Vulnerability-Lookup 2.19.0 released

We’re delighted to announce the release of Vulnerability-Lookup 2.19.0!

What’s New

GCVE: Global CVE Allocation System

We’re pleased to announce the publication of:

This Best Current Practice document GCVE-BCP-02 provides actionable guidance for organisations, researchers, and GCVE Numbering Authorities (GNAs) on managing and disclosing vulnerabilities effectively, both within the GCVE ecosystem and beyond.

Vulnerability-Lookup fully supports these best practices for vulnerability disclosure, helping to promote responsible and effective handling of security issues.

Graphical improvements

Added Credits section for CVE v5 format (used by GCVE) and the OpenSSF Malicious Packages. 686e518, 3b39016, 7e9bf4f
Show CVE description on hover in /recent page (and for the card box of the index page). #289.
Many templates have been improved, including the vulnerability detail page, the recent vulnerabilities list, severity score displays, and all HTML tables, allowing more information to be shown while keeping the interface clean and user-friendly.

Tooltips for Bootstrap cardboxes

Tooltips for lists of recent vulnerabilities

New Credits section

Credits for the OpenSSF Malicious Packages

Changes

chg: [website] Reorganized and improved all Jinja filters especially the filters related to the parsing of CVE data. f912ef4
chg: [templates] Improved the display of the severity related information for CVE and GitHub sources in the /recent page. 629dc7a
chg: [website] New layout for severity implemented for PySec advisories. 74387cd
chg: [website] Added VLAI Severity score for PySec advisories. 3cfcc8d
chg: [website] Extract and display credits from OSSF Malicious Packages sources. 3b39016
chg: [templates] Improved display of various tables. 88b73f1
chg: [website] Display more data in the vulnerability evolution charts. The growth is now displayed in a tooltip box. b986dd3

Fixes

fix: [backend] Remove notifications of users to be deleted. 3ad413f
chg: [templates] Fixed a display issue for Tailscale ids. ef8a4a8
fix: [templates] Handle single object case for the references section of record from the JVNDB. f36689b

Security

fix: [security] Unconfirm user accounts when their email address changes and send a password-reset token to the original email. 46f30a0
fix: [security] Remove all items from the session dict on logout e2c54f7
fix: [security] Regenerate session ID after a user updates their password. 2403fa6
fix: [security] Updating the password now requires the user to provide the current password. a902f91
fix: [security] Sanitize related_vulnerabilities field of bundles (in backend) and avoid injecting raw HTML when building the DOM (in frontend) when displaying. 1811ef9 - GCVE-1-2025-0035
fix: [security] All state changing endpoints are now using POST HTTP requests with a CSRF token. a6c568d - GCVE-1-2025-0034
fix: [security] The number of failed OTP attemprs is now recorded. The user account is blocked after 5 attempts. Admins have the possibility to monitor failed 2FA via the admin panel (list of users). 113b1fe - GCVE-1-2025-0033

Changelog

📂 For the full list of changes, check the GitHub release:
https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v2.19.0

Thank you to all contributors and testers!

Feedback and Support

If you find any issues or have suggestions, please open a ticket on our GitHub repository:
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/
We appreciate your feedback!

Follow Us on Fediverse/Mastodon

Stay updated on security advisories in real-time by following us on Mastodon:
https://social.circl.lu/@vulnerability_lookup/