Vulnerability-Lookup

Vulnerability-Lookup#

Latest release License Stars Contributors

Presentation#

Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD). Vulnerability-Lookup is also a collaborative platform where users can comment on security advisories and create bundles.

A Vulnerability-Lookup instance operated by CIRCL is available at https://vulnerability.circl.lu.

Features#

  • Feeders: Modular ingestion framework to import vulnerabilities from multiple sources. Default feeders are bundled and enabled out of the box.

  • CVD process: End-to-end management of Security Advisories and Coordinated Vulnerability Disclosures.

  • Local sources: Support for adding instance-specific, custom vulnerability sources.

  • Global CVE Allocation System: Native integration with the GCVE.

  • KEV catalogs: Per-instance management with synchronization of remote KEV catalogs (e.g. ENISA, CISA).

  • Sightings: Record and track vulnerability observations, including seen, exploited, not exploited, confirmed, not confirmed, patched, and not patched.

  • Comments: Add, review, and share analyst notes on advisories.

  • Bundles: Group related vulnerability advisories with contextual descriptions for easier tracking and analysis.

  • Synchronization: Optional synchronization of comments, bundles, sightings, and KEV entries between instances.

  • RSS/Atom: Subscribe to vulnerability updates and comments via RSS or Atom feeds.

  • EPSS: Integration with the Exploit Prediction Scoring System for improved risk prioritization.

  • Watchlists: Monitor vulnerabilities affecting specific products and receive email notifications.

  • API: Fast and comprehensive vulnerability lookup API, including cross-source correlation by vulnerability identifier.

High level architecture

Contributing#

If you are interested in contributing to Vulnerability-Lookup, take a look at the official repository.

Contact#

CIRCL - Computer Incident Response Center Luxembourg - info@circl.lu

License#

Vulnerability-Lookup is licensed under GNU Affero General Public License version 3.

Contents