Dark Mode
Global CVE/CWE Archive
Data Science and Analytics
Tags and Keywords
Trusted By
"No reviews yet"
Free
About
This collection offers a detailed dataset of Common Vulnerabilities & Exposures (CVE) entries, along with their mapped Common Weakness Enumeration (CWE) codes. It includes every CVE published in the National Vulnerability Database (NVD) from the very first identifier, CVE-1999-0001, up to records available on 30 May 2025. The dataset was compiled using an automated Python script that interacts with the NVD REST API v2.0, managing rate-limits and filtering data to provide essential vulnerability information. It serves as a valuable resource for understanding long-term trends in cyber security vulnerabilities.
Columns
The dataset is structured with the following columns:
- ID: A sequential row index, starting from 1, for easy reference.
- CVE-ID: The official identifier for each Common Vulnerability & Exposure.
- CVSS-V4: The base score for CVSS (Common Vulnerability Scoring System) version 4.0, ranging from 0.0 to 10.0.
- CVSS-V3: The base score for CVSS version 3.x, ranging from 0.0 to 10.0.
- CVSS-V2: The base score for CVSS version 2.0, ranging from 0.0 to 10.0. Missing CVSS versions are indicated by the string "None".
- SEVERITY: A qualitative rating of the vulnerability's severity, such as LOW, MEDIUM, HIGH, or CRITICAL. This rating is derived from the newest CVSS version available for each entry.
- DESCRIPTION: A normalised English summary of the vulnerability, sourced directly from the NVD feed.
- CWE-ID: The primary Common Weakness Enumeration code mapped to the CVE, or "NVD-CWE-Other" if a specific mapping is not available.
Distribution
The dataset is provided as a CSV file named
CVE_CWE_2025.csv. It contains 280,694 rows and 8 columns, with an approximate uncompressed size of 102.88 MB. The data is presented in a tidy, one-row-per-vulnerability table format.Usage
This dataset is ideal for various applications, including:
- Exploratory analysis of vulnerability trends over a 25-year period, such as observing the growth of specific CWE classes or shifts in average CVSS scores.
- Machine-learning tasks, including predicting severity levels or CWE categories based on free-text vulnerability descriptions.
- Integrating with product-specific Software Bill of Materials (SBOMs) or asset inventories to assess an organisation's exposure to known vulnerabilities.
- Quick look-ups for purposes such as incident response, security education, ongoing security research, or creating reporting dashboards.
Coverage
The dataset covers a global scope, encompassing every Common Vulnerabilities & Exposures (CVE) entry published in the National Vulnerability Database (NVD) from its inception, starting with CVE-1999-0001, through to all records available on 30 May 2025.
License
CCO
Who Can Use It
This dataset is designed for a wide range of users and purposes:
- Data scientists and analysts can utilise it for advanced data science projects and machine learning model development related to cyber security.
- Cyber security professionals will find it invaluable for incident response, conducting security research, and generating reports on vulnerabilities.
- Organisations and enterprises can use it to enhance their asset management and risk assessment by joining it with their internal SBOMs.
- Educators and students can leverage it as a real-world dataset for learning and understanding vulnerability management and cyber security trends.
Dataset Name Suggestions
- CVE & CWE Vulnerability Data (1999-2025)
- Historical NVD Vulnerability Database
- Cyber Security Threat Dataset
- Vulnerability Trends & Analytics Data
- Global CVE/CWE Archive
Attributes
Original Data Source: CVE & CWE Dataset (1999 – 2025)
QUALITY