Vulnerability-Lookup
July 10, 2026 · View on GitHub
Vulnerability-Lookup
Find, correlate, and act on vulnerabilities from anywhere — and publish your own as a CNA or GNA.
Built with Flask · Kvrocks · Valkey · SQLAlchemy
Vulnerability-Lookup correlates vulnerabilities across multiple sources in real time, independent of their IDs, and turns scattered advisories into a single, searchable knowledge base. It is also a full Coordinated Vulnerability Disclosure (CVD) platform and a collaborative space where analysts comment on advisories, build bundles, and record sightings together.
And it's not just for consuming data — you can be a producer too:
- As a CNA, reserve CVE IDs and publish your advisories directly through MITRE CVE Services.
- As a GNA, reserve and publish GCVE identifiers within the decentralized Global CVE Allocation System — no MITRE dependency.
All straight from Vulnerability-Lookup, no separate tooling required.
Public instances are live:
- vulnerability.circl.lu — operated by CIRCL
- db.gcve.eu — operated by GCVE
✨ Main features
- Feeders: Modular ingestion framework to import vulnerabilities from multiple sources. Default feeders are bundled and enabled out of the box.
- CNA publishing: Reserve CVE IDs and publish, reject, or update your CVE records directly through MITRE CVE Services — CNAs become producers, not just consumers.
- GNA publishing: Act as a GCVE Numbering Authority — reserve and publish GCVE identifiers from your own instance within the Global CVE Allocation System, with no dependency on MITRE.
- CVD process: End-to-end management of Security Advisories and Coordinated Vulnerability Disclosures.
- Local sources: Support for adding instance-specific, custom vulnerability sources.
- KEV catalogs: Per-instance management with synchronization of remote KEV catalogs (e.g. ENISA, CISA), with per-catalog email subscriptions for new entries.
- Sightings: Record and track vulnerability observations, including seen, exploited, not exploited, confirmed, not confirmed, patched, and not patched.
- Comments: Add, review, and share analyst notes on advisories.
- Bundles: Group related vulnerability advisories with contextual descriptions for easier tracking and analysis.
- Synchronization: Optional synchronization of comments, bundles, sightings, and KEV entries between instances.
- RSS/Atom: Subscribe to vulnerability updates and comments via RSS or Atom feeds.
- EPSS: Integration with the Exploit Prediction Scoring System for improved risk prioritization.
- VEX: Vendor VEX statements (starting with the Red Hat CSAF VEX and Microsoft CSAF VEX feeds) attached to existing CVE records as enrichment metadata, shown on the vulnerability page and served by the API together with the full CSAF documents.
- Watchlists: Monitor vulnerabilities affecting specific products and receive email notifications.
- API: Fast and comprehensive vulnerability lookup API, including cross-source correlation by vulnerability identifier.
For more information, refer to the user manual or the documentation.
📚 Sources and Default Feeders
The default sources included in Vulnerability-Lookup are the following:
🏛️ National Vulnerability Databases
- NVD CVE importer (API 2.0), with Fraunhofer FKIE NVD JSON feeds
- China National Vulnerability Database (CNNVD)
- JVN iPedia – Japanese vulnerability countermeasure database
- CERT-FR Alerts and Advisories
🌐 Community & Open Source Databases
- CVE Project – cvelist
- Cloud Security Alliance – GSD Database
- GitHub Advisory Database
- PySec Advisory Database
- OpenSSF Malicious Packages
🏭 CSAF-based Sources
- ABB
- ads-tec Industrial IT GmbH
- AUMA Riester GmbH & Co. KG
- Baade M2M-Products GmbH
- Beckhoff Automation GmbH & Co. KG
- Bender GmbH & Co. KG
- Carlo Gavazzi Automation
- CERT-Bund
- CERT@VDE
- CISA
- Cisco
- CODESYS GmbH
- Endress+Hauser AG
- Festo SE & Co. KG
- Frauscher Sensortechnik GmbH
- Harman International
- Helmholz GmbH & Co. KG
- HIMA Paul Hildebrandt GmbH
- ifm electronic GmbH
- Janitza electronics GmbH
- JUMO GmbH & Co. KG
- Lenze SE
- MB connect line GmbH
- Mettler-Toledo GmbH
- METZ CONNECT GmbH
- Microsoft
- Miele & Cie KG
- Murrelektronik GmbH
- NCSC-NL
- Nozomi Networks
- Open-Xchange
- OpenSuse
- Pepperl+Fuchs SE
- Phoenix Contact GmbH & Co. KG
- Pilz GmbH & Co. KG
- Red Hat
- Sauter AG
- Schneider Electric
- Sick
- Siemens
- SMA Solar Technology AG
- Suse
- SWARCO TRAFFIC SYSTEMS GmbH
- TIBCO
- Trend Micro
- Trumpf SE + Co. KG
- VARTA Storage GmbH
- VEGA Grieshaber KG
- WAGO GmbH & Co. KG
- Weidmueller Interface GmbH & Co. KG
- Welotec GmbH
- Wiesemann & Theis GmbH
📦 OSV Sources
- AlmaLinux
- Bitnami Vulnerability Database
- CleanStart OS packages
- Drupal Advisory Database
- Haskell Security Advisories
- OCaml Security Advisories
- OSS-Fuzz
- RustSec Advisory Database
🔬 Specialized Sources
- AVID – AI/ML vulnerabilities database (bias, robustness, privacy, security, ethics)
- VARIoT – IoT vulnerabilities database
- Tailscale Security Bulletins
🧬 Enrichment Sources
These feeders do not create vulnerability records: they attach additional metadata to vulnerabilities already known to the instance.
