CINXE.COM
Product APIs
<!DOCTYPE html> <html lang="en"> <head> <title>Product APIs</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <meta http-equiv="content-style-type" content="text/css" /> <meta http-equiv="content-script-type" content="text/javascript" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link href="/site-scripts/font-awesome/css/font-awesome.min.css" type="text/css" rel="stylesheet" /> <link href="/site-media/bootstrap/css/bootstrap.min.css" type="text/css" rel="stylesheet" /> <link href="/site-media/bootstrap/css/bootstrap-theme.min.css" type="text/css" rel="stylesheet" /> <link href="/site-scripts/eonasdan-bootstrap-datetimepicker/build/css/bootstrap-datetimepicker.min.css" type="text/css" rel="stylesheet" /> <link href="/site-media/css/nist-fonts.css" type="text/css" rel="stylesheet" /> <link href="/site-media/css/base-style.css" type="text/css" rel="stylesheet" /> <link href="/site-media/css/media-resize.css" type="text/css" rel="stylesheet" /> <meta name="theme-color" content="#000000"> <script src="/site-scripts/jquery/dist/jquery.min.js" type="text/javascript"></script> <script src="/site-scripts/jquery-visible/jquery.visible.min.js" type="text/javascript"></script> <script src="/site-scripts/underscore/underscore-min.js" type="text/javascript"></script> <script src="/site-media/bootstrap/js/bootstrap.js" type="text/javascript"></script> <script src="/site-scripts/moment/min/moment.min.js" type="text/javascript"></script> <script src="/site-scripts/eonasdan-bootstrap-datetimepicker/build/js/bootstrap-datetimepicker.min.js" type="text/javascript"></script> <script src="/site-media/js/megamenu.js" type="text/javascript"></script> <script src="/site-media/js/nist-exit-script.js" type="text/javascript"></script> <script src="/site-media/js/forms.js" type="text/javascript"></script> <script src="/site-media/js/federated-analytics.all.min.js?agency=NIST&subagency=nvd&pua=UA-37115410-41&yt=true" type="text/javascript" id="_fed_an_js_tag"></script> <!-- Google tag (gtag.js) --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-4KKFZP12LQ"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-4KKFZP12LQ'); </script> <style id="antiClickjack"> body>* { display: none !important; } #antiClickjack { display: block !important; } </style> <noscript> <style id="antiClickjackNoScript"> body>* { display: block !important; } #antiClickjack { display: none !important; } </style> </noscript> <script type="text/javascript" id="antiClickjackScript"> if (self === top) { // no clickjacking var antiClickjack = document.getElementById("antiClickjack"); antiClickjack.parentNode.removeChild(antiClickjack); } else { setTimeout(tryForward(), 5000); } function tryForward() { top.location = self.location; } </script> <meta charset="UTF-8"> <link href="/site-media/css/nvd-style.css" type="text/css" rel="stylesheet" /> <link href="/site-media/images/favicons/apple-touch-icon.png" rel="apple-touch-icon" type="image/png" sizes="180x180" /> <link href="/site-media/images/favicons/favicon-32x32.png" rel="icon" type="image/png" sizes="32x32" /> <link href="/site-media/images/favicons/favicon-16x16.png" rel="icon" type="image/png" sizes="16x16" /> <link href="/site-media/images/favicons/manifest.json" rel="manifest" /> <link href="/site-media/images/favicons/safari-pinned-tab.svg" rel="mask-icon" color="#000000" /> <link href="/site-media/images/favicons/favicon.ico" rel="shortcut icon" /> <meta name="msapplication-config" content="/site-media/images/favicons/browserconfig.xml" /> <link href="/site-media/images/favicons/favicon.ico" rel="shortcut icon" type="image/x-icon" /> <link href="/site-media/images/favicons/favicon.ico" rel="icon" type="image/x-icon" /> <meta charset="UTF-8"> <link href="/site-media/css/apiKey/api-styles.css" type="text/css" rel="stylesheet"/> <script> $(document).ready( function() { // get hash/anchor_id from url var hash = window.location.hash; // if hash exists, expand the section and scroll to hash if(hash.startsWith("#cpes-")) { toggleMoreCode('divGetCpeParameters', 'iconCpeParams'); $('html, body').animate({ scrollTop: $(hash).offset().top }, 1000); } if(hash.startsWith("#cpematch-")) { toggleMoreCode('divCpeMatchParameters', 'iconCpeMatchParams') $('html, body').animate({ scrollTop: $(hash).offset().top }, 1000); } }); function toggleMoreCode(elementId, iconId) { var x = document.getElementById(elementId); if (x.style.display === "none") { x.style.display = "block"; } else { x.style.display = "none"; } if(typeof iconId !== 'undefined') { var y = document.getElementById(iconId); if (x.style.display === "block") { y.classList.add("fa-minus"); y.classList.remove("fa-plus"); } else { y.classList.add("fa-plus"); y.classList.remove("fa-minus"); } } } </script> </head> <body> <header role="banner" title="Site Banner"> <div id="antiClickjack" style="display: none"> <h1>You are viewing this page in an unauthorized frame window.</h1> <p> This is a potential security issue, you are being redirected to <a href="https://nvd.nist.gov">https://nvd.nist.gov</a> </p> </div> <div> <section class="usa-banner" aria-label="Official government website"> <div class="usa-accordion container"> <header class="usa-banner__header"> <noscript> <p style="font-size: 0.85rem; font-weight: bold;">You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.