Vulnerability-Lookup

Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD). Vulnerability-Lookup is also a collaborative platform where users can comment on security advisories and create bundles.

A Vulnerability-Lookup instance operated by CIRCL is available at https://vulnerability.circl.lu.

Main features

• Feeders: Modular system to import vulnerabilities from multiple sources. Default feeders are bundled and active out-of-the-box.
• CVD process: Manage Security Advisories and Vulnerability Disclosures.
• Local sources: Support for adding custom vulnerability sources per instance.
• Global CVE Allocation System: Integration with the GCVE.
• Sightings: Record observations on vulnerabilities, including seen, exploited, not exploited, confirmed, not confirmed, patched, and not patched.
• Comments: Add, review, and share notes on advisories.
• Bundles: Group vulnerability advisories with descriptions for easier tracking.
• RSS/Atom: Subscribe to vulnerabilities and comments via RSS or Atom feeds.
• EPSS: Exploit Prediction Scoring System integration.
• Watchlists: Track vulnerabilities for custom products and receive email notifications.
• API: Fast and comprehensive lookup of vulnerabilities, including correlation by vulnerability ID.

For more information, refer to the user manual or the documentation.

Sources and Default Feeders

The default sources included in Vulnerability-Lookup are the following:

National Vulnerability Databases

• NVD CVE importer (API 2.0), with Fraunhofer FKIE NVD JSON feeds
• China National Vulnerability Database (CNNVD)
• JVN iPedia – Japanese vulnerability countermeasure database
• CERT-FR Alerts and Advisories
• CISA Known Exploited Vulnerabilities Catalog
• CNW (EU CSIRTs network) Known Exploited Vulnerabilities

Community & Open Source Databases

• CVE Project – cvelist
• Cloud Security Alliance – GSD Database
• GitHub Advisory Database
• PySec Advisory Database
• OpenSSF Malicious Packages

CSAF-based Sources

• CERT-Bund
• CISA
• Cisco
• Nozomi Networks
• Open-Xchange
• Red Hat
• Sick
• Siemens
• NCSC-NL
• Microsoft

Specialized Sources

• VARIoT – IoT vulnerabilities database
• Tailscale Security Bulletins

Weakness & Attack Pattern Catalogs

• CWE (Common Weakness Enumeration)
• CAPEC (Common Attack Pattern Enumeration and Classification)

Sighting Sources

Vulnerability-Lookup facilitates the recording of vulnerability sightings, regardless of whether they have been published by a source. A suite of sighting clients is already available to support this functionality:

Our tools on the Python Package Index (PyPI):

If you want to create your own sigthing tool, it’s recommended to use PyVulnerabilityLookup, a Python library to access Vulnerability-Lookup via its REST API.

Installation

Generally speaking, requirements are the following:

• Recent version of Python 3.10
• Recent version of Poetry
• Kvrocks database

Installation instructions are available in the documentation.

Architecture

License

Vulnerability-Lookup is free software released under the “GNU Affero General Public License v3.0”.

Copyright (c) 2023-2025 Computer Incident Response Center Luxembourg (CIRCL)
Copyright (c) 2023-2025 Alexandre Dulaunoy - https://github.com/adulau
Copyright (c) 2023-2025 Raphaël Vinot - https://github.com/Rafiot
Copyright (c) 2024-2025 Cédric Bonhomme - https://github.com/cedricbonhomme