NIST Gives Away Vulnerability Database

The NIST Computer Security Division’s ICAT project team is now giving away copies of the ICAT vulnerability database for public use ( The database currently contains 2628 vulnerabilities. This means that ICAT can now be used as a royalty free vulnerability database for commercial and free products. In addition, the ICAT data file contains a GUI interface allowing people to use ICAT as an off-line application. The ICAT team supports the public sharing of vulnerability information that can help secure systems and we are excited about releasing control of our data.

The ICAT vulnerability data is available as a Microsoft Access 2000 file in the “download” section of the ICAT web site. From this file, the data can be easily exported into most database products. It should be noted that ICAT is not itself a true vulnerability database but is instead a searchable index of vulnerability information. Only when the ICAT data is combined with the numerous vulnerability advisories that it references can ICAT be used as a vulnerability database. Thus, the most important data in ICAT is the mapping of CVE standard vulnerability enumerations ( to hyperlinks leading to various vendor and security company advisories. Another important data set in ICAT is the list of vendor names, product names, and version numbers associated with each vulnerability.

Peter Mell

National Institute of Standards and Technology

Share this