</p> </noscript> <img class="usa-banner__header-flag" src="/site-media/images/usbanner/us_flag_small.png" alt="U.S. flag"> <span class="usa-banner__header-text">An official website of the United States government</span> <button id="gov-banner-button" class="usa-accordion__button usa-banner__button" data-toggle="collapse" data-target="#gov-banner" aria-expanded="false" aria-controls="gov-banner"> <span class="usa-banner__button-text">Here's how you know</span> </button> </header> <div class="usa-banner__content usa-accordion__content collapse" role="tabpanel" id="gov-banner" aria-expanded="true"> <div class="row"> <div class="col-md-5 col-sm-12"> <div class="row"> <div class="col-sm-2 col-xs-3"> <img class="usa-banner__icon usa-media-block__img" src="/site-media/images/usbanner/icon-dot-gov.svg" alt="Dot gov"> </div> <div class="col-sm-10 col-xs-9"> <p> <strong>Official websites use .gov</strong> <br> A <strong>.gov</strong> website belongs to an official government organization in the United States. </p> </div> </div> </div> <div class="col-md-5 col-sm-12"> <div class="row"> <div class="col-sm-2 col-xs-3"> <img class="usa-banner__icon usa-media-block__img" src="/site-media/images/usbanner/icon-https.svg" alt="Https"> </div> <div class="col-sm-10 col-xs-9"> <p> <strong>Secure .gov websites use HTTPS</strong> <br> A <strong>lock</strong> (<img class="usa-banner__lock" src="/site-media/images/usbanner/lock.svg" alt="Dot gov">) or <strong>https://</strong> means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. </p> </div> </div> </div> </div> </div> </div> </section> </div> <div> <div> <nav id="navbar" class="navbar"> <div id="nist-menu-container" class="container"> <div class="row"> <!-- Brand --> <div class="col-xs-6 col-md-4 navbar-header" style="height:104px"> <a class="navbar-brand" href="https://www.nist.gov" target="_blank" rel="noopener noreferrer" id="navbar-brand-image" style="padding-top: 36px"> <img alt="National Institute of Standards and Technology" src="/site-media/images/nist/nist-logo.svg" width="110" height="30"> </a> </div> <div class="col-xs-6 col-md-8 navbar-nist-logo"> <span id="nvd-menu-button" class="pull-right" style="margin-top: 26px"> <a href="#"> <span class="fa fa-bars"></span> <span id="nvd-menu-full-text"><span class="hidden-xxs">NVD </span>MENU</span> </a> </span> </div> </div> </div> <div class="main-menu-row container"> <!-- Collect the nav links, forms, and other content for toggling --> <div id="main-menu-drop" class="col-lg-12" style="display: none;"> <ul> <li><a href="/general"> General <span class="expander fa fa-plus" id="nvd-header-menu-general" data-expander-name="general" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="general"> <div class="row"> <div class="col-lg-4"> <p> <a href="/general/nvd-dashboard">NVD Dashboard</a> </p> <p> <a href="https://www.nist.gov/itl/nvd">News and Status Updates</a> </p> </div> <div class="col-lg-4"> <p> <a href="/general/faq">FAQ</a> </p> </div> <div class="col-lg-4"> <p> <a href="/general/visualizations">Visualizations</a> </p> <p> <a href="/general/legal-disclaimer">Legal Disclaimer</a> </p> </div> </div> </div></li> <li><a href="/vuln"> Vulnerabilities <span class="expander fa fa-plus" id="nvd-header-menu-vulnerabilities" data-expander-name="vulnerabilities" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="vulnerabilities"> <div class="row"> <div class="col-lg-4"> <p> <a href="/vuln/search">Search & Statistics</a> </p> <p> <a href="/vuln/categories">Weakness Types</a> </p> </div> <div class="col-lg-4"> <p> <a href="/vuln/data-feeds">Legacy Data Feeds</a> </p> <p> <a href="/vuln/vendor-comments">Vendor Comments</a> </p> </div> <div class="col-lg-4"> <p> <a href="/vuln/cvmap">CVMAP</a> </p> </div> </div> </div></li> <li><a href="/vuln-metrics/cvss#"> Vulnerability Metrics <span class="expander fa fa-plus" id="nvd-header-menu-metrics" data-expander-name="metrics" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="metrics"> <div class="row"> <div class="col-lg-4"> <p> <a href="/vuln-metrics/cvss/v4-calculator">CVSS v4.0 Calculators</a> </p> </div> <div class="col-lg-4"> <p> <a href="/vuln-metrics/cvss/v3-calculator">CVSS v3.x Calculators</a> </p> </div> <div class="col-lg-4"> <p> <a href="/vuln-metrics/cvss/v2-calculator">CVSS v2.0 Calculator</a> </p> </div> </div> </div></li> <li><a href="/products"> Products <span class="expander fa fa-plus" id="nvd-header-menu-products" data-expander-name="products" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="products"> <div class="row"> <div class="col-lg-4"> <p> <a href="/products/cpe">CPE Dictionary</a> </p> <p> <a href="/products/cpe/search">CPE Search</a> </p> </div> <div class="col-lg-4"> <p> <a href="/products/cpe/statistics">CPE Statistics</a> </p> <p> <a href="/products/swid">SWID</a> </p> </div> <div class="col-lg-4"></div> </div> </div></li> <li> <a href="/developers">Developers<span class="expander fa fa-plus" id="nvd-header-menu-developers" data-expander-name="developers" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="developers"> <div class="row"> <div class="col-lg-4"> <p> <a href="/developers/start-here">Start Here</a> </p> <p> <a href="/developers/request-an-api-key">Request an API Key</a> </p> </div> <div class="col-lg-4"> <p> <a href="/developers/vulnerabilities">Vulnerabilities</a> </p> <p> <a href="/developers/products">Products</a> </p> </div> <div class="col-lg-4"> <p> <a href="/developers/data-sources">Data Sources</a> </p> <p> <a href="/developers/terms-of-use">Terms of Use</a> </p> </div> </div> </div> </li> <li><a href="/contact"> Contact NVD </a></li> <li><a href="/other"> Other Sites <span class="expander fa fa-plus" id="nvd-header-menu-othersites" data-expander-name="otherSites" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="otherSites"> <div class="row"> <div class="col-lg-4"> <p> <a href="https://ncp.nist.gov">Checklist (NCP) Repository</a> </p> <p> <a href="https://ncp.nist.gov/cce">Configurations (CCE)</a> </p> <p> <a href="https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search">800-53 Controls</a> </p> </div> <div class="col-lg-4"> <p> <a href="https://csrc.nist.gov/projects/scap-validation-program">SCAP Validated Tools</a> </p> <p> <a href="https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP</a> </p> </div> <div class="col-lg-4"> <p> <a href="https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB</a> </p> </div> </div> </div></li> <li><a href="/search"> Search <span class="expander fa fa-plus" id="nvd-header-menu-search" data-expander-name="search" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="search"> <div class="row"> <div class="col-lg-4"> <p> <a href="/vuln/search">Vulnerability Search</a> </p> </div> <div class="col-lg-4"> <p> <a href="/products/cpe/search">CPE Search</a> </p> </div> </div> </div></li> </ul> </div> <!