Vulnerability-Lookup Service: Multi-Source Vulnerability Lookup and Collaboration
Vulnerability Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD).
vulnerability-lookup is accessible via a web interface, RSS/Atom and an HTTP API. vulnerability-lookup is an interface to search publicly known information from security vulnerabilities in software and hardware along with their corresponding exposures. You can also register and collaborate on the vulnerability intelligence by adding comments or even reporting vulnerabilities.
Sources and Feeders
- CISA Known exploited vulnerability DB (via HTTP)
- NIST NVD CVE importer (via API 2.0)
- CVEProject - cvelist (via git submodule repository)
- Cloud Security Alliance - GSD-Database (via git submodule repository)
- GitHub Advisory Database (via git submodule repository)
- PySec Advisory Database (via git submodule repository)
- OpenSSF Malicious Packages (via git submodule repository)
- Additional sources via CSAF including CERT-Bund, CISA, Cisco, nozominetworks, Open-Xchange, Red Hat, Sick, Siemens
- VARIoT IoT vulnerabilities database
vulnerability-lookup is a public service operated by CIRCL.
Public Web API of vulnerability-lookup
The HTTP API outputs JSON and described as an OpenAPI. The API is fully documented at the following location https://vulnerability.circl.lu/doc. No authentication is required for the public exposed functions and authentication is required for the specific user API requests such as adding comments, bundle and user management.
Browse vendor and product
To get a JSON with all the vendors:
curl https://vulnerability.circl.lu/api/browse
To get a JSON with all the products associated to a vendor:
curl https://vulnerability.circl.lu/api/browse/microsoft
Browse CVEs per vendor/product
To get a JSON with all the vulnerabilities per vendor and a specific product:
curl https://vulnerability.circl.lu/api/search/microsoft/office
Get CVE per CVE-ID
To get a JSON of a specific CVE ID:
curl https://vulnerability.circl.lu/api/cve/CVE-2010-3333
Get the last updated CVEs
To get a JSON of the last 30 CVEs including CAPEC, CWE and CPE expansions:
curl https://vulnerability.circl.lu/api/last
Get more information about the current CVE database
To get more information about the current databases in use and when it was updated:
curl https://vulnerability.circl.lu/api/dbInfo
Do you log search queries?
Yes, we do log the search queries to debug our software and acquire statistics about software vulnerabilities trending.
Where is the source code of the vulnerability-lookup software?
vulnerability-lookup source is open source and available on GitHub and CIRCL Forge.
A documentation is available here.
The original service was using cve-search source code is available on GitHub. We created vulnerability-lookup to facilitate multi sources and improve the performance of the service.
Is there a full dumps of the vulnerability-lookup sources?
You can access the full dumps per source from the vulnerability-lookup dumps.
Is there a library to access vulnerability-lookup service?
Yes, the Python library is accessible via PyVulnerabilityLookup
Feed syndication in RSS and Atom
Available feeds
| Endpoint | Methods | Rule |
|---|---|---|
| bundles_bp.feed_bundles | GET | /bundles/feed.<string:format>[?user=<login>] |
| comments_bp.feed_comments | GET | /comments/feed.<string:format>[?user=<login>] |
| user_bp.feed_activity | GET | /user/<string:login>.<string:format> |
| home_bp.feed_recent | GET | /recent/<string:source>.<string:format>[?vulnerability=<vuln-id>] |
The value of format can be rss or atom.
The value of source can be one of the following: “all”, “github”,
“cvelistv5”, “nvd”, “pysec”, “gsd”, “ossf_malicious_packages”,
“csaf_certbund”, “csaf_siemens”, “csaf_redhat”, “csaf_cisa”,
“csaf_cisco”, “csaf_sick”, “csaf_nozominetworks”, “csaf_ox”, “variot”.
Examples
Recent vulnerabilities from all sources
$ curl https://vulnerability.circl.lu/recent/all.atom
Recent vulnerabilities from pysec
$ curl https://vulnerability.circl.lu/recent/pysec.atom
Recent vulnerabilities related to a vendor
$ curl 'https://vulnerability.circl.lu/recent/cvelistv5.atom?vendor=MISP&per_page=2&page=8'
<?xml version='1.0' encoding='UTF-8'?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
<id>https://vulnerability.circl.lu/rss/recent/cvelistv5/2</id>
<title>Most recent entries from cvelistv5</title>
<updated>2024-07-19T07:54:55.493975+00:00</updated>
<author>
<name>Vulnerability Lookup</name>
<email>info@circl.lu</email>
</author>
<link href="https://vulnerability.circl.lu" rel="alternate"/>
<generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
<subtitle>Contains only the most 2 recent entries.</subtitle>
<entry>
<id>https://vulnerability.circl.lu/vuln/cve-2023-24027</id>
<title>cve-2023-24027</title>
<updated>2024-07-19T07:54:55.497533+00:00</updated>
<link href="https://vulnerability.circl.lu/vuln/cve-2023-24027"/>
</entry>
<entry>
<id>https://vulnerability.circl.lu/vuln/cve-2022-48329</id>
<title>cve-2022-48329</title>
<updated>2024-07-19T07:54:55.497430+00:00</updated>
<link href="https://vulnerability.circl.lu/vuln/cve-2022-48329"/>
</entry>
</feed>
Recent vulnerabilities linked to a specified vulnerability
$ curl 'https://vulnerability.circl.lu/recent/all.atom?vulnerability=cve-2021-22280'
<?xml version='1.0' encoding='UTF-8'?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
<id>https://vulnerability.circl.lu/rss/recent/all/10</id>
<title>Most recent entries from all</title>
<updated>2024-07-19T07:55:40.707915+00:00</updated>
<author>
<name>Vulnerability Lookup</name>
<email>info@circl.lu</email>
</author>
<link href="https://vulnerability.circl.lu" rel="alternate"/>
<generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
<subtitle>Contains only the most 10 recent entries.</subtitle>
<entry>
<id>https://vulnerability.circl.lu/vuln/ghsa-x53h-2cjp-mwcx</id>
<title>ghsa-x53h-2cjp-mwcx</title>
<updated>2024-07-19T07:55:40.721682+00:00</updated>
<link href="https://vulnerability.circl.lu/vuln/ghsa-x53h-2cjp-mwcx"/>
</entry>
<entry>
<id>https://vulnerability.circl.lu/vuln/gsd-2021-22280</id>
<title>gsd-2021-22280</title>
<updated>2024-07-19T07:55:40.721638+00:00</updated>
<link href="https://vulnerability.circl.lu/vuln/gsd-2021-22280"/>
</entry>
</feed>