Investigator Use
National Vulnerability Database (NVD) at nvd.nist.gov is the U.S. government's official repository for vulnerability data, maintained by NIST (National Institute of Standards and Technology). It is the authoritative source for CVE vulnerability records enriched with CVSS scoring, vulnerability categorization (CWE), affected product mappings (CPE), and remediation guidance.
For OSINT investigators and security professionals, NVD is the primary reference for authoritative vulnerability information. Every CVE that achieves NVD enrichment status includes a CVSS base score (severity), vector string (attack complexity, privileges required, user interaction, impact), affected software versions using standardized CPE identifiers, and links to official vendor advisories.
The CVSS vector string provides critical context for investigators: whether a vulnerability is remotely exploitable (vs. requiring local access), whether it requires authentication or user interaction, and what the potential impact is across confidentiality, integrity, and availability dimensions. This data enables rapid prioritization of vulnerabilities found during infrastructure assessment.
NVD's CPE-based product search allows investigators to retrieve all known CVEs for a specific software product and version combination. When a target organization's technology stack has been identified through OSINT, mapping it against NVD reveals the historical and current vulnerability exposure for each identified component.
For threat intelligence work, NVD's data feeds (JSON format) enable programmatic analysis of vulnerability trends, vendor-specific exposure analysis, and integration into custom security analysis workflows. The database is updated continuously as CVEs are enriched following initial assignment.
NVD complements CVE Details and OSV by providing the authoritative record where accuracy matters most — when documenting vulnerability findings in legal cases, regulatory compliance reports, or formal security assessments, NVD is the citation standard.
Limitations: NVD processing of new CVEs can lag behind initial assignment. For rapidly evolving zero-day situations, check vendor advisories and sources like Exploit-DB before NVD enrichment is complete. Always record the CVE number, CVSS score, affected version range, and the date of your NVD query in investigation documentation.
Before You Pivot
Record Context
Capture the target, search terms, and why this source is relevant before you leave the page.
Preserve Evidence
Archive volatile pages, save screenshots, and keep timestamps for anything that may change.
Corroborate
Treat one tool as a lead source. Confirm important findings with independent sources.
Related Tools
CVE
Cyber Threat OSINT
CVE provides standardized vulnerability identifiers and references used in security research, triage, and threat intelligence workflows.
CVE Details
Cyber Threat OSINT
CVE Details aggregates vulnerability records, CVSS scores, and affected software lists for security analysis and patch prioritization.
Default Passwords
Cyber Threat OSINT
Find default passwords and credentials for routers, printers, servers, and network devices for authorized security auditing.
Exploit DB
Cyber Threat OSINT
The Exploit Database archives public exploits and proof-of-concept code for known vulnerabilities, used in penetration testing and research.
Honey DB
Cyber Threat OSINT
HoneyDB aggregates honeypot sensor data to identify malicious IP addresses, attacker tactics, and emerging threat patterns.
Hybrid analysis
Cyber Threat OSINT
Hybrid Analysis provides free malware sandboxing with Falcon Sandbox technology to analyze suspicious files and URLs for threat intelligence.