# CVE Vulnerability Monitor - NVD Daily (`pink_comic/nvd-cve-vulnerability-database`) Actor Monitor the National Vulnerability Database for new CVEs daily. Schedule runs to track vulnerabilities by keyword, severity, or vendor. Get CVSS scores, descriptions, and affected products. For security teams, DevSecOps, penetration testers, and compliance. Pay per result. - **URL**: https://apify.com/pink\_comic/nvd-cve-vulnerability-database.md - **Developed by:** [Ava Torres](https://apify.com/pink_comic) (community) - **Categories:** Automation, Developer tools, AI - **Stats:** 3 total users, 2 monthly users, 100.0% runs succeeded, NaN bookmarks - **User rating**: No ratings yet ## Pricing from $2.00 / 1,000 results This Actor is paid per event. You are not charged for the Apify platform usage, but only a fixed price for specific events. Learn more: https://docs.apify.com/platform/actors/running/actors-in-store#pay-per-event ## What's an Apify Actor? Actors are a software tools running on the Apify platform, for all kinds of web data extraction and automation use cases. In Batch mode, an Actor accepts a well-defined JSON input, performs an action which can take anything from a few seconds to a few hours, and optionally produces a well-defined JSON output, datasets with results, or files in key-value store. In Standby mode, an Actor provides a web server which can be used as a website, API, or an MCP server. Actors are written with capital "A". ## How to integrate an Actor? If asked about integration, you help developers integrate Actors into their projects. You adapt to their stack and deliver integrations that are safe, well-documented, and production-ready. The best way to integrate Actors is as follows. In JavaScript/TypeScript projects, use official [JavaScript/TypeScript client](https://docs.apify.com/api/client/js.md): ```bash npm install apify-client ``` In Python projects, use official [Python client library](https://docs.apify.com/api/client/python.md): ```bash pip install apify-client ``` In shell scripts, use [Apify CLI](https://docs.apify.com/cli/docs.md): ````bash # MacOS / Linux curl -fsSL https://apify.com/install-cli.sh | bash # Windows irm https://apify.com/install-cli.ps1 | iex ```bash In AI frameworks, you might use the [Apify MCP server](https://docs.apify.com/platform/integrations/mcp.md). If your project is in a different language, use the [REST API](https://docs.apify.com/api/v2.md). For usage examples, see the [API](#api) section below. For more details, see Apify documentation as [Markdown index](https://docs.apify.com/llms.txt) and [Markdown full-text](https://docs.apify.com/llms-full.txt). # README ## NVD CVE Vulnerability Database - Security & Compliance Intelligence Search the **NIST National Vulnerability Database (NVD)** for CVE security vulnerabilities. Filter by keyword, CVSS severity, and publication date. Extract structured data for vulnerability monitoring, security compliance, patch management, and threat intelligence workflows. No API key required. Uses the official [NVD CVE API 2.0](https://nvd.nist.gov/developers/vulnerabilities). ### What you get Each CVE record includes: - **CVE ID** (e.g. `CVE-2021-44228`) - **Description** — plain-English explanation of the vulnerability - **Severity** — CVSS v3 severity: CRITICAL, HIGH, MEDIUM, or LOW - **CVSS score** — base score from 0.0 to 10.0 - **CVSS vector string** — full CVSS v3 vector for scoring details - **CWE ID** — weakness category (e.g. `CWE-79` for XSS, `CWE-89` for SQL injection) - **Affected products** — CPE URI list of vulnerable software and versions (up to 50 per CVE) - **Published date** and **last modified date** - **Source URL** — direct link to the NVD detail page ### Use cases - **Vulnerability monitoring:** Track new CRITICAL and HIGH CVEs affecting your technology stack - **Security compliance:** Audit CVE exposure across specific software components for SOC 2, ISO 27001, or FedRAMP - **Patch management:** Identify unpatched vulnerabilities by keyword or product CPE - **Threat intelligence:** Correlate CVE data with CVSS scores and CWE categories for risk prioritization - **Penetration testing research:** Find known vulnerabilities by keyword (e.g. "apache", "openssl", "remote code execution") - **Security tooling:** Enrich SIEM, vulnerability scanners, or asset management systems with NVD data ### Input | Field | Type | Description | |-------|------|-------------| | `keywordSearch` | string | Keyword to search CVE descriptions (e.g. `log4j`, `apache`, `buffer overflow`) | | `severity` | string | CVSS v3 severity filter: `CRITICAL`, `HIGH`, `MEDIUM`, `LOW`, or blank for all | | `pubStartDate` | string | Published on or after this date: `YYYY-MM-DD` or `YYYY-MM-DDTHH:MM:SS.mmm` | | `pubEndDate` | string | Published on or before this date: `YYYY-MM-DD` or `YYYY-MM-DDTHH:MM:SS.mmm` | | `maxResults` | integer | Max records to return (default 