-- /#mobile-nav-container --> </div> </nav> <section id="itl-header" class="has-menu"> <div class="container"> <div class="row"> <div class="col-sm-12 col-md-8"> <h2 class="hidden-xs hidden-sm"> <a href="https://www.nist.gov/itl" target="_blank" rel="noopener noreferrer">Information Technology Laboratory</a> </h2> <h1 class="hidden-xs hidden-sm"> <a id="nvd-header-link" href="/">National Vulnerability Database</a> </h1> <h1 class="hidden-xs text-center hidden-md hidden-lg" >National Vulnerability Database</h1> <h1 class="hidden-sm hidden-md hidden-lg text-center" >NVD</h1> </div> <div class="col-sm-12 col-md-4"> <a style="width: 100%; text-align: center; display: block;padding-top: 14px"> <img id="img-logo-nvd-lg" alt="National Vulnerability Database" src="/site-media/images/F_NIST-Logo-NVD-white.svg" width="500" height="100"> </a> </div> </div> </div> </section> </div> </div> </header> <main> <div> <div id="body-section" class="container"> <div class="row"> <ol class="breadcrumb"> <li><a href="/developers" class="CMSBreadCrumbsLink">Developers</a></li> </ol> </div> <div> <div id="divProductApis" class="row"> <h2>Products</h2> <p> This documentation assumes that you already understand at least one common programming language and are generally familiar with JSON RESTful services. JSON specifies the format of the data returned by the REST service. REST refers to a style of services that allow computers to communicate via HTTP over the Internet. Click here for a list of <a href="/developers/start-here">best practices and additional information</a> on where to start. The NVD is also documenting <a href="/developers/api-workflows">popular workflows</a> to assist developers working with the APIs. </p> </div> <div id="divGetCpes" class="row"> <h3>CPE API</h3> <p> The CPE API is used to easily retrieve information on a single CPE record or a collection of CPE records from the <a href="/products/cpe/statistics"> Official CPE Dictionary</a> . The dictionary contains <span id="apiCpeNames">1,335,203</span> CPE Names and more than 420,000 match strings. Because of this, the NVD enforces offset-based pagination to answer requests for large collections. Through a series of smaller “chunked” responses controlled by an offset <code>startIndex</code> and a page limit <code>resultsPerPage</code> users may page through all the records in the dictionary. For more information on the full CPE specification please refer to the <a href="https://csrc.nist.gov/publications/detail/nistir/7695/final">Computer Security Resource Center</a>. </p> <p> The URL stem for retrieving CPE information is shown below. </p> </div> <div id= cpesBase class="example-request"> <div class="example-request-topbar"> <div class="example-request-title">Base URL</div> </div> <pre class="contentSection-pre"><code>https://services.nvd.nist.gov/rest/json/cpes/2.0</code></pre> </div> <h4 title="Click to expand or collapse"> <a id="toggleGetCpeParameters" onclick="toggleMoreCode('divGetCpeParameters', 'iconCpeParams')"> <span class="fa fa-plus" id="iconCpeParams"></span> Parameters </a> </h4> <div id="divGetCpeParameters" class="row" style="display: none"> <table class="table"> <tr> <td> <a id="cpes-cpeNameId"><span class="paramName">cpeNameId <span class="paramOptional">optional</span></span></a> <ul> <li><code>{uuid}</code></li> </ul> <p> This parameter returns a specific CPE record identified by a Universal Unique Identifier (UUID). Please note, <code>cpeNameId</code> only checks whether a <code>{uuid}</code> is correctly formatted. Requests for properly formatted <code>{uuid}</code> that have not been assigned to a product in the Official CPE Dictionary will return a successful response without results. </p> <p> The CPE <a href="/developers/products#divCpeMatchResponseBody">Match Criteria API response</a> provides valid <code>{uuid}</code> values under the <span class="json-obj">cpeNameId</span> field. </p> <div id= cpes-cpeNameId-request class="example-request"> <div class="example-request-topbar"> <div class="example-request-title">cpeNameId</div> </div> <pre class="contentSection-pre"><code>https://services.nvd.nist.gov/rest/json/cpes/2.0?cpeNameId=87316812-5F2C-4286-94FE-CC98B9EAEF53</code></pre> </div> </td> </tr> <tr> <td> <a id="cpes-cpeMatchString"><span class="paramName">cpeMatchString <span class="paramOptional">optional</span></span></a> <ul> <li><code>{match string}</code></li> </ul> <p> This parameter returns CPE Names that exist in the Official CPE Dictionary, based on the value of <code>{match string}</code>. </p> <p> A CPE Name is a string of characters comprised of 13 colon separated values that describe a product. In CPEv2.3 the first two values are always “cpe” and “2.3”. The 11 values that follow are referred to as the CPE components. </p> <p> A CPE Match string is a single CPE string that correlates to one or many CPE Names in the Official CPE Dictionary. Because the NVD publishes CPE applicability statements for thousands of CVE each year, match strings are made to withstand changes to the Official CPE Dictionary, without requiring consistent maintenance. </p> <div id= cpes-cpeMatchString-request-1 class="example-request"> <div class="example-request-topbar"> <div class="example-request-title">Request CPE names for Microsoft Windows 10</div> </div> <pre class="contentSection-pre"><code>https://services.nvd.nist.gov/rest/json/cpes/2.0?cpeMatchString=cpe:2.3:o:microsoft:windows_10</code></pre> </div> <br> <div id= cpes-cpeMatchString-request-2 class="example-request"> <div class="example-request-topbar"> <div class="example-request-title">Request CPE names for Microsoft Windows 10, version 1511</div> </div> <pre class="contentSection-pre"><code>https://services.nvd.nist.gov/rest/json/cpes/2.0?cpeMatchString=cpe:2.3:o:microsoft:windows_10:1511</code></pre> </div> <br> <div id= cpes-cpeMatchString-request-3 class="example-request"> <div class="example-request-topbar"> <div class="example-request-title">Request all CPE names with the vendor "Microsoft"</div> </div> <pre class="contentSection-pre"><code>https://services.nvd.nist.gov/rest/json/cpes/2.0?cpeMatchString=cpe:2.3:*:Microsoft</code></pre> </div> </td> </tr> <tr> <td> <a