A growing wave of vulnerabilities is overwhelming the already strained US National Institute of Standards and Technology (NIST), which will no longer enrich all CVEs in its database.

On Wednesday, NIST said a 263% increase in CVE submissions between 2020 and 2025 had become too much for it to handle, leading it to change its approach to CVEs in the National Vulnerability Database (NVD).

It explained: “Going forward, NIST will add details, or “enrich,” those CVEs that meet certain criteria... CVEs that do not meet those criteria will still be listed in the NVD but will not automatically be enriched by NIST.”

Get the full story: Subscribe for free

Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.

Subscribe now

Already a member? Sign in