Vulnerability-Lookup

July 10, 2026 · View on GitHub

Vulnerability-Lookup

Find, correlate, and act on vulnerabilities from anywhere — and publish your own as a CNA or GNA.

Latest release License: AGPL v3 Contributors Stars Last commit

Built with Flask · Kvrocks · Valkey · SQLAlchemy

Vulnerability-Lookup logo


Vulnerability-Lookup correlates vulnerabilities across multiple sources in real time, independent of their IDs, and turns scattered advisories into a single, searchable knowledge base. It is also a full Coordinated Vulnerability Disclosure (CVD) platform and a collaborative space where analysts comment on advisories, build bundles, and record sightings together.

And it's not just for consuming data — you can be a producer too:

  • As a CNA, reserve CVE IDs and publish your advisories directly through MITRE CVE Services.
  • As a GNA, reserve and publish GCVE identifiers within the decentralized Global CVE Allocation System — no MITRE dependency.

All straight from Vulnerability-Lookup, no separate tooling required.

Public instances are live:

✨ Main features

  • Feeders: Modular ingestion framework to import vulnerabilities from multiple sources. Default feeders are bundled and enabled out of the box.
  • CNA publishing: Reserve CVE IDs and publish, reject, or update your CVE records directly through MITRE CVE Services — CNAs become producers, not just consumers.
  • GNA publishing: Act as a GCVE Numbering Authority — reserve and publish GCVE identifiers from your own instance within the Global CVE Allocation System, with no dependency on MITRE.
  • CVD process: End-to-end management of Security Advisories and Coordinated Vulnerability Disclosures.
  • Local sources: Support for adding instance-specific, custom vulnerability sources.
  • KEV catalogs: Per-instance management with synchronization of remote KEV catalogs (e.g. ENISA, CISA), with per-catalog email subscriptions for new entries.
  • Sightings: Record and track vulnerability observations, including seen, exploited, not exploited, confirmed, not confirmed, patched, and not patched.
  • Comments: Add, review, and share analyst notes on advisories.
  • Bundles: Group related vulnerability advisories with contextual descriptions for easier tracking and analysis.
  • Synchronization: Optional synchronization of comments, bundles, sightings, and KEV entries between instances.
  • RSS/Atom: Subscribe to vulnerability updates and comments via RSS or Atom feeds.
  • EPSS: Integration with the Exploit Prediction Scoring System for improved risk prioritization.
  • VEX: Vendor VEX statements (starting with the Red Hat CSAF VEX and Microsoft CSAF VEX feeds) attached to existing CVE records as enrichment metadata, shown on the vulnerability page and served by the API together with the full CSAF documents.
  • Watchlists: Monitor vulnerabilities affecting specific products and receive email notifications.
  • API: Fast and comprehensive vulnerability lookup API, including cross-source correlation by vulnerability identifier.

For more information, refer to the user manual or the documentation.

📚 Sources and Default Feeders

The default sources included in Vulnerability-Lookup are the following:

🏛️ National Vulnerability Databases

🌐 Community & Open Source Databases

🏭 CSAF-based Sources

📦 OSV Sources

🔬 Specialized Sources

🧬 Enrichment Sources

These feeders do not create vulnerability records: they attach additional metadata to vulnerabilities already known to the instance.

  • CISA ADP Vulnrichment – CISA's enrichment of CVE records with SSVC decision points, CWE, CVSS, and CPE when missing from the original record
  • EPSS – Exploit Prediction Scoring System scores and percentiles
  • Red Hat CSAF VEX – per-CVE VEX statements (product status, severity), with the full CSAF documents available through the API
  • Microsoft CSAF VEX – per-CVE VEX statements from MSRC, with the full CSAF documents available through the API

🧩 Weakness & Attack Pattern Catalogs

  • CWE (Common Weakness Enumeration)
  • CAPEC (Common Attack Pattern Enumeration and Classification)

🔥 Known Exploited Vulnerabilities Catalogs

GCVE-BCP-07 - Known Exploited Vulnerability - KEV Assertion Format

👁️ Sighting Sources

Vulnerability-Lookup facilitates the recording of vulnerability sightings, regardless of whether they have been published by a source. A suite of sighting clients is already available to support this functionality:

Our tools on the Python Package Index (PyPI):

ToolDescription
ShadowSightA client that retrieves vulnerability observations from the The Shadowserver Foundation and pushes them to a Vulnerability-Lookup instance.
FediVulnA client to gather vulnerability-related information from the Fediverse.
BlueSkySightA client to gather vulnerability-related information from Bluesky.
MISPSightA client that retrieves vulnerability observations from a MISP server and pushes them to a Vulnerability-Lookup instance.
NucleiVulnA client designed to retrieve vulnerability-related observations from the Nuclei Git repository of templates and pushes them to a Vulnerability-Lookup instance.
ExploitDBSightingA client that retrieves vulnerability observations from Exploit-DB and pushes them to a Vulnerability-Lookup instance.
KEVSightA client to generate sightings for Vulnerability-Lookup from the Known Exploited Vulnerabilities (KEV) catalog.
GistSightA client for gathering vulnerability-related information from GitHub Gists.
MetasploitSightA client designed to retrieve vulnerability-related information from the modules available in Metasploit.
TsunamiSightA client that extracts vulnerability observations from Google's Tsunami Security Scanner plugin repository.
TeleGramSightA client that retrieves vulnerability sightings collected from a Telegram collector.

If you want to create your own sigthing tool, it's recommended to use PyVulnerabilityLookup, a Python library to access Vulnerability-Lookup via its REST API.

⚙️ Installation

Generally speaking, requirements are the following:

Installation instructions are available in the documentation.

🏗️ Architecture

Overview of the Vulnerability-Lookup architecture

📄 License

Vulnerability-Lookup is free software released under the "GNU Affero General Public License v3.0".

Copyright (c) 2023-2026 Computer Incident Response Center Luxembourg (CIRCL)
Copyright (c) 2023-2026 Alexandre Dulaunoy - https://github.com/adulau
Copyright (c) 2023-2026 Raphaël Vinot - https://github.com/Rafiot
Copyright (c) 2024-2026 Cédric Bonhomme - https://github.com/cedricbonhomme
Copyright (c) 2026 Niclas Dauster - https://github.com/NMD03