Vulnerability databases

  • CVE: The CVE Program – https://cve.org
  • NVD: The National Vulnerability Database
    https://nvd.nist.gov
  • OSV: An Open Source project funded by Google. https://osv.dev/
    The overall OSV ecosystem enables a level of decentralisation that is currently being discussed in various circles. OSV.dev aggregates currently ~22 decentralised home databases that are publishing OSV-formatted records.
  • European vulnerability database (EUVD): ENISA got the mandate to create this database in the NIS2 directive. The Cyber Resilience Act (CRA) also relies on the EUVD.
    https://euvd.enisa.europa.eu Information: https://www.enisa.europa.eu/news/consult-the-european-vulnerability-database-to-enhance-your-digital-security
  • Commercial databases: Many of these offerings enrich the CVE/NVD databases with additional information and risk analysis
  • KEV: The Known Exploited Vulnerabilities catalog is operated by CISA and focuses on a few CVEs that has been used by offenders.
    https://www.cisa.gov/known-exploited-vulnerabilities-catalog
  • GITHUB Advisory database: Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
    https://github.com/advisories
  • Japan Vulnerability Notes (JVN): A portal site on IT product vulnerability information handled in the Japanese framework called “The Information Security Early Warning Partnership”. It provides detailed information on each vulnerability including a summarized description, affected products, possible impacts, solutions, vendor statements, and reference documents.
    https://jvn.jp/en/