Vulnerability-Lookup 2.17.0 released

October 13, 2025

We’re happy to announce the release of Vulnerability-Lookup 2.17.0 — introducing new data integrations, API improvements, and multiple security and stability fixes.

What’s New

New Sightings and Integrations

Public PoC Sightings — Vulnerabilities with a known public proof of concept can now be tracked directly. (#245)
ENISA KEV Catalog — Integration of the European Union Agency for Cybersecurity’s Known Exploited Vulnerabilities catalog adds an authoritative new layer of intelligence. (#237)
Metasploit Sightings — Automatically detect and list vulnerabilities referenced in Metasploit modules. (#228)
Sploitus RSS — Fetch exploit information from Sploitus feeds. (#227)

API Enhancements

Added bulk DELETE endpoints for sightings. (commit a514920)

Changes

Command-line tools now provide an option to delete sightings matching a regular expression. (commit 0859260)
Regex matching for new sightings has been tightened to require full matches, improving data consistency. (commit 71387fc)

Fixes

A major focus of 2.17.0 is hardening the platform against potential injection and logic issues. Highlights include:

Fixed Reflected XSS vulnerabilities related to unsafe Markup usage, and a self-XSS risk in the admin CPE module — both responsibly reported by Jeroen Pinoy. (commits 378ccdf, 5403660)
Improved handling of API edge cases:
- /api/search endpoint errors fixed (#248)
- Consistent vendor limits in /vendors/ranking (commit b958bdb)
- Better error handling for unknown vulnerabilities (commit 5eaf644)
Website improvements:
- Correct HTTP codes in vulnerability_disclosure.py (commit 4622436)
- Fixed duplicate SQLAlchemy filters and decorator issues
- Enforced login for CPE management (PR #261)
Many smaller fixes — escaping for ilike searches, timeout checks, and improved validation logic across the application.

For a full list of fixes and commits, see the complete changelog.

🙏 Acknowledgments

A huge thank you to Jeroen Pinoy for his thorough code review and valuable security feedback. Your contributions make the platform stronger for everyone.

Changelog

📂 For the full list of changes, check the GitHub release:
https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v2.17.0

🙏 A big thank you to all contributors and testers!

Feedback and Support

If you find any issues or have suggestions, please open a ticket on our GitHub repository:
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/
We appreciate your feedback!

Follow Us on Fediverse/Mastodon

Stay updated on security advisories in real-time by following us on Mastodon:
https://social.circl.lu/@vulnerability_lookup/

Vulnerability Report - September 2025