id="cpes-keywordExactMatch"><span class="paramName">keywordExactMatch <span class="paramOptional">optional</span></span></a> <p> By default, <code>keywordSearch</code> returns any CPE record where a word or phrase is found in the metadata title or reference links. </p> <p> If the value of <code>keywordSearch</code> is a phrase, i.e., contains more than one term, including <code>keywordExactMatch</code> returns only the CPE matching the phrase exactly. Otherwise, the results will contain records having any of the terms. If filtering by <code>keywordExactMatch</code>, <code>keywordSearch</code> is <span class="paramRequired">required</span>. Please note, this parameter should be provided without a parameter value. </p> <div id= cpes-keywordExactMatch-request-1 class="example-request"> <div class="example-request-topbar"> <div class="example-request-title">Request all exact matches of "Microsoft Windows"</div> </div> <pre class="contentSection-pre"><code>https://services.nvd.nist.gov/rest/json/cpes/2.0?keywordSearch=Microsoft Windows&keywordExactMatch</code></pre> </div> <P> Please note, the example above would not return a CPE unless the exact phrase "Microsoft Windows" appears in the metadata title or reference links. </P> </td> </tr> <tr> <td> <a id="cpes-keywordSearch"><span class="paramName">keywordSearch <span class="paramOptional">optional</span></span></a> <ul> <li><code>{keyword(s)}</code></li> </ul> <p> This parameter returns only the CPE records where a word or phrase is found in the metadata title or reference links. </p> <div id= cpes-keywordSearch-request-1 class="example-request"> <div class="example-request-topbar"> <div class="example-request-title">Request all mentions of "Red" and "Hat"</div> </div> <pre class="contentSection-pre"><code>https://services.nvd.nist.gov/rest/json/cpes/2.0?keywordSearch=Red Hat</code></pre> </div> <br> <div id= cpes-keywordSearch-request-2 class="example-request"> <div class="example-request-topbar"> <div class="example-request-title">Request any CPE mentioning both "Java" and "Oracle"</div> </div> <pre class="contentSection-pre"><code>https://services.nvd.nist.gov/rest/json/cpes/2.0?keywordSearch=Java Oracle </code></pre> </div> <p> Please note, multiple <code>{keywords}</code> function like an 'AND' statement. This returns results where all keywords exist somewhere in the metadata title or reference links, though not necessarily together. Keyword search operates as though a wildcard is placed after each keyword provided. For example, providing "circle" will return results such as "circles" but not "encircle". </p> </td> </tr> <tr> <td> <a id="cpes-lastModDates"><span class="paramName">lastModStartDate & lastModEndDate <span class="paramOptional">optional</span></span></a> <ul> <li><code>{start date}</code></li> <li><code>{end date}</code></li> </ul> <p> These parameters return only the CPE records that were last modified during the specified period. If a CPE record has been modified more recently than the specified period, it will not be included in the response. If filtering by the last modified date, both <code>lastModStartDate</code> and <code>lastModEndDate</code> are <span class="paramRequired">required</span>. The maximum allowable range when using any date range parameters is 120 consecutive days. </p> <p> A CPE record is considered "modified" when any of the follow actions occur: </p> <ol> <li>A new CPE record is created</li> <li>An existing CPE record is modified</li> <li>An existing CPE is deprecated</li> </ol> <p> Values must be entered in the extended ISO-8601 date/time format: </p> <code>[YYYY][“-”][MM][“-”][DD][“T”][HH][“:”][MM][“:”][SS][Z]</code> <p> The "T" is a literal to separate the date from the time. The Z indicates an optional offset-from-UTC. Please note, if a positive Z value is used (such as +01:00 for Central European Time) then the "+" should be encoded in the request as "%2B". The user agent may handle this automatically. </p> <div id= cpes-lastModDates-request class="example-request"> <div class="example-request-topbar"> <div class="example-request-title">Request all CPE records modified between the start and end datetimes</div> </div> <pre class="contentSection-pre"><code>https://services.nvd.nist.gov/rest/json/cpes/2.0/?lastModStartDate=2021-08-04T13:00:00.000%2B01:00&lastModEndDate=2021-10-22T13:36:00.000%2B01:00</code></pre> </div> </td> </tr> <tr> <td> <a id="cpes-matchCriteriaId"><span class="paramName">matchCriteriaId <span class="paramOptional">optional</span></span></a> <ul> <li><code>{uuid}</code></li> </ul> <p> This parameter returns all CPE records associated with a match string identified by its <code>{uuid}</code>. <code>matchCriteriaId</code> will only accept a properly formatted <code>{uuid}</code>. </p> <p> CPE Match Criteria comes in two forms: CPE Match Strings and CPE Match String Ranges. Both are abstract concepts that are then correlated to CPE URIs in the Official CPE Dictionary. Unlike a CPE Name, match strings and match string ranges do not require a value in the part, vendor, product, or version components. The CVE API returns valid <code>{uuid}</code> within the <span class="json-obj">configurations</span> object. The Match Criteria API returns valid <code>{uuid}</code> within the <span class="json-obj">matchCriteriaId</span> object. </p> <div id= cpes-matchCriteriaId-request class="example-request"> <div class="example-request-topbar"> <div class="example-request-title">Request all CPE names that match a uuid</div> </div> <pre class="contentSection-pre"><code>https://services.nvd.nist.gov/rest/json/cpes/2.0?matchCriteriaId=36FBCF0F-8CEE-474C-8A04-5075AF53FAF4</code></pre> </div> </td> </tr> <tr> <td> <a id="cpes-resultsPerPage"><span class="paramName">resultsPerPage <span class="paramOptional">optional</span></span></a> <ul> <li><code>{page limit}</code></li> </ul> <p> This parameter specifies the maximum number of CPE records to be returned in a single API response. For network considerations, the default value and maximum allowable limit is <span id="apiResultsPerPageCpe">10,000</span>. </p> </td> </tr> <tr> <td> <a id="cpes-startIndex"><span class="paramName">startIndex <span class="paramOptional">optional</span></span></a> <ul> <li><code>{offset}</code></li> </ul> <p> This parameter specifies the index of the first CPE to be returned in the response data. The index is zero-based, meaning the first CPE is at index zero. </p> <p> The CPE API returns four primary objects in the response body that are used for pagination: <span class="json-obj">resultsPerPage</span>, <span class="json-obj">startIndex</span>, <span class="json-obj">totalResults</span>, and <span class="json-obj">products</span>. <span class="json-obj">totalResults</span> indicates the total number of CPE records that match the request parameters. If the value of <span class="json-obj">totalResults</span> is greater than the value of <span class="json-obj">resultsPerPage</span> there are more records than could be returned by a single API response and additional requests must update the <code>startIndex</code> to get the remaining records. </p> <p> The best, most efficient, practice for keeping up to date with the NVD is to use the date range parameters to request only the CPE that have been modified since your last request. </p> <div id= cpes-startIndex-request-1 class="example-request"> <div class="example-request-topbar"> <div class="example-request-title">Request 20 CPE records, beginning at index 0 and ending at index 19</div> </div> <pre class="contentSection-pre"><code>https://services.nvd.nist.gov/rest/json/cpes/2.0/?resultsPerPage=20&startIndex=0</code></pre> </div> <br> <div id= cpes-startIndex-request-2 class="example-request"> <div class="example-request-topbar"> <div class="example-request-title">Request the CPE records, beginning at index 20 and ending at index 39</div> </div> <pre class="contentSection-pre"><code>https://services.nvd.nist.gov/rest/json/cpes/2.0/?resultsPerPage=20&startIndex=20</code></pre> </div> </td> </tr> </table> </div> <h4 title="Click to expand or collapse"> <a id="toggleCpesResponseBody" onclick="toggleMoreCode('divCpesResponseBody', 'iconCpesResponseBody')"> <span class="fa fa-plus" id="iconCpesResponseBody"></span> Response </a> </h4> <div id="divCpesResponseBody" class="row" style="display: none"> <h5>CPE API JSON Schema</h5> <p> This API response includes only one JSON schema for defining the structure of the response data. The following document includes information on data types, regex patterns, maximum character length, and other information that can support developers and database administrators looking to create their own local repository. </p> <ul style="list-style: none"> <li><a href="https://csrc.nist.gov/schema/nvd/api/2.0/cpe_api_json_2.0.schema" class=schema-link>CPE Schema</a></li> </ul> <h5>Response Details</h5> <p> The CPE API returns seven primary objects in the body of the response: <span class="json-obj">resultsPerPage</span>, <span class="json-obj">startIndex</span>, <span class="json-obj">totalResults</span>, <span class="json-obj">format</span>, <span class="json-obj">version</span>, <span class="json-obj">timestamp</span>, and <span class="json-obj">products</span>. <p> <p> The <span class="json-obj">totalResults</span> object indicates the number of CPE records that match the request criteria, including all parameters. If the value of <span class="json-obj">totalResults</span> is greater than the value of <span class="json-obj">resultsPerPage</span>, then additional requests are necessary to return the remaining records. The parameter <span class="json-obj">startIndex</span> may be used in subsequent requests to identify the starting point for the next request. More information and the best practices for using <span class="json-obj">resultsPerPage</span> and <span class="json-obj">startIndex</span> are described above. </p> <p> The <span class="json-obj">format</span> and <span class="json-obj">version</span> objects identify the format and version of the API response. <span class="json-obj">timestamp</span> identifies when the response was generated. </p> <p> The <span class="json-obj">products</span> object contains an array of objects equal to the number of records returned in the response and is sorted in ascending order by the <span class="json-obj">created</span> property of the <span class="json-obj">cpe</span> object. The <span class="json-obj">cpe</span> object is explained in more detail below. </p> <h5 style="font-family:'Roboto Mono Web','Bitstream Vera Sans Mono','Consolas','Courier','monospace'" id="cpes-response-cpe">cpe <span class="paramRequired"> required</span> </h5> <p> This object contains a boolean flag indicating whether the CPE is <span class="json-obj">deprecated</span>, the <span class="json-obj">cpeName</span> (including the reverse solidus escape character \), the <span class="json-obj">cpeNameId</span>, the date and time that the CPE was added to the Official CPE Dictionary, the date and time that the CPE was last modified, as well as additional metadata under the <span class="json-obj">titles</span> object. If the CPE is deprecated an optional <span class="json-obj">deprecatedBy</span> field will provide the CPE Name that that replaces it. </p> <button onclick="toggleMoreCode('jsonWindowCpeResponse')">Toggle JSON</button> <div id="jsonWindowCpeResponse" class="example-response" style="display: none;"> <pre class="contentSection-pre"><code> { "resultsPerPage": 2, "startIndex": 0, "totalResults": 2, "format": "NVD_CPE", "version": "2.0", "timestamp": "2023-01-10T19:46:53.290", "products": [ { "cpe": { "deprecated": false, "cpeName": "cpe:2.3:a:3com:3cdaemon:-:*:*:*:*:*:*:*", "cpeNameId": "BAE41D20-D4AF-4AF0-AA7D-3BD04DA402A7", "lastModified": "2011-01-12T14:35:43.723", "created": "2007-08-23T21:05:57.937", "titles": [ { "title": "3Com 3CDaemon", "lang": "en" }, { "title": "スリーコム 3CDaemon", "lang": "ja" } ] } }, { "cpe": { "deprecated": true, "cpeName": "cpe:2.3:o:linux:linux_kernel:2.6.2:*:*:*:*:*:*:*", "cpeNameId": "DF3171C4-00E8-4B0F-97EB-2F3EC3394A87", "lastModified": "2021-06-01T14:14:47.707", "created": "2007-08-23T21:16:59.567", "titles": [ { "title": "Linux Kernel 2.6.2", "lang": "en" } ], "refs": [ { "ref": "https://github.com/torvalds/linux", "type": "Version" } ], "deprecatedBy": [ { "cpeName": "cpe:2.3:o:linux:linux_kernel:2.6.2:-:*:*:*:*:*:*", "cpeNameId": "1B4C49FC-8606-45D7-94D1-19C5626D69C7" } ], "deprecates": [ { "cpeName": "cpe:2.3:o:linux:kernel:2.6.2:*:*:*:*:*:*:*", "cpeNameId": "B548E49E-BC95-4804-A2C2-D7ACC7F72095" } ] } } ] } </code></pre> </div> </div> <br> <div id="divCpeMatch" class="row"> <h3>Match Criteria API</h3> <p> The CPE Match Criteria API is used to easily retrieve the complete list of valid CPE Match Strings. Unlike a CPE Name, match strings and match string ranges do not require a value in the part, vendor, product, or version components. </p> <p> The URL stem for retrieving match criteria information is shown below. </p> </div> <div id= cpeMatchBase class="example-request"> <div class="example-request-topbar"> <div class="example-request-title">Base URL</div> </div> <pre class="contentSection-pre"><code>https://services.nvd.nist.gov/rest/json/cpematch/2.0</code></pre> </div> <h4 title="Click to expand or collapse"> <a id="toggleGetCpeMatchParameters" onclick="toggleMoreCode('divCpeMatchParameters', 'iconCpeMatchParams')"> <span class="fa fa-plus" id="iconCpeMatchParams"></span> Parameters </a> </h4> <div id="divCpeMatchParameters" class="row" style="display: none"> <table class="table"> <tr> <td> <a id="cpematch-cveId"><span class="paramName">cveId <span class="paramOptional">optional</span></span></a> <ul> <li><code>{CVE ID}</code></li> </ul> <p> This parameter returns all non-deprecated CPE match strings in the availability statement of a specific vulnerability identified by its Common Vulnerabilities and Exposures identifier (the CVE ID). </p> <div id= cpematch-cveId-request class="example-request"> <div class="example-request-topbar"> <div class="example-request-title">cveId</div> </div> <pre class="contentSection-pre"><code>https://services.nvd.nist.gov/rest/json/cpematch/2.0?cveId=CVE-2022-32223</code></pre> </div> </td> </tr> <tr> <td> <a id="cpematch-lastModDates"><span class="paramName">lastModStartDate & lastModEndDate <span class="paramOptional">optional</span></span></a> <ul> <li><code>{start date}</code></li> <li><code>{end date}</code></li> </ul> <p> These parameters return only the CPE records that were last modified during the specified period. If a CPE record has been modified more recently than the specified period, it will not be included in the response. If filtering by the last modified date, both <code>lastModStartDate</code> and <code>lastModEndDate</code> are <span class="paramRequired">required</span>. The maximum allowable range when using any date range parameters is 120 consecutive days. </p> <p> When a user populates the <code>lastModStartDate</code> and <code>lastModEndDate</code> parameters, the API will compare these dates with the most recent <code>lastModified</code> or <code>cpeLastModified</code> dates of the CPE Match Criteria. If this date is within the time frame provided, the match criteria will be included in the response. This ensures that data consumers are always aware of changes to the CPE Match Criteria itself or the CPE Names that match. <br /> <code>cpeLastModified</code> changes when a CPE Name relevant to the CPE Match Criteria is created, modified, or deprecated. <br /> <code>lastModified</code> changes when the CPE Match Criteria is created or its status changes. </p> <p> Values must be entered in the extended ISO-8601 date/time format: </p> <code>[YYYY][“-”][MM][“-”][DD][“T”][HH][“:”][MM][“:”][SS][Z]</code> <p> The "T" is a literal to separate the date from the time. The Z indicates an optional offset-from-UTC. Please note, if a positive Z value is used (such as +01:00 for Central European Time) then the "+" should be encoded in the request as "%2B". The user agent may handle this automatically. </p> <div id="cpematch-lastModDates-request" class="example-request"> <div class="example-request-topbar"> <div class="example-request-title">Request all CPE match strings modified between the start and end datetimes</div> </div> <pre class="contentSection-pre"><code>https://services.nvd.nist.gov/rest/json/cpematch/2.0?lastModStartDate=2021-08-04T13:00:00.000%2B01:00&lastModEndDate=2021-10-22T13:36:00.000%2B01:00</code></pre> </div> </td> </tr> <tr> <td> <a id="cpematch-matchCriteriaId"><span class="paramName">matchCriteriaId <span class="paramOptional">optional</span></span></a> <ul> <li><code>{uuid}</code></li> </ul> <p> This parameter returns all CPE records associated with a match string identified by its <code>{uuid}</code>. <code>matchCriteriaId</code> will only accept a properly formatted <code>{uuid}</code>. </p> <p> CPE Match Criteria comes in two forms: CPE Match Strings and CPE Match String Ranges. Both are abstract concepts that are then correlated to CPE URIs in the Official CPE Dictionary. Unlike a CPE Name, match strings and match string ranges do not require a value in the part, vendor, product, or version components. The CVE API returns valid <code>{uuid}</code> within the <span class="json-obj">configurations</span> object. The Match Criteria API returns valid <code>{uuid}</code> within the <span class="json-obj">matchCriteriaId</span> object. </p> <div id="cpematch-matchCriteriaId-request" class="example-request"> <div class="example-request-topbar"> <div class="example-request-title">Request all CPE names that match a uuid</div> </div> <pre class="contentSection-pre"><code>https://services.nvd.nist.gov/rest/json/cpematch/2.0?matchCriteriaId=36FBCF0F-8CEE-474C-8A04-5075AF53FAF4</code></pre> </div> </td> </tr> <tr> <td> <a id="cpematch-matchStringSearch"><span class="paramName">matchStringSearch <span class="paramOptional">optional</span></span></a> <ul> <li><code>{cpe match string}</code></li> </ul> <p> This parameter returns all CPE Match Strings that conform to the pattern of the <code>{cpe match string}</code>. If a match string includes any CPE Names they will be listed in the response under <span class="json-obj">matches</span>. </p> <p> CPE Match Criteria comes in two forms: CPE Match Strings and CPE Match String Ranges. Both are abstract concepts that are then correlated to CPE URIs in the Official CPE Dictionary. Unlike a CPE Name, CPE Match Strings and CPE Match String Ranges do not require a value in the part, vendor, product, or version components. </p> <p> This parameter does not support CPE Match String Ranges. </p> <p> <code>matchCriteriaId</code> is a simpler alternative for many use cases. </p> <div id= cpematch-matchStringSearch-request class="example-request"> <div class="example-request-topbar"> <div class="example-request-title">Request all CPE Match Strings where the vendor and product components conform to the following pattern.</div> </div> <pre class="contentSection-pre"><code>https://services.nvd.nist.gov/rest/json/cpematch/2.0?matchStringSearch=cpe:2.3:*:cisco:adaptive_security_appliance:*</code></pre> </div> </td> </tr> <tr> <td> <a id="cpematch-resultsPerPage"><span class="paramName">resultsPerPage <span class="paramOptional">optional</span></span></a> <ul> <li><code>{page limit}</code></li> </ul> <p> This parameter specifies the maximum number of match records to be returned in a single API response. For network considerations, the default value and maximum allowable limit is <span id="apiResultsPerPageMatch">500</span>. </p> <p> <i>Note: Per the <a href="/general/news/cpematch-resultsperpage-update">/cpematch/ resultsPerPage update</a> this value will be reduced to <code>500</code> after April 15th, 2024.</i> </p> </td> </tr> <tr> <td> <a id="cpematch-startIndex"><span class="paramName">startIndex <span class="paramOptional">optional</span></span></a> <ul> <li><code>{offset}</code></li> </ul> <p> This parameter specifies the index of the first match string to be returned in the response data. The index is zero-based, meaning the first record is at index zero. </p> <p> The CPE Match API returns four primary objects in the response body that are used for pagination: <span class="json-obj">resultsPerPage</span>, <span class="json-obj">startIndex</span>, <span class="json-obj">totalResults</span>, and <span class="json-obj">matchStrings</span>. <span class="json-obj">totalResults</span> indicates the total number of CPE records that match the request parameters. If the value of <span class="json-obj">totalResults</span> is greater than the value of <span class="json-obj">resultsPerPage</span> there are more records than could be returned by a single API response and additional requests must update the <code>startIndex</code> to get the remaining records. </p> <p> The best, most efficient, practice for keeping up to date with the NVD is to use the date range parameters to request only the CPE Match Strings that have been modified since your last request. </p> </td> </tr> </table> </div> <h4 title="Click to expand or collapse"> <a id="toggleCpeMatchResponseBody" onclick="toggleMoreCode('divCpeMatchResponseBody', 'iconCpeMatchResponseBody')"> <span class="fa fa-plus" id="iconCpeMatchResponseBody"></span> Response </a> </h4> <div id="divCpeMatchResponseBody" class="row" style="display: none"> <h5>CPE Match API JSON Schema</h5> <p> This API response includes only one JSON schema for defining the structure of the response data. The following document includes information on data types, regex patterns, maximum character length, and other information that can support developers and database administrators looking to create their own local repository. </p> <ul style="list-style: none"> <li><a href="https://csrc.nist.gov/schema/nvd/api/2.0/cpematch_api_json_2.0.schema" class=schema-link>CPE Match Schema</a></li> </ul> <h5>Response Details</h5> <p> The Match Criteria API returns seven primary objects in the body of the response: <span class="json-obj">resultsPerPage</span>, <span class="json-obj">startIndex</span>, <span class="json-obj">totalResults</span>, <span class="json-obj">format</span>, <span class="json-obj">version</span>, <span class="json-obj">timestamp</span>, and <span class="json-obj">matchStrings</span>. <p> <p> The <span class="json-obj">totalResults</span> object indicates the number of CPE records that match the request criteria, including all parameters. If the value of <span class="json-obj">totalResults</span> is greater than the value of <span class="json-obj">resultsPerPage</span>, then additional requests are necessary to return the remaining records. The parameter <span class="json-obj">startIndex</span> may be used in subsequent requests to identify the starting point for the next request. More information and the best practices for using <span class="json-obj">resultsPerPage</span> and <span class="json-obj">startIndex</span> are described above. </p> <p> The <span class="json-obj">format</span> and <span class="json-obj">version</span> objects identify the format and version of the API response. <span class="json-obj">timestamp</span> identifies when the response was generated. </p> <p> The <span class="json-obj">matchStrings</span> object contains an array of objects equal to the number of records returned in the response and is sorted in ascending order by the <span class="json-obj">created</span> property of the <span class="json-obj">matchString</span> object. </p> <h5 style="font-family:'Roboto Mono Web','Bitstream Vera Sans Mono','Consolas','Courier','monospace'" id="matchstring-response-matchstring">matchString <span class="paramRequired"> required</span> </h5> <p> This object contains a <span class="json-obj">matchCriteriaId</span> UUID identifier, the CPE formatted match <span class="json-obj">criteria</span> value, the date and time that the CPE was <span class="json-obj">created</span> or <span class="json-obj">lastModified</span> within the Official CPE Dictionary, as well as version range information for CPE Match String Ranges <span class="json-obj">versionStartIncluding</span>,<span class="json-obj">versionStartExcluding</span>, <span class="json-obj">versionEndIncluding</span>,<span class="json-obj">versionEndExcluding</span>. There is also metadata relating to the <span class="json-obj">status</span> of the CPE Match Criteria, an array of paired CPE Names and IDs within