Vulnerability-Lookup#
Presentation#
Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD). Vulnerability Lookup is also a collaborative platform where users can comment on security advisories and create bundles.
A Vulnerability Lookup instance operated by CIRCL is available at https://vulnerability.circl.lu.
Features#
API: A comprehensive and fast lookup API for searching vulnerabilities and identifying correlations by vulnerability identifier.
Feeders: Modular system to import vulnerabilities from different sources.
CVD process: Creation, edition and fork/copy of Security Advisories with the vulnogram editor. Support of local vulnerability source per Vulnerability Lookup instance.
Sightings: Users have the possibility to add observations to vulnerabilities with different types of sightings, such as: seen, exploited, not exploited, confirmed, not confirmed, patched, and not patched.
Comments: Ability to add, review and share comments on vulnerability advisories.
Bundles: Possibility to create bundles of vulnerability advisories with a description.
RSS/Atom: An extensive RSS and Atom support for vulnerabilities and comments.
EPSS: Integration of the Exploit Prediction Scoring System score.
Why Vulnerability-Lookup ?#
Vulnerability-Lookup is a rewritten version of cve-search, an open-source tool initially aimed at maintaining a local CVE database. The original cve-search had design and scalability limitations, and its public instance operated by CIRCL is maxing out at 20,000 queries per second.
As vulnerability sources have diversified beyond the NVD CVE, a new tool was needed to support the CVD process, allowing for bundling, commenting, publishing, and extending vulnerability information in a collaborative manner.
Contact#
CIRCL - Computer Incident Response Center Luxembourg - info@circl.lu
License#
Vulnerability-Lookup is licensed under GNU Affero General Public License version 3.