (CPE)", "type": "string", "description": "CPE 2.3 match string to filter by affected product (e.g. 'cpe:2.3:a:apache:log4j'). Returns CVEs that match the CPE.", "default": "" }, "maxItems": { "title": "Max Items", "minimum": 1, "maximum": 1000000, "type": "integer", "description": "Free users: Limited to 10 items (preview). Paid users: Optional, max 1,000,000" } } }, "runsResponseSchema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string" }, "actId": { "type": "string" }, "userId": { "type": "string" }, "startedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "finishedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "status": { "type": "string", "example": "READY" }, "meta": { "type": "object", "properties": { "origin": { "type": "string", "example": "API" }, "userAgent": { "type": "string" } } }, "stats": { "type": "object", "properties": { "inputBodyLen": { "type": "integer", "example": 2000 }, "rebootCount": { "type": "integer", "example": 0 }, "restartCount": { "type": "integer", "example": 0 }, "resurrectCount": { "type": "integer", "example": 0 }, "computeUnits": { "type": "integer", "example": 0 } } }, "options": { "type": "object", "properties": { "build": { "type": "string", "example": "latest" }, "timeoutSecs": { "type": "integer", "example": 300 }, "memoryMbytes": { "type": "integer", "example": 1024 }, "diskMbytes": { "type": "integer", "example": 2048 } } }, "buildId": { "type": "string" }, "defaultKeyValueStoreId": { "type": "string" }, "defaultDatasetId": { "type": "string" }, "defaultRequestQueueId": { "type": "string" }, "buildNumber": { "type": "string", "example": "1.0.0" }, "containerUrl": { "type": "string" }, "usage": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "integer", "example": 1 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } }, "usageTotalUsd": { "type": "number", "example": 0.00005 }, "usageUsd": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "number", "example": 0.00005 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } } } } } } } } } ```