NVD API 2.0
Documentation
Drop-in compatible with the NVD CVE API 2.0 specification. Point your existing client at our base URL and it works without further changes.
https://api.volerion.com/v1Authentication
All requests to /nvd/* routes require an API key passed via the apiKey request header. This matches the credential convention used by nvd.nist.gov, so existing NVD clients require no modification beyond updating the base URL.
Obtain your key from the API Keys tab. Trial keys are available — all requests, including trial requests, must include a valid key.
apiKey: YOUR_API_KEY
curl -X GET \ "https://api.volerion.com/v1/nvd/rest/json/cves/2.0?cveId=CVE-2024-12345" \ -H "apiKey: YOUR_API_KEY" \ -H "Accept: application/json"
/nvd/rest/json/cves/2.0Query Volerion CVE intelligence in NVD format. Returns a paginated list of CVEs matching the given filters.
Parameters
| Name | Type | Description |
|---|---|---|
| cveId | string | Filter by a specific CVE identifier, e.g. CVE-2024-12345. |
| resultsPerPage | integer | Number of results to return per page. |
| startIndex | integer | Zero-based offset for pagination. |
| pubStartDate | string | ISO 8601 start date for the CVE publication date range. |
| pubEndDate | string | ISO 8601 end date for the CVE publication date range. |
| lastModStartDate | string | ISO 8601 start date for the last-modified date range. |
| lastModEndDate | string | ISO 8601 end date for the last-modified date range. |
GET https://api.volerion.com/v1/nvd/rest/json/cves/2.0 ?cveId=CVE-2024-12345 &resultsPerPage=20 &startIndex=0
{ "resultsPerPage": 1, "startIndex": 0, "totalResults": 1, "format": "NVD_CVE", "version": "2.0", "timestamp": "2026-05-01T00:00:00.000", "vulnerabilities": [ { "cve": { "id": "CVE-2024-12345", "sourceIdentifier": "contact@volerion.com", "published": "2024-06-01T00:00:00.000", "lastModified": "2024-06-15T00:00:00.000", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "..." } ], "metrics": { "cvssMetricsV31": [ { "source": "contact@volerion.com" } ], "cvssMetricsV40": [ { "source": "contact@volerion.com" } ] }, "weaknesses": [ { "source": "contact@volerion.com" } ], "configurations": [ { "operator": "AND" } ], "references": [ { "url": "...", "source": "...", "tags": ["Patch"] } ] } } ] }
Volerion injections
We proxy the NVD response and enrich it with our own analysis. For CVEs we have analysed, our data replaces the corresponding NIST-sourced fields so that every entry has complete coverage — even those that NVD has not yet scored. Volerion-analyzed entries carry vulnStatus: "Analyzed" and all injected objects have their source set to contact@volerion.com.
Our analysis is derived from authoritative sources and the conclusions are backed by a scoring harness we presented at FIRST VulnCon26.
Injected fields
- Description / executive summary
- CVSSv3.1 metrics
- CVSSv4.0 metrics
- Configurations (CPE match data)
- Reference tags
Coverage
Volerion analysis covers CVEs published from 2025 onwards. For older CVEs, the NVD response is proxied as-is to preserve full API compatibility.
{ "id": "CVE-2024-12345", "vulnStatus": "Analyzed", "metrics": { "cvssMetricsV40": [ { "source": "contact@volerion.com", "type": "Primary", "cvssData": { "version": "4.0", "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/..." } } ] } }
Limitations
Only the parameters listed above are currently supported. Some metadata fields provided by NIST may not be present in responses — review the response model above for the full set of available properties.
If you need additional NVD parameters or fields, contact us and we can prioritise them.
keywordSearch keywordExactMatch
cvssV2Severity cvssV3Severity
cvssV4Severity cweId
sourceIdentifier virtualMatchString
hasCertAlerts hasCertNotes
hasKev hasOval
isVulnerable cpeName
cpeMatchString