fkie-cad / nvd-json-data-feeds
Community reconstruction of the legacy JSON NVD Data Feeds. This project uses and redistributes data from the NVD API but is neither endorsed nor certified by the NVD.
AI Architecture Analysis
This repository is indexed by RepoMind. By analyzing fkie-cad/nvd-json-data-feeds in our AI interface, you can instantly generate complete architecture diagrams, visualize control flows, and perform automated security audits across the entire codebase.
Our Agentic Context Augmented Generation (Agentic CAG) engine loads full source files into context on-demand, avoiding the fragmentation of traditional RAG systems. Ask questions about the architecture, dependencies, or specific features to see it in action.
Embed this Badge
Showcase RepoMind's analysis directly in your repository's README.
Repository Overview (README excerpt)
Crawler viewnvd-json-data-feeds Community reconstruction of the deprecated JSON NVD Data Feeds. Releases each day at 00:00 AM UTC. Repository synchronizes with the NVD every 2 hours. Repository at a Glance Last Repository Update Most recent CVE Modification Timestamp synchronized with NVD Last Data Feed Release Download and Changelog: Click Total Number of included CVEs CVEs added in the last Commit Recently added CVEs: • CVE-2026-21570 ( ) • CVE-2026-25534 ( ) • CVE-2026-25769 ( ) • CVE-2026-25770 ( ) • CVE-2026-32290 ( ) • CVE-2026-32291 ( ) • CVE-2026-32292 ( ) • CVE-2026-32293 ( ) • CVE-2026-32294 ( ) • CVE-2026-32295 ( ) • CVE-2026-32296 ( ) • CVE-2026-32297 ( ) • CVE-2026-32298 ( ) • CVE-2026-4319 ( ) CVEs modified in the last Commit Recently modified CVEs: • CVE-2026-29120 ( ) • CVE-2026-2920 ( ) • CVE-2026-2921 ( ) • CVE-2026-2922 ( ) • CVE-2026-2923 ( ) • CVE-2026-3081 ( ) • CVE-2026-3082 ( ) • CVE-2026-3083 ( ) • CVE-2026-3084 ( ) • CVE-2026-3085 ( ) • CVE-2026-3086 ( ) • CVE-2026-30875 ( ) • CVE-2026-30876 ( ) • CVE-2026-30881 ( ) • CVE-2026-30882 ( ) • CVE-2026-30911 ( ) • CVE-2026-32262 ( ) • CVE-2026-32263 ( ) • CVE-2026-32264 ( ) • CVE-2026-32267 ( ) • CVE-2026-32398 ( ) • CVE-2026-32594 ( ) • CVE-2026-32705 ( ) • CVE-2026-3824 ( ) • CVE-2026-4276 ( ) Download and Usage There are several ways you can work with the data in this repository: 1) Release Data Feed Packages The most straightforward approach is to obtain the latest Data Feed release packages here. Each day at 00:00 AM UTC we package and upload JSON files that aim to reconstruct the legacy NVD CVE Data Feeds. Those are aggregated by the part of the CVE identifier: We also upload the well-known and feeds. Furthermore, we provide the feed, which contains a recent snapshot of all NVD records. Once your local copy is synchronized and the last synchronization is no older than 8 days, you can rely on these to stay up to date: Note that all feeds are distributed in -compressed format to save storage and bandwidth. For decompression execute: Automation using Release Data Feed Packages You can fetch the latest releases for each package with the following static link layout: Example: 2) Clone the Repository (with Git History) As you can see by browsing this repository, there is a slight difference between the release packages format and the repository folder structure. This is because we want to maintain explorability of the dataset. Each CVE gets its own JSON file, e.g., . Here, each file is put into a folder layout that first sorts by CVE identifier part and then by part. We mask ( ) the last two digits to create easily navigable folders that hold a maximum of 100 CVE JSON files: A byproduct of managing and continuously updating this dataset via Git is that we can track changes over time through the Git history. If you are interested in having the NVD data as organized above, including the historical data of changes, just clone this repository (large!): (Optional) Meta Files Similar to the old official feeds, we provide meta files with each release. They can be fetched for each feed via: The structure is as follows: 3) Clone the Repository (without Git History) Don't need the history? Then create a shallow copy: Update Timetable • NVD Synchronization: , starting with • Release Packages: , at • NVD Rebuilds: , at Motivation On 2023-12-15, the NIST deprecated all JSON-based NVD Data Feeds. The new NVD CVE API 2.0 is, without a doubt, a great way to obtain CVE information. However, we from Fraunhofer FKIE - Cyber Analysis and Defense believe that the API does not cover a variety of use cases. The legacy NVD Data Feeds provided a convenient way to quickly obtain a complete, file-based offline database snapshot; just download the , decompress it, and use it as you please, e.g.: • Put the JSON feed into a document-based database and quickly leverage upon that data in your software project, ... • Parse and analyze it using your favorite programming language, ... • Put it on a USB stick and transfer it to a system without internet access, or ... • Query the file using ! Unfortunately, the new NVD API 2.0 adds complexity to this process. We want to preserve ease of use by reconstructing these data sources. Non-Endorsement Clause This project uses and redistributes data from the NVD API but is not endorsed or certified by the NVD. Bot Source Code The bot's source code is available at fkie-cad/nvd\_json\_bot.