Vulnerability-Lookup

Vulnerability-Lookup#

Latest release License Stars Contributors

Presentation#

Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD). Vulnerability-Lookup is also a collaborative platform where users can comment on security advisories and create bundles.

A Vulnerability-Lookup instance operated by CIRCL is available at https://vulnerability.circl.lu.

Features#

  • API: A comprehensive and fast lookup API for searching vulnerabilities and identifying correlations by vulnerability identifier.

  • Feeders: Modular system to import vulnerabilities from different sources.

  • CVD process: Creation, edition and fork/copy of Security Advisories with the vulnogram editor. Support of local vulnerability source per Vulnerability-Lookup instance.

  • Sightings: Users have the possibility to add observations to vulnerabilities with different types of sightings, such as: seen, exploited, not exploited, confirmed, not confirmed, patched, and not patched.

  • Comments: Ability to add, review and share comments on vulnerability advisories.

  • Bundles: Possibility to create bundles of vulnerability advisories with a description.

  • RSS/Atom: An extensive RSS and Atom support for vulnerabilities and comments.

  • EPSS: Integration of the Exploit Prediction Scoring System.

High level architecture

Contributing#

If you are interested in contributing to Vulnerability-Lookup, take a look at the official repository.

Contact#

CIRCL - Computer Incident Response Center Luxembourg - info@circl.lu

License#

Vulnerability-Lookup is licensed under GNU Affero General Public License version 3.