Vulnerability-Lookup 🔎
A fast, open platform to correlate vulnerabilities across dozens of sources — regardless of the identifier they use — and to coordinate their disclosure from a single place.
Cross-source correlation
Links related vulnerabilities together, independent of the identifier format used.
Coordinated disclosure
Built-in Vulnogram integration to draft and publish advisories as a CNA or GNA.
GCVE-native
Identifier-agnostic by design, and fully compatible with the Global CVE Allocation System.
Collaborative
Comment, bundle and share sightings — and synchronize them across instances.
Vulnerability-Lookup enables rapid correlation of vulnerabilities across multiple sources, independent of vulnerability identifiers. It streamlines Coordinated Vulnerability Disclosure (CVD) through a built-in Vulnogram integration compatible with both CVE 5.2 and GCVE-BCP-05, allowing CNAs and GNAs to publish advisories and synchronize with other instances regardless of the identifier format used.
Vulnerability-Lookup is also a collaborative platform where users can comment on security advisories and create bundles.
This software is under AGPLv3 license. You are welcome to copy, modify or redistribute the source code according to the Affero GPL license.
🤝 Log in or create an account to join our community of contributors and start contributing today.
You can read the official documentation as well as the documentation dedicated to the API.
A user manual and a FAQ are also available.
🐛 Found a bug? Report it here.
Security advisories
Vulnerability-Lookup consolidates vulnerabilities from multiple sources.
- CVE Program Creative Commons Attribution 4.0 International (CC BY 4.0) 354210 vulnerabilities
- NVD Public Domain 354139 vulnerabilities
- FKIE NVD 354163 vulnerabilities
- GitHub Creative Commons Attribution 4.0 International (CC BY 4.0) 335939 vulnerabilities
- PySec Creative Commons Attribution 4.0 International (CC BY 4.0) 3653 vulnerabilities
- GSD Creative Commons Zero v1.0 Universal 335809 vulnerabilities
- OpenSSF Malicious Packages Apache License 2.0 226580 vulnerabilities
- CSAF ABB 54 vulnerabilities
- CSAF CERT-Bund 10738 vulnerabilities
- CSAF CISA 3789 vulnerabilities
- CSAF CISCO 2760 vulnerabilities
- CSAF Microsoft 14749 vulnerabilities
- CSAF NCSC-NL 859 vulnerabilities
- CSAF Nozomi Networks 52 vulnerabilities
- CSAF OpenSuse Creative Commons Attribution 4.0 International (CC BY 4.0) 10384 vulnerabilities
- CSAF Open-Xchange 23 vulnerabilities
- CSAF Red Hat Creative Commons Attribution 4.0 International (CC BY 4.0) 25121 vulnerabilities
- CSAF Schneider Electric 280 vulnerabilities
- CSAF Sick 65 vulnerabilities
- CSAF Siemens 703 vulnerabilities
- CSAF Suse Creative Commons Attribution 4.0 International (CC BY 4.0) 20421 vulnerabilities
- OSV AlmaLinux MIT 3767 vulnerabilities
- OSV Haskell Creative Commons Zero v1.0 Universal 34 vulnerabilities
- OSV Ocaml Creative Commons Zero v1.0 Universal 16 vulnerabilities
- OSV OSS Fuzz Creative Commons Attribution 4.0 International (CC BY 4.0) 3941 vulnerabilities
- OSV Rustsec Creative Commons Attribution 4.0 International (CC BY 4.0) 1079 vulnerabilities
- Bitnami VulnDB Apache License 2.0 5810 vulnerabilities
- Cleanstart Apache License 2.0 1266 vulnerabilities
- Drupal MIT 462 vulnerabilities
- Tailscale 37 vulnerabilities
- CERT FR Alerte 389 vulnerabilities
- CERT FR Avis 17044 vulnerabilities
- JVNDB 3249 vulnerabilities
- CNVD 130066 vulnerabilities
- FSTEC 82977 vulnerabilities
- VARIoT 46919 vulnerabilities
- CERT@VDE 2 vulnerabilities
- Phoenix Contact GmbH & Co. KG 108 vulnerabilities
- Welotec GmbH 5 vulnerabilities
- CODESYS GmbH 33 vulnerabilities
- Wiesemann & Theis GmbH 7 vulnerabilities
- MB connect line GmbH 24 vulnerabilities
- Helmholz GmbH & Co. KG 22 vulnerabilities
- Festo SE & Co. KG 18 vulnerabilities
- Pepperl+Fuchs SE 33 vulnerabilities
- Pilz GmbH & Co. KG 19 vulnerabilities
- WAGO GmbH & Co. KG 79 vulnerabilities
- ifm electronic GmbH 5 vulnerabilities
- Beckhoff Automation GmbH & Co. KG 17 vulnerabilities
- Trumpf SE + Co. KG 17 vulnerabilities
- Lenze SE 5 vulnerabilities
- Carlo Gavazzi Automation 1 vulnerability
- AUMA Riester GmbH & Co. KG 6 vulnerabilities
- Bender GmbH & Co. KG 4 vulnerabilities
- Endress+Hauser AG 19 vulnerabilities
- Frauscher Sensortechnik GmbH 4 vulnerabilities
- Miele & Cie KG 4 vulnerabilities
- Weidmueller Interface GmbH & Co. KG 16 vulnerabilities
- SMA Solar Technology AG 7 vulnerabilities
- HIMA Paul Hildebrandt GmbH 2 vulnerabilities
- Murrelektronik GmbH 1 vulnerability
- SWARCO TRAFFIC SYSTEMS GmbH 1 vulnerability
- ads-tec Industrial IT GmbH 3 vulnerabilities
- VARTA Storage GmbH 1 vulnerability
- Sauter AG 1 vulnerability
- Janitza electronics GmbH 2 vulnerabilities
- Mettler-Toledo GmbH 3 vulnerabilities
- Moksha 89 vulnerabilities
- GNA-1 (CIRCL) 63 vulnerabilities
- GNA-1337 (AHA!) 8 vulnerabilities
Sightings
This page lists the sources and tools we use to collect sightings.
Remote instances
This instance publishes comprehensive JSON dumps of all integrated sources as open data.
Dumps are an optional open-data convenience — not a sync mechanism. For ongoing synchronisation, use the API (since=) and the pub/sub stream. See access patterns for automated consumers for details.
AI datasets and models derived from the project are also released on Hugging Face for public use and further research.
For automated consumers
Building a scanner, external index, or other automated client? The canonical sync path is the API (use since= for incremental pulls) plus the pub/sub stream for real-time updates — please don't enumerate the API to mirror the dataset. Identify your client with a User-Agent that includes a contact URL or email.
- Access patterns for automated consumers — authoritative human-readable guidance
- /.well-known/api-policy.json — machine-readable policy (contact, sync paths, rate-limit posture, expiry)
- /llms.txt — concise agent-facing entry point
- /robots.txt — crawler policy
- /.well-known/security.txt — security contact (RFC 9116)
Operator of the instance: Global CVE Allocation System
Email: info@gcve.eu
More information about this instance.