News
Vulnerability-Lookup 5.0.0 released
We are thrilled to announce the release of Vulnerability-Lookup 5.0.0! This major release centers on a new CNA-interoperable API for managing the vulnerabilities of your local source, together with deep Vulnogram integration, a continued UI refresh, and a long list of stability and correctness fixes. A special thank you to Niclas Dauster for the substantial contribution behind the new CNA-interoperable API (#398). What’s New CNA- and GNA-Compatible Vulnerability Management Vulnerabilities in your local instance can now be managed in a CNA-interoperable way through a dedicated API.
May 29, 2026
Vulnerability-Lookup 4.6.0 released
We are excited to announce the release of Vulnerability-Lookup 4.6.0! This version brings more transparency, new data sources, API improvements, notable UI enhancements, and several performance and stability fixes. What’s New VLAI model transparency The VLAI badge popover now surfaces the exact model name and revision used for a given analysis, with direct links to the HuggingFace model card and the revision commit. This is particularly useful as we regularly update our AI models and publish new versions on HuggingFace, making it easy to track exactly which model version produced a given result.
May 21, 2026
Vulnerability Report for the year 2025
All vulnerability reports This report was generated with the help of AI, leveraging the VulnMCP Model Context Protocol server connected to Vulnerability-Lookup. The underlying data was aggregated from the twelve monthly reports published throughout 2025 and from the live Vulnerability-Lookup API. Download this report as a PDF. Introduction The 2025 threat landscape was characterised by sustained pressure on enterprise infrastructure, edge devices, and developer tooling. Attackers continued to weaponise newly disclosed vulnerabilities within hours of publication, while a long tail of unpatched legacy IoT and edge devices (D-Link, Zyxel, DASAN, Huawei, Realtek, Netgear) kept generating massive exploitation noise. Several flagship incidents shaped the year: the SAP NetWeaver Visual Composer zero-day exploitation in April, the SharePoint “ToolShell” campaign in July, the NetScaler “CitrixBleed 2” saga from June onward, the Oracle E-Business Suite exploitation tied to the Cl0p activity in October, the WSUS critical (CVE-2025-59287) in October-November, the FortiWeb authentication bypasses in November, and the dramatic React Server Components (“React2Shell”) surge in December.
May 11, 2026
Vulnerability Report - April 2026
All vulnerability reports Introduction This vulnerability report has been generated with the help of AI, using the VulnMCP tooling on top of Vulnerability-Lookup, with contributions from the platform’s community.
May 4, 2026
Vulnerability-Lookup 4.5.0 released
We are pleased to announce the release of Vulnerability-Lookup 4.5.0! This release strengthens Vulnerability-Lookup on both data collection and analysis. We now ingest sightings from Telegram channels, with roughly 200,000 Telegram sigthings collected so far. Each vulnerability page also gains new interactive visualisations: sighting type repartition, source repartition, and an experimental adaptive forecast based on the TARDISSight prototype. TARDISSight was presented last week in Munich during the FIRST CTI Conference, and the related paper is available on arXiv.
April 30, 2026
CIRCL AI approach at the International Committee of the Red Cross (ICRC)
On April 28, 2026, we had the opportunity to present the CIRCL AI approach at the International Committee of the Red Cross (ICRC). The session took place in Luxembourg, with remote participation from the Delegation for Cyberspace at the Global Cyber Hub in Geneva. The objective of this event was practical: show how AI can be used as an operational capability in vulnerability intelligence, not just as a research topic. We focused on production workflows that help analysts deliver faster, more consistent, and more actionable results.
April 29, 2026
Vulnerability-Lookup 4.4.0 released
We are pleased to announce the release of Vulnerability-Lookup 4.4.0! This release introduces public disclosure list views, enhanced sightings with automatic creation and heatmap navigation controls, toggleable chart events, and configurable CVD policy alerts. It also includes numerous fixes for database stability and performance, notification reliability, and Meilisearch error handling. The technical documentation has been revamped for greater clarity and expanded with deployment guidance for high-traffic environments, validated in our production setup handling 15,000–20,000 queries per second (public API + Web pages).
April 9, 2026
New Russian Severity Classifier and Improved Multilingual Models
We are pleased to announce a new Russian-language severity classifier for vulnerability descriptions, alongside improved English and Chinese models. These models are trained with VulnTrain and served through ML-Gateway for integration into Vulnerability-Lookup. All datasets and models are openly available on Hugging Face. VulnTrain 3.1.0 This release is powered by VulnTrain v3.1.0, which introduces: FSTEC source support: vulnerability entries from the Russian Federal Service for Technical and Export Control (BDU) can now be used for dataset generation and model training. Source field in datasets: each vulnerability entry now includes a source field identifying its origin (cvelistv5, github, pysec, cnvd, csaf_*, fstec), making it easier to trace and filter data. Dynamic dataset cards: when generating a dataset from multiple sources, a dataset card is automatically created with a per-source breakdown table showing entry counts and percentages. Per-class metrics: the severity trainer now reports precision, recall, and F1 per class (Low / Medium / High / Critical) alongside overall accuracy and macro F1. Best model checkpoint selection: models are now selected by accuracy instead of eval_loss, with save_total_limit increased from 2 to 3. Russian Severity Classifier 🇷🇺 This is our new model for classifying vulnerability severity in Russian, trained on data from the Russian Federal Service for Technical and Export Control (BDU).
April 6, 2026
Improving the CNVD Severity Classifier: Honest Metrics and Data Leakage Fixes
We recently made significant improvements to our CNVD severity classifier and the underlying Vulnerability-CNVD dataset, prompted by a thorough independent review from Eric Romang. These changes ship in VulnTrain v3.0.0, released today. What happened Eric opened VulnTrain#19 with a detailed technical analysis of the dataset and model. His key findings: Data leakage: CNVD reuses boilerplate descriptions across different vulnerability IDs. Our train/test split was done on IDs, not on description text, so 15.6% of the test set contained descriptions identical to training data. This inflated the reported accuracy by ~1.7pp. Low-class recall at 38.4%: 60% of Low-severity entries were misclassified as Medium. The dataset is heavily imbalanced (Low ~9%, Medium ~55%, High ~36%). Keyword dependency: the model predicts severity based on vulnerability-type keywords rather than actual impact. Accuracy drops from ~89% to ~55% on entries whose severity deviates from the type’s typical level. His full analysis, code, and data are available at eromang/researches/CNVD-Dataset-Validation.
April 3, 2026
Vulnerability Report - March 2026
All vulnerability reports Introduction This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community.
April 2, 2026