Safeguard
Tag

nvd

Safeguard articles tagged "nvd" — guides, analysis, and best practices for software supply chain and application security.

18 articles

Vulnerability Management

NVD's enrichment backlog and how to build a multi-source vuln database strategy

NIST enriched 42,000 CVEs in 2025 — 45% more than any prior year — and still fell behind. On April 15, 2026, it stopped trying to enrich everything.

Jul 8, 20266 min read
Vulnerability Management

CWE vs. CVE vs. CVSS: The Vocabulary Every AppSec Team Gets Wrong

One CWE weakness class can spawn thousands of CVEs, and a single CVE can now carry two different CVSS scores at once — most teams still use the terms interchangeably.

Jul 8, 20267 min read
DevSecOps

Why NVD alone is not enough: the case for multi-source vulnerability intelligence

NIST now fully enriches a fraction of CVEs — on April 15, 2026 it moved to a triage model that leaves most of 2025's 48,185 published CVEs without a timely severity score.

Jul 7, 20267 min read
Vulnerability Analysis

NVD in the AI era: multi-source vulnerability intelligence

NVD's 2024 enrichment backlog exposed the risk of a single vulnerability feed. Here's how multi-source data and AI triage close the gap.

Jun 7, 20266 min read
Vulnerability Analysis

What is a known vulnerability?

A known vulnerability is a publicly disclosed, CVE-tracked flaw — and disclosure alone doesn't mean it's fixed, patched, or harmless.

Jun 3, 20266 min read
Vulnerability Analysis

CVE scoring inconsistencies across vulnerability databases

Why the same CVE can carry three different severity scores across NVD, GitHub, and vendor advisories — and how to prioritize anyway.

May 1, 20266 min read
Vulnerability Analysis

How Trivy sources vulnerability data (NVD, vendor advisor...

Trivy's CVE data comes from NVD, GHSA, and distro trackers compiled into a periodic snapshot — not kube-hunter. Here's how the pipeline really works, and where it lags.

Apr 27, 20267 min read
Open Source Security

Open Source Vulnerability Database Comparison 2026

Comparing the major open source vulnerability databases in 2026: NVD, OSV, GHSA, GitLab Advisory, and ecosystem-specific feeds measured on coverage and freshness.

Mar 22, 20265 min read
Vulnerability Analysis

What is a Vulnerability Database

CVE, NVD, OSV, GHSA, KEV — vulnerability databases power every scanner's severity score. Here's how they're built, enriched, and where they fall short.

Jan 20, 20266 min read
Vulnerability Management

Open Source Vulnerability Databases Compared: NVD, OSV, GitHub Advisory, and More

Not all vulnerability databases are created equal. A detailed comparison of coverage, timeliness, accuracy, and practical usability across the major databases.

Oct 22, 20256 min read
Vulnerability Management

CVSS 4.0 Scoring Adoption: What Changed

Two years after CVSS 4.0's release, adoption remains uneven. Here is where scoring really changed, where it did not, and how to handle mixed datasets.

Oct 10, 20254 min read
Concepts

What Is the NVD (National Vulnerability Database)?

The NVD is the U.S. government's enrichment layer on top of the CVE List, adding CVSS scores, CWE classifications, and affected-configuration data. Here is how it works and where it falls short.

Sep 30, 20256 min read
nvd — Safeguard Blog