National Institute of Standards and Technology (US Department of Commerce) has created a National Vulnerability database.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
NIST – NVD
NVD Vulnerability Severity Ratings
NVD provides qualitative severity ratings of “Low”, “Medium”, and “High” for CVSS v2.0 base score ranges in addition to the severity ratings for CVSS v3.0 as they are defined in the CVSS v3.0 specification.
| CVSS v2.0 Ratings | CVSS v3.0 Ratings | ||
|---|---|---|---|
| Severity | Base Score Range | Severity | Base Score Range |
| None | 0.0 | ||
| Low | 0.0-3.9 | Low | 0.1-3.9 |
| Medium | 4.0-6.9 | Medium | 4.0-6.9 |
| High | 7.0-10.0 | High | 7.0-8.9 |
| Critical | 9.0-10.0 |
References
- NIST Vulnerability Database: https://nvd.nist.gov
- NIST metrics definition – https://nvd.nist.gov/vuln-metrics/cvss
- NIST for developers: https://nvd.nist.gov/developers/start-here
- CVE org site: https://www.cve.org
- CVSS calculator : https://nvd.nist.gov/vuln-metrics/cvss
- FIRST (Security organization): https://www.first.org
- FIRST CVSS calculator: https://www.first.org/cvss/calculator/3.1
- CVE Details (The ultimate security vulnerability datasource): https://www.cvedetails.com