Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD).

Vulnerability-Lookup is also a collaborative platform where users can comment on security advisories and create bundles.

This software is under AGPLv3 license. You are welcome to copy, modify or redistribute the source code according to the Affero GPL license.

Log in or create an account to join our community of contributors and start contributing today.

You can read the official documentation as well as the documentation dedicated to the API.

A user manual and a FAQ are also available.

Found a bug? Report it here.

From the beginning, Vulnerability-Lookup was designed to operate independently of specific vulnerability identifiers, making it inherently compatible with the Global CVE Allocation System (GCVE).

This Vulnerability-Lookup instance is linked to GNA-1.

Security advisories

Vulnerability-Lookup consolidates vulnerabilities from multiple sources.

Sightings

This page lists the sources and tools we use to collect sightings.

This instance publishes comprehensive JSON dumps of all integrated sources as open data.

Dumps are an optional open-data convenience — not a sync mechanism. For ongoing synchronisation, use the API (since=) and the pub/sub stream. See access patterns for automated consumers for details.

AI datasets and models derived from the project are also released on Hugging Face for public use and further research.

Building a scanner, external index, or other automated client? The canonical sync path is the API (use since= for incremental pulls) plus the pub/sub stream for real-time updates — please don't enumerate the API to mirror the dataset. Identify your client with a User-Agent that includes a contact URL or email.

• Access patterns for automated consumers — authoritative human-readable guidance
• /.well-known/api-policy.json — machine-readable policy (contact, sync paths, rate-limit posture, expiry)
• /llms.txt — concise agent-facing entry point
• /robots.txt — crawler policy
• /.well-known/security.txt — security contact (RFC 9116)

Operator of the instance: Computer Incident Response Center Luxembourg (CIRCL)

Email: info@circl.lu

More information about this instance.