GnistAI GnistAI
Log in

Getting Started with NVD (National Vulnerability Database)

Search the NIST National Vulnerability Database — CVE records with CVSS scores, CWE weaknesses, advisory references, affected products, and change history. 250K+ vulnerabilities from 1999 to present.

All Tutorials   |   Overview   |   Playground   |   MCP   |   REST API   |   Home
Security

Data source: NIST NVD 2.0 API (nvd.nist.gov)

Overview

NVD (National Vulnerability Database) wraps NIST NVD 2.0 API (nvd.nist.gov), handling authentication, pagination, and rate limits for you. This tutorial covers all 4 tools with working code examples you can copy and run.

Prerequisites

  1. Sign up at https://context.gnist.ai/signup for a free API key (100 calls/day).
  2. Choose your integration method: MCP protocol or REST API.

Connect via MCP

Add to your MCP client config (Claude Desktop, Cursor, etc.):

MCP Config 
{
  "mcpServers": {
    "gnist-nvd": {
      "url": "https://context.gnist.ai/mcp/nvd/",
      "headers": {
        "Gnist-API-Key": "YOUR_API_KEY"
      }
    }
  }
}

Tools (4)

search_cves

Search the NIST National Vulnerability Database for CVEs. Query CVE records by keyword, severity, date range, or affected product. Returns vulnerability details including CVSS scores, CWE weaknesses, references, and affected products (CPE names). Args: keyword: Keyword to search in CVE descriptions. cve_id: Specific CVE ID for exact match lookup. severity: CVSS v3 severity filter: LOW, MEDIUM, HIGH, or CRITICAL. pub_start_date: Filter CVEs published after this date (ISO 8601). pub_end_date: Filter CVEs published before this date (ISO 8601). cpe_name: CPE match string for affected product. results_per_page: Maximum results (1-50, default 10). Returns: Dict with 'source', 'count', 'total_results', and 'cves' list. Each CVE includes id, description, CVSS scores, CWEs, and references.

ParameterTypeRequiredDescription
keywordanyoptionalKeyword to search CVE descriptions (e.g. "buffer overflow", "SQL injection").
cve_idanyoptionalSpecific CVE ID (e.g. "CVE-2024-0001"). Returns exact match.
severityanyoptionalCVSS v3 severity: "LOW", "MEDIUM", "HIGH", or "CRITICAL".
pub_start_dateanyoptionalStart of publication date range (ISO 8601, e.g. "2024-01-01T00:00:00.000").
pub_end_dateanyoptionalEnd of publication date range (ISO 8601, e.g. "2024-12-31T23:59:59.999").
cpe_nameanyoptionalCPE match string for affected product (e.g. "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*").
results_per_pageintegeroptionalMaximum results to return (1-50, default 10). (default: 10)
curl -X POST "https://context.gnist.ai/mcp/nvd/" \
  -H "Content-Type: application/json" \
  -H "Gnist-API-Key: YOUR_API_KEY" \
  -d '{"jsonrpc": "2.0", "method": "tools/call", "id": 1, "params": {"name": "search_cves", "arguments": {"keyword": "buffer overflow"}}}'
import httpx

resp = httpx.post(
    "https://context.gnist.ai/mcp/nvd/",
    headers={"Gnist-API-Key": "YOUR_API_KEY"},
    json={'id': 1,
 'jsonrpc': '2.0',
 'method': 'tools/call',
 'params': {'arguments': {'keyword': 'buffer overflow'}, 'name': 'search_cves'}},
)
print(resp.json())

get_cve

Get full details for a specific CVE from the National Vulnerability Database. Returns complete vulnerability information including CVSS scores from multiple sources, CWE weakness classifications, advisory references, and affected product CPE names. Args: cve_id: CVE identifier (e.g. "CVE-2021-44228" for Log4Shell). Returns: Dict with 'source' and 'cve' containing full vulnerability details, or 'cve': None if the CVE ID is not found.

