Vulnerability-Lookup 🔎
A fast, open platform to correlate vulnerabilities across dozens of sources — regardless of the identifier they use — and to coordinate their disclosure from a single place.
Cross-source correlation
Links related vulnerabilities together, independent of the identifier format used.
Coordinated disclosure
Built-in Vulnogram integration to draft and publish advisories as a CNA or GNA.
GCVE-native
Identifier-agnostic by design, and fully compatible with the Global CVE Allocation System.
Collaborative
Comment, bundle and share sightings — and synchronize them across instances.
Vulnerability-Lookup enables rapid correlation of vulnerabilities across multiple sources, independent of vulnerability identifiers. It streamlines Coordinated Vulnerability Disclosure (CVD) through a built-in Vulnogram integration compatible with both CVE 5.2 and GCVE-BCP-05, allowing CNAs and GNAs to publish advisories and synchronize with other instances regardless of the identifier format used.
Vulnerability-Lookup is also a collaborative platform where users can comment on security advisories and create bundles.
This software is under AGPLv3 license. You are welcome to copy, modify or redistribute the source code according to the Affero GPL license.
🤝 Log in or create an account to join our community of contributors and start contributing today.
You can read the official documentation as well as the documentation dedicated to the API.
A user manual and a FAQ are also available.
🐛 Found a bug? Report it here.
From the beginning, Vulnerability-Lookup was designed to operate independently of specific vulnerability identifiers, making it inherently compatible with the Global CVE Allocation System (GCVE).
This Vulnerability-Lookup instance is linked to GNA-1.
Security advisories
Vulnerability-Lookup consolidates vulnerabilities from multiple sources.
- CVE Program Creative Commons Attribution 4.0 International (CC BY 4.0) 354495 vulnerabilities
- NVD Public Domain 354427 vulnerabilities
- FKIE NVD 354495 vulnerabilities
- GitHub Creative Commons Attribution 4.0 International (CC BY 4.0) 336304 vulnerabilities
- PySec Creative Commons Attribution 4.0 International (CC BY 4.0) 3655 vulnerabilities
- GSD Creative Commons Zero v1.0 Universal 335809 vulnerabilities
- OpenSSF Malicious Packages Apache License 2.0 468932 vulnerabilities
- CSAF ABB 54 vulnerabilities
- CSAF CERT-Bund 9520 vulnerabilities
- CSAF CISA 3792 vulnerabilities
- CSAF CISCO 4176 vulnerabilities
- CSAF Microsoft 14766 vulnerabilities
- CSAF NCSC-NL 861 vulnerabilities
- CSAF Nozomi Networks 69 vulnerabilities
- CSAF OpenSuse Creative Commons Attribution 4.0 International (CC BY 4.0) 10576 vulnerabilities
- CSAF Open-Xchange 23 vulnerabilities
- CSAF Red Hat Creative Commons Attribution 4.0 International (CC BY 4.0) 43393 vulnerabilities
- CSAF Schneider Electric 280 vulnerabilities
- CSAF Sick 74 vulnerabilities
- CSAF Siemens 915 vulnerabilities
- CSAF Suse Creative Commons Attribution 4.0 International (CC BY 4.0) 20443 vulnerabilities
- OSV AlmaLinux MIT 3767 vulnerabilities
- OSV Haskell Creative Commons Zero v1.0 Universal 34 vulnerabilities
- OSV Ocaml Creative Commons Zero v1.0 Universal 16 vulnerabilities
- OSV OSS Fuzz Creative Commons Attribution 4.0 International (CC BY 4.0) 3942 vulnerabilities
- OSV Rustsec Creative Commons Attribution 4.0 International (CC BY 4.0) 1080 vulnerabilities
- Bitnami VulnDB Apache License 2.0 5810 vulnerabilities
- Cleanstart Apache License 2.0 1266 vulnerabilities
- Drupal MIT 32 vulnerabilities
- Tailscale 38 vulnerabilities
- CERT FR Alerte 774 vulnerabilities
- CERT FR Avis 33594 vulnerabilities
- JVNDB 3249 vulnerabilities
- CNVD 130067 vulnerabilities
- FSTEC 82977 vulnerabilities
- VARIoT 41946 vulnerabilities
- CERT@VDE 2 vulnerabilities
- Phoenix Contact GmbH & Co. KG 108 vulnerabilities
- Welotec GmbH 5 vulnerabilities
- CODESYS GmbH 33 vulnerabilities
- Wiesemann & Theis GmbH 7 vulnerabilities
- MB connect line GmbH 24 vulnerabilities
- Helmholz GmbH & Co. KG 22 vulnerabilities
- Festo SE & Co. KG 18 vulnerabilities
- Pepperl+Fuchs SE 33 vulnerabilities
- Pilz GmbH & Co. KG 19 vulnerabilities
- WAGO GmbH & Co. KG 79 vulnerabilities
- ifm electronic GmbH 5 vulnerabilities
- Beckhoff Automation GmbH & Co. KG 17 vulnerabilities
- Trumpf SE + Co. KG 17 vulnerabilities
- Lenze SE 5 vulnerabilities
- Carlo Gavazzi Automation 1 vulnerability
- AUMA Riester GmbH & Co. KG 6 vulnerabilities
- Bender GmbH & Co. KG 4 vulnerabilities
- Endress+Hauser AG 19 vulnerabilities
- Frauscher Sensortechnik GmbH 4 vulnerabilities
- Miele & Cie KG 4 vulnerabilities
- Weidmueller Interface GmbH & Co. KG 16 vulnerabilities
- SMA Solar Technology AG 7 vulnerabilities
- HIMA Paul Hildebrandt GmbH 2 vulnerabilities
- Murrelektronik GmbH 1 vulnerability
- SWARCO TRAFFIC SYSTEMS GmbH 1 vulnerability
- ads-tec Industrial IT GmbH 3 vulnerabilities
- VARTA Storage GmbH 1 vulnerability
- Sauter AG 1 vulnerability
- Janitza electronics GmbH 2 vulnerabilities
- Mettler-Toledo GmbH 3 vulnerabilities
- Moksha 89 vulnerabilities
- GNA-1 (CIRCL) 80 vulnerabilities
- GNA-1337 (AHA!) 8 vulnerabilities
Sightings
This page lists the sources and tools we use to collect sightings.
This instance publishes comprehensive JSON dumps of all integrated sources as open data.
Dumps are an optional open-data convenience — not a sync mechanism. For ongoing synchronisation, use the API (since=) and the pub/sub stream. See access patterns for automated consumers for details.
AI datasets and models derived from the project are also released on Hugging Face for public use and further research.
For automated consumers
Building a scanner, external index, or other automated client? The canonical sync path is the API (use since= for incremental pulls) plus the pub/sub stream for real-time updates — please don't enumerate the API to mirror the dataset. Identify your client with a User-Agent that includes a contact URL or email.
- Access patterns for automated consumers — authoritative human-readable guidance
- /.well-known/api-policy.json — machine-readable policy (contact, sync paths, rate-limit posture, expiry)
- /llms.txt — concise agent-facing entry point
- /robots.txt — crawler policy
- /.well-known/security.txt — security contact (RFC 9116)
Operator of the instance: Computer Incident Response Center Luxembourg (CIRCL)
Email: info@circl.lu
More information about this instance.