News
Vulnerability-Lookup 2.18.0 released

Vulnerability-Lookup 2.18.0 released

November 14, 2025

 #release

We’re delighted to announce the release of Vulnerability-Lookup 2.18.0 — packed with exciting new features!

What’s New

Integration with Rulezet

Rulezet is an open-source platform for sharing, evaluating, improving, and managing cybersecurity detection rules (YARA, Sigma, Suricata, etc.). Its goal is to foster collaboration among professionals and enthusiasts to enhance the quality and reliability of detection rules.

Vulnerability-Lookup can now be configured to interface with the API of any Rulezet instance, providing insights into existing detection rules related to security vulnerabilities.
The default Rulezet instance enabled in Vulnerability-Lookup is hosted at https://rulezet.org and currently offers more than 122,000 security rules.

Detection rules related to vulnerabilities are displayed on the vulnerability details page (in a dedicated tab) and on bundle details pages.

Implemented in #280.

Detection rules related to a vulnerability https://vulnerability.circl.lu/vuln/CVE-2022-26134#detection-rules

Detection rules related to a bundle https://vulnerability.circl.lu/vuln/CVE-2014-6271#detection-rules

You can even query the remote Rulezet instance via the Vulnerability-Lookup API:

$ curl --silent 'https://vulnerability.circl.lu/api/rulezet/search_rules_by_vulnerabilities/CVE-2020-27130?page=1&per_page=50' | jq
{
  "metadata": {
    "count": 3,
    "page": 1,
    "per_page": 50
  },
  "data": [
    {
      "id": 122599,
      "uuid": "84846673-015e-450b-8a73-2ba481b5a6ce",
      "vulnerability_id": "CVE-2020-27130",
      "format": "suricata",
      "title": "Exploit CVE-2020-27130 on Cisco Security Manager - Upload webshell",
      "description": "Rule for security (detection rule in many format)",
      "raw": "alert http any any -> any any (msg:\"Exploit CVE-2020-27130 on  Cisco Security Manager - Upload webshell\"; flow:to_server,established; content:\"POST\"; http_method; content:\"/cwhp/XmpFileUploadServlet\"; startswith; http_uri; pcre:\"/filename=\\\".*\\.\\.\\/.+\\\"\\r\\n/P\"; reference:cve,CVE-2020-27130; classtype:web-application-attack; sid:2020271303; rev:1;)",
      "detail_url": "https://rulezet.org/rule/detail_rule/122599",
      "creation_date": "2025-11-06 13:03",
      "updated_date": "2025-11-13 09:33"
    },
    {
      "id": 122598,
      "uuid": "538dafc1-d49c-4fd6-bdb5-57b997346fe6",
      "vulnerability_id": "CVE-2020-27130",
      "format": "suricata",
      "title": "Exploit CVE-2020-27130 on Cisco Security Manager - Download arbitrary directory as a zip file",
      "description": "Rule for security (detection rule in many format)",
      "raw": "alert http any any -> any any (msg:\"Exploit CVE-2020-27130 on Cisco Security Manager - Download arbitrary directory as a zip file\"; flow:to_server,established; content:\"GET\"; http_method; pcre:\"/^\\/cwhp\\/(Xmp|Sample)FileDownloadServlet/U\"; content:\"../\"; distance:0; http_uri; reference:cve,CVE-2020-27130; classtype:web-application-attack; sid:2020271302; rev:1;)",
      "detail_url": "https://rulezet.org/rule/detail_rule/122598",
      "creation_date": "2025-11-06 13:03",
      "updated_date": "2025-11-06 13:03"
    },
    {
      "id": 122597,
      "uuid": "2cd8fb2a-e97b-4390-8dca-d416b2858c66",
      "vulnerability_id": "CVE-2020-27130",
      "format": "suricata",
      "title": "Exploit CVE-2020-27130 on Cisco Security Manager - Download arbitrary file",
      "description": "Rule for security (detection rule in many format)",
      "raw": "alert http any any -> any any (msg:\"Exploit CVE-2020-27130 on Cisco Security Manager - Download arbitrary file\"; flow:to_server,established; content:\"GET\"; http_method; pcre:\"/^\\/athena\\/(xdmProxy\\/(xdmConfig|xdmResources)|itf\\/resultsFrame\\.jsp)/U\"; content:\"../\"; distance:0; http_uri; reference:cve,CVE-2020-27130; classtype:web-application-attack; sid:2020271301; rev:1;)",
      "detail_url": "https://rulezet.org/rule/detail_rule/122597",
      "creation_date": "2025-11-06 13:03",
      "updated_date": "2025-11-06 13:03"
    }
  ]
}

Thanks to Théo Geffe for making this integration possible.

Indexing Information Related to Assigners (CNA)

Information about security advisory assigners is now indexed. CNAs from the official CVE Program source (cvelistv5) are indexed in Kvrocks, with GNAs planned for the future.
The API exposes this data via a new assigners endpoint. From an API perspective, both CNAs and GNAs are treated as assigners, though they will be stored in dedicated indexes.

Updates include:

  • Enhanced search capabilities related to assigners.
  • Improved /stats page.
  • Updated vulnerability details page: display the assigner name with a link.
  • A new page listing assigners, similar to the existing CWE list.

Implemented in PR #283.

Search with assigners filter

Top assigners charts

Website

  • new: [website] Add PROTECT_USER_PAGES option to restrict user profile pages to authenticated users. Closes (#277)

Vulnerability Sources

ℹ️
After updating, run the script: bin/index_vulnerabilities.py. This will index the CNAs and update the Kvrocks indexes. The process takes approximately 15 minutes. Next, run: bin/index_cwe.py. This will complete in under 2 minutes.
ℹ️
Please make sure your feeders configuration file (config/modules.cfg) is up to date. See the documentation.

Changes

  • chg: [website] Account creation via the API is now rate-limited to 3 registrations per hour per IP. (3a12de2)
  • Additional validation checks have been added to reject email addresses that are disposable (MISP list), from blocked domains, or with invalid MX records. (3a12de2)
  • chg: [website] Improved email address check in both the API endpoint and in the form controller. (bb090fc)
  • chg: [website] user.last_seen is now updated after successful login. (fb5796e)
  • chg: [API] Improved date parsing for sightings (d7bc9fd)
  • chg: [website] Harmonization of the templates for the details views of bundles and comments. (c7f90aa)
  • chg: [feeders] Improved use of the kvrocks counters for vendors and cwe rankings. (1205670)
  • chg: [notifications] add random jitter to reschedule execution times (d974315)
  • various minor improvements to the backend, user interface and documentation.

Refreshed views

Search page

Comment details

List of comments with filtering

List of bundles

Fixes

  • fix: [website] Redirect the user to the user_bp.watchlist view if notifications are found. (4f6e0bc)
  • fix: [API] Delete notifications of the user to delete. (2371962)
  • Rename flatpickr to flatpickr.js and update template reference (8dcc804) by @DocArmoryTech

Changelog

📂 For the full list of changes, check the GitHub release:
https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v2.18.0

Thank you to all contributors and testers!

Feedback and Support

If you find any issues or have suggestions, please open a ticket on our GitHub repository:
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/
We appreciate your feedback!

Follow Us on Fediverse/Mastodon

Stay updated on security advisories in real-time by following us on Mastodon:
https://social.circl.lu/@vulnerability_lookup/

Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform at Unlock Your Bain conference