100, max 20,000) | All fields are optional. With no filters, returns the most recently published CVEs. ### Output example ```json { "cveId": "CVE-2021-44228", "description": "Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints...", "severity": "CRITICAL", "cvssScore": 10.0, "cvssVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cweId": "CWE-917", "affectedProducts": [ "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*", "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*" ], "publishedDate": "2021-12-10T10:15:09.143", "lastModifiedDate": "2023-04-03T20:15:08.127", "sourceUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" } ```` ### Rate limits The NVD API allows 5 requests per 30-second rolling window without an API key. This actor paginates automatically and respects the rate limit between pages. Large queries (>2,000 results) will take additional time due to enforced delays between pages. ### Data source Uses the official [NVD CVE API 2.0](https://services.nvd.nist.gov/rest/json/cves/2.0) maintained by NIST. Data is authoritative, continuously updated, and free to use. Coverage spans all published CVEs from 1999 to present. # Actor input Schema ## `keywordSearch` (type: `string`): Search CVE descriptions by keyword (e.g. "apache", "log4j", "remote code execution"). Leave blank to search without a keyword filter. ## `severity` (type: `string`): Filter results by CVSS v3 severity. Leave blank to include all severities. ## `pubStartDate` (type: `string`): Filter CVEs published on or after this date. Use ISO 8601 format: YYYY-MM-DD or YYYY-MM-DDTHH:MM:SS.mmm (e.g. "2024-01-01"). ## `pubEndDate` (type: `string`): Filter CVEs published on or before this date. Use ISO 8601 format: YYYY-MM-DD or YYYY-MM-DDTHH:MM:SS.mmm (e.g. "2024-12-31"). ## `maxResults` (type: `integer`): Maximum number of CVE records to return. NVD returns up to 2,000 per API page; large result sets are paginated automatically. ## Actor input object example ```json { "keywordSearch": "log4j", "severity": "", "pubStartDate": "", "pubEndDate": "", "maxResults": 100 } ``` # API You can run this Actor programmatically using our API. Below are code examples in JavaScript, Python, and CLI, as well as the OpenAPI specification and MCP server setup. ## JavaScript example ```javascript import { ApifyClient } from 'apify-client'; // Initialize the ApifyClient with your Apify API token // Replace the '' with your token const client = new ApifyClient({ token: '', }); // Prepare Actor input const input = { "keywordSearch": "log4j", "severity": "", "pubStartDate": "", "pubEndDate": "", "maxResults": 100 }; // Run the Actor and wait for it to finish const run = await client.actor("pink_comic/nvd-cve-vulnerability-database").call(input); // Fetch and print Actor results from the run's dataset (if any) console.log('Results from dataset'); console.log(`💾 Check your data here: https://console.apify.com/storage/datasets/${run.defaultDatasetId}`); const { items } = await client.dataset(run.defaultDatasetId).listItems(); items.forEach((item) => { console.dir(item); }); // 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/js/docs ``` ## Python example ```python from apify_client import ApifyClient # Initialize the ApifyClient with your Apify API token # Replace '' with your token. client = ApifyClient("") # Prepare the Actor input run_input = { "keywordSearch": "log4j", "severity": "", "pubStartDate": "", "pubEndDate": "", "maxResults": 100, } # Run the Actor and wait for it to finish run = client.actor("pink_comic/nvd-cve-vulnerability-database").call(run_input=run_input) # Fetch and print Actor results from the run's dataset (if there are any) print("💾 Check your data here: https://console.apify.com/storage/datasets/" + run["defaultDatasetId"]) for item in client.dataset(run["defaultDatasetId"]).iterate_items(): print(item) # 📚 Want to learn more 📖? Go to → https://docs.apify.com/api/client/python/docs/quick-start ``` ## CLI example ```bash echo '{ "keywordSearch": "log4j", "severity": "", "pubStartDate": "", "pubEndDate": "", "maxResults": 100 }' | apify call pink_comic/nvd-cve-vulnerability-database --silent --output-dataset ``` ## MCP server setup ```json { "mcpServers": { "apify": { "command": "npx", "args": [ "mcp-remote", "https://mcp.apify.com/?tools=pink_comic/nvd-cve-vulnerability-database", "--header", "Authorization: Bearer " ] } } } ``` ## OpenAPI specification ```json { "openapi": "3.0.1", "info": { "title": "CVE Vulnerability Monitor - NVD Daily", "description": "Monitor the National Vulnerability Database for new CVEs daily. Schedule runs to track vulnerabilities by keyword, severity, or vendor. Get CVSS scores, descriptions, and affected products. For security teams, DevSecOps, penetration testers, and compliance. Pay per result.", "version": "0.1", "x-build-id": "b78SSuwnY2GmqOX7b" }, "servers": [ { "url": "https://api.apify.com/v2" } ], "paths": { "/acts/pink_comic~nvd-cve-vulnerability-database/run-sync-get-dataset-items": { "post": { "operationId": "run-sync-get-dataset-items-pink_comic-nvd-cve-vulnerability-database", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for its completion, and returns Actor's dataset items in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } }, "/acts/pink_comic~nvd-cve-vulnerability-database/runs": { "post": { "operationId": "runs-sync-pink_comic-nvd-cve-vulnerability-database", "x-openai-isConsequential": false, "summary": "Executes an Actor and returns information about the initiated run in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/runsResponseSchema" } } } } } } }, "/acts/pink_comic~nvd-cve-vulnerability-database/run-sync": { "post": { "operationId": "run-sync-pink_comic-nvd-cve-vulnerability-database", "x-openai-isConsequential": false, "summary": "Executes an Actor, waits for completion, and returns the OUTPUT from Key-value store in response.", "tags": [ "Run Actor" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/inputSchema" } } } }, "parameters": [ { "name": "token", "in": "query", "required": true, "schema": { "type": "string" }, "description": "Enter your Apify token here" } ], "responses": { "200": { "description": "OK" } } } } }, "components": { "schemas": { "inputSchema": { "type": "object", "properties": { "keywordSearch": { "title": "Keyword Search", "type": "string", "description": "Search CVE descriptions by keyword (e.g. \"apache\", \"log4j\", \"remote code execution\"). Leave blank to search without a keyword filter.", "default": "log4j" }, "severity": { "title": "CVSS v3 Severity", "enum": [ "", "CRITICAL", "HIGH", "MEDIUM", "LOW" ], "type": "string", "description": "Filter results by CVSS v3 severity. Leave blank to include all severities.", "default": "" }, "pubStartDate": { "title": "Published Start Date", "type": "string", "description": "Filter CVEs published on or after this date. Use ISO 8601 format: YYYY-MM-DD or YYYY-MM-DDTHH:MM:SS.mmm (e.g. \"2024-01-01\").", "default": "" }, "pubEndDate": { "title": "Published End Date", "type": "string", "description": "Filter CVEs published on or before this date. Use ISO 8601 format: YYYY-MM-DD or YYYY-MM-DDTHH:MM:SS.mmm (e.g. \"2024-12-31\").", "default": "" }, "maxResults": { "title": "Max Results", "minimum": 1, "maximum": 20000, "type": "integer", "description": "Maximum number of CVE records to return. NVD returns up to 2,000 per API page; large result sets are paginated automatically.", "default": 100 } } }, "runsResponseSchema": { "type": "object", "properties": { "data": { "type": "object", "properties": { "id": { "type": "string" }, "actId": { "type": "string" }, "userId": { "type": "string" }, "startedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "finishedAt": { "type": "string", "format": "date-time", "example": "2025-01-08T00:00:00.000Z" }, "status": { "type": "string", "example": "READY" }, "meta": { "type": "object", "properties": { "origin": { "type": "string", "example": "API" }, "userAgent": { "type": "string" } } }, "stats": { "type": "object", "properties": { "inputBodyLen": { "type": "integer", "example": 2000 }, "rebootCount": { "type": "integer", "example": 0 }, "restartCount": { "type": "integer", "example": 0 }, "resurrectCount": { "type": "integer", "example": 0 }, "computeUnits": { "type": "integer", "example": 0 } } }, "options": { "type": "object", "properties": { "build": { "type": "string", "example": "latest" }, "timeoutSecs": { "type": "integer", "example": 300 }, "memoryMbytes": { "type": "integer", "example": 1024 }, "diskMbytes": { "type": "integer", "example": 2048 } } }, "buildId": { "type": "string" }, "defaultKeyValueStoreId": { "type": "string" }, "defaultDatasetId": { "type": "string" }, "defaultRequestQueueId": { "type": "string" }, "buildNumber": { "type": "string", "example": "1.0.0" }, "containerUrl": { "type": "string" }, "usage": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "integer", "example": 1 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } }, "usageTotalUsd": { "type": "number", "example": 0.00005 }, "usageUsd": { "type": "object", "properties": { "ACTOR_COMPUTE_UNITS": { "type": "integer", "example": 0 }, "DATASET_READS": { "type": "integer", "example": 0 }, "DATASET_WRITES": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_READS": { "type": "integer", "example": 0 }, "KEY_VALUE_STORE_WRITES": { "type": "number", "example": 0.00005 }, "KEY_VALUE_STORE_LISTS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_READS": { "type": "integer", "example": 0 }, "REQUEST_QUEUE_WRITES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_INTERNAL_GBYTES": { "type": "integer", "example": 0 }, "DATA_TRANSFER_EXTERNAL_GBYTES": { "type": "integer", "example": 0 }, "PROXY_RESIDENTIAL_TRANSFER_GBYTES": { "type": "integer", "example": 0 }, "PROXY_SERPS": { "type": "integer", "example": 0 } } } } } } } } } } ```