- Author
- CIRCL
- Repository
- {Github]//cve-search/vulnerability-lookup
README:
Vulnerability-Lookup
Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD). Vulnerability-Lookup is also a collaborative platform where users can comment on security advisories and create bundles.
A Vulnerability-Lookup instance operated by CIRCL is available at https://vulnerability.circl.lu.
GCVE is also running a Vulnerability-Lookup instance at https://db.gcve.eu.
Main features
- Feeders: Modular ingestion framework to import vulnerabilities from multiple sources. Default feeders are bundled and enabled out of the box.
- CVD process: End-to-end management of Security Advisories and Coordinated Vulnerability Disclosures.
- Local sources: Support for adding instance-specific, custom vulnerability sources.
- Global CVE Allocation System: Native integration with the GCVE.
- KEV catalogs: Per-instance management with synchronization of remote KEV catalogs (e.g. ENISA, CISA).
- Sightings: Record and track vulnerability observations, including seen, exploited, not exploited, confirmed, not confirmed, patched, and not patched.
- Comments: Add, review, and share analyst notes on advisories.
- Bundles: Group related vulnerability advisories with contextual descriptions for easier tracking and analysis.
- Synchronization: Optional synchronization of comments, bundles, sightings, and KEV entries between instances.
- RSS/Atom: Subscribe to vulnerability updates and comments via RSS or Atom feeds.
- EPSS: Integration with the Exploit Prediction Scoring System for improved risk prioritization.
- Watchlists: Monitor vulnerabilities affecting specific products and receive email notifications.
- API: Fast and comprehensive vulnerability lookup API, including cross-source correlation by vulnerability identifier.
For more information, refer to the user manual or the documentation.
Sources and Default Feeders
The default sources included in Vulnerability-Lookup are the following:
National Vulnerability Databases
- NVD CVE importer (API 2.0), with Fraunhofer FKIE NVD JSON feeds
- China National Vulnerability Database (CNNVD)
- JVN iPedia – Japanese vulnerability countermeasure database
- CERT-FR Alerts and Advisories
Community & Open Source Databases
- CVE Project – cvelist
- Cloud Security Alliance – GSD Database
- GitHub Advisory Database
- PySec Advisory Database
- OpenSSF Malicious Packages
CSAF-based Sources
- ABB
- ads-tec Industrial IT GmbH
- AUMA Riester GmbH & Co. KG
- Beckhoff Automation GmbH & Co. KG
- Bender GmbH & Co. KG
- Carlo Gavazzi Automation
- CERT-Bund
- CERT@VDE
- CISA
- Cisco
- CODESYS GmbH
- Endress+Hauser AG
- Festo SE & Co. KG
- Frauscher Sensortechnik GmbH
- Helmholz GmbH & Co. KG
- HIMA Paul Hildebrandt GmbH
- ifm electronic GmbH
- Janitza electronics GmbH
- Lenze SE
- MB connect line GmbH
- Mettler-Toledo GmbH
- Microsoft
- Miele & Cie KG
- Murrelektronik GmbH
- NCSC-NL
- Nozomi Networks
- Open-Xchange
- OpenSuse
- Pepperl+Fuchs SE
- Phoenix Contact GmbH & Co. KG
- Pilz GmbH & Co. KG
- Red Hat
- Sauter AG
- Schneider Electric
- Sick
- Siemens
- SMA Solar Technology AG
- Suse
- SWARCO TRAFFIC SYSTEMS GmbH
- Trumpf SE + Co. KG
- VARTA Storage GmbH
- WAGO GmbH & Co. KG
- Weidmueller Interface GmbH & Co. KG
- Welotec GmbH
- Wiesemann & Theis GmbH
OSV Sources
- AlmaLinux
- Bitnami Vulnerability Database
- CleanStart OS packages
- Drupal Advisory Database
- Haskell Security Advisories
- OCaml Security Advisories
- OSS-Fuzz
- RustSec Advisory Database
Specialized Sources
- VARIoT – IoT vulnerabilities database
- Tailscale Security Bulletins
Weakness & Attack Pattern Catalogs
Known Exploited Vulnerabilities Catalogs
Sighting Sources
Vulnerability-Lookup facilitates the recording of vulnerability sightings, regardless of whether they have been published by a source. A suite of sighting clients is already available to support this functionality:
Our tools on the Python Package Index (PyPI):
| Tool | Description |
|---|---|
| ShadowSight | A client that retrieves vulnerability observations from the The Shadowserver Foundation and pushes them to a Vulnerability-Lookup instance. |
| FediVuln | A client to gather vulnerability-related information from the Fediverse. |
| BlueSkySight | A client to gather vulnerability-related information from Bluesky. |
| MISPSight | A client that retrieves vulnerability observations from a MISP server and pushes them to a Vulnerability-Lookup instance. |
| NucleiVuln | A client designed to retrieve vulnerability-related observations from the Nuclei Git repository of templates and pushes them to a Vulnerability-Lookup instance. |
| ExploitDBSighting | A client that retrieves vulnerability observations from Exploit-DB and pushes them to a Vulnerability-Lookup instance. |
| KEVSight | A client to generate sightings for Vulnerability-Lookup from the Known Exploited Vulnerabilities (KEV) catalog. |
| GistSight | A client for gathering vulnerability-related information from GitHub Gists. |
| MetasploitSight | A client designed to retrieve vulnerability-related information from the modules available in Metasploit. |
If you want to create your own sigthing tool, it’s recommended to use PyVulnerabilityLookup, a Python library to access Vulnerability-Lookup via its REST API.
Installation
Generally speaking, requirements are the following:
- Recent version of Python (>= 3.11)
- Recent version of Poetry
- Kvrocks database
Installation instructions are available in the documentation.
Architecture
License
Vulnerability-Lookup is free software released under the “GNU Affero General Public License v3.0”.
Copyright (c) 2023-2026 Computer Incident Response Center Luxembourg (CIRCL)
Copyright (c) 2023-2026 Alexandre Dulaunoy - https://github.com/adulau
Copyright (c) 2023-2026 Raphaël Vinot - https://github.com/Rafiot
Copyright (c) 2024-2026 Cédric Bonhomme - https://github.com/cedricbonhomme