Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD).

Explore

If you’d like to contribute by sharing your thoughts and observations, feel free to create an account on the the official instance.

Features

• API: A comprehensive and fast lookup API for searching vulnerabilities and identifying correlations by vulnerability identifier.
• Feeders: Modular system to import vulnerabilities from different vulnerability sources.
• CVD process: Creation, edition and fork/copy of Security Advisories with the vulnogram editor. Support of local vulnerability source per Vulnerability-Lookup instance.
• Sightings: Users have the possibility to add observations to vulnerabilities with different types of sightings, such as: seen, exploited, not exploited, confirmed, not confirmed, patched, and not patched.
• Comments: Ability to add, review and share comments on vulnerability advisories.
• Bundles: Possibility to create bundles of vulnerability advisories with a description.
• RSS/Atom: An extensive RSS and Atom support for vulnerabilities and comments.
• EPSS: Integration of the Exploit Prediction Scoring System.

Funding

The NGSOTI project is dedicated to training the next generation of Security Operation Center (SOC) operators, focusing on the human aspect of cybersecurity. It underscores the significance of providing SOC operators with the necessary skills and open-source tools to address challenges such as detection engineering, incident response, and threat intelligence analysis.

Vulnerability-Lookup is co-funded by CIRCL and by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or ECCC. Neither the European Union nor the granting authority can be held responsible for them.