the CPE Dictionary that <span class="json-obj">matches</span> the CPE Match Criteria and <span class="json-obj">cpeLastModified</span>, a date and time for when the values within the matches array were last updated. </p> <button onclick="toggleMoreCode('jsonWindowCpeMatchResponse')">Toggle JSON</button> <div id="jsonWindowCpeMatchResponse" class="example-response" style="display: none;"> <pre class="contentSection-pre"><code> { "resultsPerPage": 2, "startIndex": 0, "totalResults": 413574, "format": "NVD_CPEMatchString", "version": "2.0", "timestamp": "2022-09-12T19:47:48.350", "matchStrings": [ { "matchString": { "matchCriteriaId": "36FBCF0F-8CEE-474C-8A04-5075AF53FAF4", "criteria": "cpe:2.3:a:nmap:nmap:3.27:*:*:*:*:*:*:*", "lastModified": "2019-06-17T09:16:33.960", "cpeLastModified": "2019-07-22T16:37:38.133", "created": "2019-06-17T09:16:33.960", "status": "Active", "matches": [ { "cpeName": "cpe:2.3:a:nmap:nmap:3.27:*:*:*:*:*:*:*", "cpeNameId": "4DAAA102-AB17-4491-B383-A1AAC764704C" } ] } }, { "matchString": { "matchCriteriaId": "D21D57EA-DF58-429B-9FBE-F0080085B62E", "criteria": "cpe:2.3:a:gnu:cfengine:2.0.7:p1:*:*:*:*:*:*", "lastModified": "2019-06-17T09:16:33.960", "cpeLastModified": "2019-07-22T16:37:38.133", "created": "2019-06-17T09:16:33.960", "status": "Active" } } ] } </code></pre> </div> </div> <div id="divContact" class="row"> <br> <p> Questions, comments, or concerns may be shared with the NVD by emailing <a href="mailto:nvd@nist.gov">nvd@nist.gov</a> </p> </div> <div class="col-md-12 historical-data-area" id="historical-data-area"> <span> Created <span id="page-created-date"> <span>September 20, 2022</span> </span>, </span> Updated <span id="page-updated-date"> <span>March 19, 2024</span> </span> </div> </div> </div> </div> </main> <footer id="footer" role="contentinfo"> <div class="container"> <div class="row"> <div class="col-sm-12"> <ul class="social-list pull-right"> <li class="field-item service-twitter list-horiz"><a href="https://twitter.com/NISTCyber" target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext"> <i class="fa fa-twitter fa-fw"><span class="element-invisible">twitter</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a></li> <li class="field-item service-facebook list-horiz"><a href="https://www.facebook.com/NIST" target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext"> <i class="fa fa-facebook fa-fw"><span class="element-invisible">facebook</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-linkedin list-horiz"><a href="https://www.linkedin.com/company/nist" target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext"> <i class="fa fa-linkedin fa-fw"><span class="element-invisible">linkedin</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-youtube list-horiz"><a href="https://www.youtube.com/user/USNISTGOV" target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext"> <i class="fa fa-youtube fa-fw"><span class="element-invisible">youtube</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-rss list-horiz"><a href="https://www.nist.gov/news-events/nist-rss-feeds" target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink"> <i class="fa fa-rss fa-fw"><span class="element-invisible">rss</span></i> </a></li> <li class="field-item service-govdelivery list-horiz last"><a href="https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3" target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext"> <i class="fa fa-envelope fa-fw"><span class="element-invisible">govdelivery</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a></li> </ul> <span class="hidden-xs"> <a title="National Institute of Standards and Technology" rel="home" class="footer-nist-logo"> <img src="/site-media/images/nist/nist-logo.png" alt="National Institute of Standards and Technology logo" /> </a> </span> </div> </div> <div class="row hidden-sm hidden-md hidden-lg"> <div class="col-sm-12"> <a href="https://www.nist.gov" title="National Institute of Standards and Technology" rel="home" target="_blank" rel="noopener noreferrer" class="footer-nist-logo"> <img src="/site-media/images/nist/nist-logo.png" alt="National Institute of Standards and Technology logo" /> </a> </div> </div> <div class="row footer-contact-container"> <div class="col-sm-6"> <strong>HEADQUARTERS</strong> <br> 100 Bureau Drive <br> Gaithersburg, MD 20899 <br> <a href="tel:301-975-2000">(301) 975-2000</a> <br> <br> <a href="mailto:nvd@nist.gov">Webmaster</a> | <a href="https://www.nist.gov/about-nist/contact-us">Contact Us</a> | <a href="https://www.nist.gov/about-nist/visit" style="display: inline-block;">Our Other Offices</a> </div> <div class="col-sm-6"> <div class="pull-right" style="text-align:right"> <strong>Incident Response Assistance and Non-NVD Related<br>Technical Cyber Security Questions:</strong> <br> US-CERT Security Operations Center <br> Email: <a href="mailto:soc@us-cert.gov">soc@us-cert.gov</a> <br> Phone: 1-888-282-0870 </div> </div> </div> <div class="row"> <nav title="Footer Navigation" role="navigation" class="row footer-bottom-links-container"> <!-- https://github.com/usnistgov/nist-header-footer/blob/nist-pages/boilerplate-footer.html --> <p> <a href="https://www.nist.gov/oism/site-privacy">Site Privacy</a> | <a href="https://www.nist.gov/oism/accessibility">Accessibility</a> | <a href="https://www.nist.gov/privacy">Privacy Program</a> | <a href="https://www.nist.gov/oism/copyrights">Copyrights</a> | <a href="https://www.commerce.gov/vulnerability-disclosure-policy">Vulnerability Disclosure</a> | <a href="https://www.nist.gov/no-fear-act-policy">No Fear Act Policy</a> | <a href="https://www.nist.gov/foia">FOIA</a> | <a href="https://www.nist.gov/environmental-policy-statement">Environmental Policy</a> | <a href="https://www.nist.gov/summary-report-scientific-integrity">Scientific Integrity</a> | <a href="https://www.nist.gov/nist-information-quality-standards">Information Quality Standards</a> | <a href="https://www.commerce.gov/">Commerce.gov</a> | <a href="https://www.science.gov/">Science.gov</a> | <a href="https://www.usa.gov/">USA.gov</a> </p> </nav> </div> </div> </footer> </body> </html>