Multi-Source Vulnerability-Lookup and Collaboration

Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD).

Vulnerability-Lookup is accessible via a web interface, RSS/Atom and an HTTP API. Vulnerability-Lookup is an interface to search publicly known information from security vulnerabilities in software and hardware along with their corresponding exposures. You can also register and collaborate on the vulnerability intelligence by adding comments or even reporting vulnerabilities.

Main features

• API: A comprehensive and fast lookup API for searching vulnerabilities and identifying correlations by vulnerability identifier.
• Feeders: Modular system to import vulnerabilities from different sources.
• CVD process: Creation, edition and fork/copy of Security Advisories with the vulnogram editor. Support of local vulnerability source per Vulnerability-Lookup instance.
• Sightings: Users have the possibility to add observations to vulnerabilities with different types of sightings, such as: seen, exploited, not exploited, confirmed, not confirmed, patched, and not patched.
• Comments: Ability to add, review and share comments on vulnerability advisories.
• Bundles: Possibility to create bundles of vulnerability advisories with a description.
• RSS/Atom: An extensive RSS and Atom support for vulnerabilities and comments.
• EPSS: Integration of the Exploit Prediction Scoring System.
• Track vulnerabilities with your custom product watch lists and receive email notifications.

For more information, refer to the user manual or the documentation.

Sources and Feeders

• CISA Known exploited vulnerability DB (via HTTP).
• NIST NVD CVE importer (via API 2.0), Fraunhofer FKIE NVD.
• CVEProject - cvelist (via git submodule repository).
• Cloud Security Alliance - GSD-Database (via git submodule repository).
• GitHub Advisory Database (via git submodule repository).
• PySec Advisory Database (via git submodule repository).
• OpenSSF Malicious Packages (via git submodule repository)
• Additional sources via CSAF including CERT-Bund, CISA, Cisco, nozominetworks, Open-Xchange, Red Hat, Sick, Siemens, NCSC-NL, Microsoft.
• VARIoT IoT vulnerabilities database.
• JVN iPedia, Japan database of vulnerability countermeasure information.
• Tailscale security bulletins.
• CWE (Common Weakness Enumeration) and CAPEC (Common Attack Pattern Enumeration and Classification)

Vulnerability-Lookup is a public service operated by CIRCL.

Public Web API of Vulnerability-Lookup

The HTTP API outputs JSON and described as an OpenAPI. The API is fully documented at the following location https://vulnerability.circl.lu/api. No authentication is required for the public exposed functions and authentication is required for the specific user API requests such as adding comments, bundle and user management. For more documentation about the project, https://www.vulnerability-lookup.org is the official webpage of the project.

Browse vendor and product

To get a JSON with all the vendors:

curl https://vulnerability.circl.lu/api/browse

To get a JSON with all the products associated to a vendor:

curl https://vulnerability.circl.lu/api/browse/microsoft

Browse CVEs per vendor/product

To get a JSON with all the vulnerabilities per vendor and a specific product:

curl https://vulnerability.circl.lu/api/search/microsoft/office

Get CVE per CVE-ID

To get a JSON of a specific CVE ID:

curl https://vulnerability.circl.lu/api/cve/CVE-2010-3333

Get the last updated CVEs

To get a JSON of the last 30 CVEs including CAPEC, CWE and CPE expansions:

curl https://vulnerability.circl.lu/api/last

Get more information about the current CVE database

To get more information about the current databases in use and when it was updated:

curl https://vulnerability.circl.lu/api/dbInfo

Do you log search queries?

Yes, we do log the search queries to debug our software and acquire statistics about software vulnerabilities trending.

Where is the source code of the Vulnerability-Lookup software?

Vulnerability-Lookup source is open source and available on GitHub and CIRCL Forge.

The original service was using cve-search source code is available on GitHub. We created Vulnerability-Lookup to facilitate multi sources and improve the performance of the service.

Is there a full dumps of the Vulnerability-Lookup sources?

You can access the full dumps per source from the Vulnerability-Lookup dumps.

Is there a library to access Vulnerability-Lookup service?

Yes, the Python library is accessible via PyVulnerabilityLookup

Feed syndication in RSS and Atom

Available feeds

Endpoint	Methods	Rule
bundles_bp.feed_bundles	GET	/bundles/feed.<string:format>[?user=<login>]
comments_bp.feed_comments	GET	/comments/feed.<string:format>[?user=<login>]
user_bp.feed_activity	GET	/user/<string:login>.<string:format>
home_bp.feed_recent	GET	/recent/<string:source>.<string:format>[?vulnerability=<vuln-id>]

The value of format can be rss or atom.

The value of source can be one of the following: “all”, “github”, “cvelistv5”, “nvd”, “pysec”, “gsd”, “ossf_malicious_packages”, “csaf_certbund”, “csaf_siemens”, “csaf_redhat”, “csaf_cisa”, “csaf_cisco”, “csaf_sick”, “csaf_nozominetworks”, “csaf_ox”, “variot”.

Examples

Recent vulnerabilities from all sources

$ curl https://vulnerability.circl.lu/recent/all.atom

Recent vulnerabilities from pysec

$ curl https://vulnerability.circl.lu/recent/pysec.atom

Recent vulnerabilities related to a vendor

$ curl 'https://vulnerability.circl.lu/recent/cvelistv5.atom?vendor=MISP&per_page=2&page=8'
<?xml version='1.0' encoding='UTF-8'?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/rss/recent/cvelistv5/2</id>
  <title>Most recent entries from cvelistv5</title>
  <updated>2024-07-19T07:54:55.493975+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 2 recent entries.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/vuln/cve-2023-24027</id>
    <title>cve-2023-24027</title>
    <updated>2024-07-19T07:54:55.497533+00:00</updated>
    <link href="https://vulnerability.circl.lu/vuln/cve-2023-24027"/>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/vuln/cve-2022-48329</id>
    <title>cve-2022-48329</title>
    <updated>2024-07-19T07:54:55.497430+00:00</updated>
    <link href="https://vulnerability.circl.lu/vuln/cve-2022-48329"/>
  </entry>
</feed>

Recent vulnerabilities linked to a specified vulnerability

$ curl 'https://vulnerability.circl.lu/recent/all.atom?vulnerability=cve-2021-22280'
<?xml version='1.0' encoding='UTF-8'?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/rss/recent/all/10</id>
  <title>Most recent entries from all</title>
  <updated>2024-07-19T07:55:40.707915+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent entries.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/vuln/ghsa-x53h-2cjp-mwcx</id>
    <title>ghsa-x53h-2cjp-mwcx</title>
    <updated>2024-07-19T07:55:40.721682+00:00</updated>
    <link href="https://vulnerability.circl.lu/vuln/ghsa-x53h-2cjp-mwcx"/>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/vuln/gsd-2021-22280</id>
    <title>gsd-2021-22280</title>
    <updated>2024-07-19T07:55:40.721638+00:00</updated>
    <link href="https://vulnerability.circl.lu/vuln/gsd-2021-22280"/>
  </entry>
</feed>