ParameterTypeRequiredDescription
cve_idstringrequiredCVE identifier (e.g. "CVE-2024-0001", "CVE-2021-44228").
curl -X POST "https://context.gnist.ai/mcp/nvd/" \
  -H "Content-Type: application/json" \
  -H "Gnist-API-Key: YOUR_API_KEY" \
  -d '{"jsonrpc": "2.0", "method": "tools/call", "id": 1, "params": {"name": "get_cve", "arguments": {"cve_id": "CVE-2024-0001"}}}'
import httpx

resp = httpx.post(
    "https://context.gnist.ai/mcp/nvd/",
    headers={"Gnist-API-Key": "YOUR_API_KEY"},
    json={'id': 1,
 'jsonrpc': '2.0',
 'method': 'tools/call',
 'params': {'arguments': {'cve_id': 'CVE-2024-0001'}, 'name': 'get_cve'}},
)
print(resp.json())

get_cve_history

Get the change history for a specific CVE. Shows how a CVE record has been modified over time, including initial analysis, score changes, reference additions, and status updates. Useful for tracking how vulnerability assessments evolved. Args: cve_id: CVE identifier (e.g. "CVE-2021-44228"). Returns: Dict with 'source', 'count', and 'history' list. Each entry includes event name, creation date, source, and change details.

ParameterTypeRequiredDescription
cve_idstringrequiredCVE identifier (e.g. "CVE-2024-0001").
curl -X POST "https://context.gnist.ai/mcp/nvd/" \
  -H "Content-Type: application/json" \
  -H "Gnist-API-Key: YOUR_API_KEY" \
  -d '{"jsonrpc": "2.0", "method": "tools/call", "id": 1, "params": {"name": "get_cve_history", "arguments": {"cve_id": "CVE-2024-0001"}}}'
import httpx

resp = httpx.post(
    "https://context.gnist.ai/mcp/nvd/",
    headers={"Gnist-API-Key": "YOUR_API_KEY"},
    json={'id': 1,
 'jsonrpc': '2.0',
 'method': 'tools/call',
 'params': {'arguments': {'cve_id': 'CVE-2024-0001'},
            'name': 'get_cve_history'}},
)
print(resp.json())

report_feedback

Report a bug, feature request, or general feedback for this data source. Use this when something doesn't work as expected, when you'd like a new feature, or when you have suggestions for improvement. Args: feedback: Describe the issue or suggestion. feedback_type: One of 'bug', 'feature_request', or 'general'.

ParameterTypeRequiredDescription
feedbackstringrequired
feedback_typestringoptional (default: general)
curl -X POST "https://context.gnist.ai/mcp/nvd/" \
  -H "Content-Type: application/json" \
  -H "Gnist-API-Key: YOUR_API_KEY" \
  -d '{"jsonrpc": "2.0", "method": "tools/call", "id": 1, "params": {"name": "report_feedback", "arguments": {"feedback": "example"}}}'
import httpx

resp = httpx.post(
    "https://context.gnist.ai/mcp/nvd/",
    headers={"Gnist-API-Key": "YOUR_API_KEY"},
    json={'id': 1,
 'jsonrpc': '2.0',
 'method': 'tools/call',
 'params': {'arguments': {'feedback': 'example'}, 'name': 'report_feedback'}},
)
print(resp.json())

Common Patterns

Search then retrieve
Use search_cves to find items, then get_cve to get full details. This two-step pattern is common for exploring data before drilling down.

FAQ

What data does NVD (National Vulnerability Database) provide?

Search the NIST National Vulnerability Database — CVE records with CVSS scores, CWE weaknesses, advisory references, affected products, and change history. 250K+ vulnerabilities from 1999 to present. It exposes 4 tools: search_cves, get_cve, get_cve_history, report_feedback.

What do I need to get started?

A Gnist API key (free tier: 100 calls/day). Sign up at https://context.gnist.ai/signup.

What format does the NVD (National Vulnerability Database) API return?

JSON, via either MCP protocol (JSON-RPC 2.0) or REST API.

Next Steps

Interactive Playground
Try tools in your browser — no setup required.
Full Reference
Complete docs for all 4 tools.

Related Tutorials

IODA (Internet Outage Detection)
Tutorial
Cyber Intelligence
Tutorial