- CISA ADP Vulnrichment – CISA's enrichment of CVE records with SSVC decision points, CWE, CVSS, and CPE when missing from the original record
- EPSS – Exploit Prediction Scoring System scores and percentiles
- Red Hat CSAF VEX – per-CVE VEX statements (product status, severity), with the full CSAF documents available through the API
- Microsoft CSAF VEX – per-CVE VEX statements from MSRC, with the full CSAF documents available through the API
🧩 Weakness & Attack Pattern Catalogs
🔥 Known Exploited Vulnerabilities Catalogs
GCVE-BCP-07 - Known Exploited Vulnerability - KEV Assertion Format
👁️ Sighting Sources
Vulnerability-Lookup facilitates the recording of vulnerability sightings, regardless of whether they have been published by a source. A suite of sighting clients is already available to support this functionality:
Our tools on the Python Package Index (PyPI):
| Tool | Description |
|---|---|
| ShadowSight | A client that retrieves vulnerability observations from the The Shadowserver Foundation and pushes them to a Vulnerability-Lookup instance. |
| FediVuln | A client to gather vulnerability-related information from the Fediverse. |
| BlueSkySight | A client to gather vulnerability-related information from Bluesky. |
| MISPSight | A client that retrieves vulnerability observations from a MISP server and pushes them to a Vulnerability-Lookup instance. |
| NucleiVuln | A client designed to retrieve vulnerability-related observations from the Nuclei Git repository of templates and pushes them to a Vulnerability-Lookup instance. |
| ExploitDBSighting | A client that retrieves vulnerability observations from Exploit-DB and pushes them to a Vulnerability-Lookup instance. |
| KEVSight | A client to generate sightings for Vulnerability-Lookup from the Known Exploited Vulnerabilities (KEV) catalog. |
| GistSight | A client for gathering vulnerability-related information from GitHub Gists. |
| MetasploitSight | A client designed to retrieve vulnerability-related information from the modules available in Metasploit. |
| TsunamiSight | A client that extracts vulnerability observations from Google's Tsunami Security Scanner plugin repository. |
| TeleGramSight | A client that retrieves vulnerability sightings collected from a Telegram collector. |
If you want to create your own sigthing tool, it's recommended to use PyVulnerabilityLookup, a Python library to access Vulnerability-Lookup via its REST API.
⚙️ Installation
Generally speaking, requirements are the following:
- Recent version of Python (>= 3.11)
- Recent version of Poetry
- Kvrocks database
Installation instructions are available in the documentation.
🏗️ Architecture

📄 License
Vulnerability-Lookup is free software released under the "GNU Affero General Public License v3.0".
Copyright (c) 2023-2026 Computer Incident Response Center Luxembourg (CIRCL)
Copyright (c) 2023-2026 Alexandre Dulaunoy - https://github.com/adulau
Copyright (c) 2023-2026 Raphaël Vinot - https://github.com/Rafiot
Copyright (c) 2024-2026 Cédric Bonhomme - https://github.com/cedricbonhomme
Copyright (c) 2026 Niclas Dauster - https://github.com/NMD03
