NIST's CVE Enrichment Cutbacks Reduce Vulnerability Database Coverage and Accuracy
By
Rob Wright
Summary
The National Institute of Standards and Technology (NIST) has significantly reduced the number of CVEs receiving enrichment (additional analysis) in its National Vulnerability Database (NVD) since April 2024, due to a severe backlog. New research reveals this cutback is negatively impacting CVE coverage and accuracy, making it harder for security teams to prioritize vulnerabilities effectively. The move has produced mixed results, with fewer CVEs getting the in-depth analysis needed for proper risk assessment.
Source
Key quotes
· 3 pulledIn April, the NIST began dramatically reducing the number of CVEs that received 'enrichment,' or additional analysis, from the agency for its National Vulnerability Database (NVD).
The shift was due to a severe backlog in submitted vulnerabilities, which led the NIST to prioritize flaws that, for example, were under exploitation.
New research reveals some concerning trends that could make it harder for security teams to prioritize vulnerabilities.
You might also wanna read
NIST Announces Policy Change: National Vulnerability Database to Stop Enriching Most CVEs
The US National Institute of Standards and Technology (NIST) has announced a significant policy change for the National Vulnerability Databa

NVD in the AI Era: The Case for Multi-Source Vulnerability Intelligence
MongoDB Security Update: Vulnerability CVE-2025-14847 ("Mongobleed") Identified in December 2025
MongoDB has identified a security vulnerability (CVE-2025-14847, informally called "Mongobleed") affecting MongoDB Server. The company outli
Critical Security Vulnerability CVE-2025-66478 in React Server Components Protocol
A critical security vulnerability (CVE-2025-66478) has been discovered in the React Server Components (RSC) protocol with a CVSS score of 10

WAF - WAF Release - 2025-05-05


Comments
Sign in to join the conversation.
No comments yet. Be the first.