Track CVE Vulnerability Details & History with NVD API and Google Sheets

Who is this for?

NVD (National Vulnerability Database) data is essential for security analysts, vulnerability managers, and DevSecOps professionals who need to perform both CVE lookups and monitor historical change logs. This workflow helps streamline those efforts by providing structured outputs for audit, triage, or compliance tracking purposes.

📝 Note: While this example uses Google Sheets as the destination, you can easily modify the final destination node (e.g., send to Slack, email, database, etc.) based on your specific automation needs.?

What problem is this solving?

Security teams often manually look up CVE data and track changes across multiple tools. This process is inefficient and error-prone. This workflow automates the CVE lookup and historical change tracking by logging enriched vulnerability data into Google Sheets in real-time.

What this workflow does

This workflow is designed for CVE API lookup and change history tracking. In many vulnerability automation pipelines, it is essential to determine not only the metadata of a CVE but also how it has evolved over time. Based on the operational need—whether it's enrichment, risk scoring, or remediation validation—this workflow becomes particularly handy in surfacing both current and historical CVE data. This template performs the following actions:

Accepts incoming webhook requests containing a CVE ID Queries the NVD CVE Lookup API to fetch vulnerability metadata Queries the NVD CVE History API to retrieve all historical changes Flattens both datasets into a sheet-compatible structure Appends vulnerability metadata to one sheet and change history to another within the same Google Spreadsheet

Setup

🔑 Request an NVD API Key

To request an NVD API Key, please provide your organization name, a valid email address, and indicate your organization type at NVD API Key Request. You must scroll to the end of the Terms of Use Agreement and check "I agree to the Terms of Use" to obtain an API Key. After submission, you will receive a single-use hyperlink via email to activate and view your API Key. If not activated within seven days, a new request must be submitted.

📊 API Rate Limits

Without an API key, you're limited to 5 requests per 30-second window. With an API key, you’re allowed up to 50 requests in the same period. To prevent request throttling, it's recommended to introduce slight delays between consecutive API calls in production setups.

Clone or import this workflow into your n8n instance. Set up the following credentials: Google Sheets OAuth2 NVD API Key (via HTTP Header Auth) The workflow logs data to a Google Sheet titled NVD Database, with Sheet 1 named CVE Lookup and Sheet 2 named CVE History. Trigger each workflow using the respective webhook URL, appending ?cveId=CVE-XXXX-XXXX as a query parameter.

🔍 Example Webhook Request (CVE Change History)

You can test this workflow with the following example:

GET https://your-domain.com/webhook/cve-history?cveId=CVE-2023-34362

How to customize this workflow

Use the Edit Fields node (optional) to centralize configuration like sheet name or query input Extend the CVE flattening logic to include more nested metadata if needed Integrate notification systems (e.g., Slack or email) by branching from the processing nodes Modify webhook paths for better endpoint organization

🔐 Production Security Tips

Use HTTP Header Auth on the webhook for secure access

> ⚠️ This template uses webhooks and NVD API access with authentication headers.

This template uses two flows:

Webhook 1:** NVD CVE Lookup — Lookup CVE vulnerability metadata from NVD and sync to Google Sheet Webhook 2:** NVD CVE Change History — Track change history for CVEs via NVD and log each update

Each flow:

Hits NVD’s respective endpoint Uses custom JS Code node to flatten the nested JSON Syncs data to dedicated Google Sheet tabs 🧩 4 nodes: Webhook → API Call → Parse → Sheet Sync

Make sure both flows are activated and webhooks exposed for external access. Based on your needs, ensure you have a secure setup—whether hosted internally or in a cloud environment—when running n8n in production.