Vulnerability-Lookup 2.10.0 released
We’re delighted to announce the release of Vulnerability-Lookup 2.10.0, and it’s packed with exciting features!
What’s New
AI-Powered Enrichment using our in-house AI models
Vulnerability-Lookup now enhances vulnerability advisories using our in-house AI models.
We recently worked on a new project, ML-Gateway, a FastAPI service for serving NLP models. It loads one or more pre-trained NLP models during startup and expose them through a clean, RESTful API for inference. For example, it leverages the transformers library to load the CIRCL/vulnerability-severity-classification-roberta-base model, which specializes in classifying vulnerability descriptions according to their severity level. The server initializes this model once at startup, ensuring minimal latency during inference requests.
The ultimate goal is to enrich vulnerability data descriptions through the application of a suite of NLP models, providing direct benefits to Vulnerability-Lookup and supporting other related projects such as AIL.
Think of it as a gateway to model-serving services, enabling us to integrate various AI models in the future without introducing new dependencies or added complexity to Vulnerability-Lookup.
This release marks a significant milestone in our AI strategy. We now have the full loop in place: from data gathering and vulnerability correlation to AI dataset generation, model training with our own AI trainers, and finally, our new bridge that connects these models directly to Vulnerability-Lookup.
Example
Concretely, for the user, the result of the severity classification model appears on the vulnerability description page in Vulnerability-Lookup, just after the CVSS information. The goal is to provide a comparison point—and to offer a severity indicator when CVSS data is missing. This result is composed of the level of the severity (from Low to Critical) and the confidence level (between 0 and 1).
https://vulnerability.circl.lu/vuln/CVE-2025-4427
Conceptual architecture of the ML-Gateway
Models generation workflow
More information about AI datasets and models.
Monitor Your Local GCVE Registry with Vulnerability-Lookup
Thanks to the integration of the GCVE client, administrators of a Vulnerability-Lookup instance can now manage and monitor a local GCVE registry.
GNAs are retrieved from gcve.eu, and the integrity of the data is automatically verified. In a future release, this will allow administrators of a Vulnerability-Lookup instance to choose which GNA feeds to pull.
Changes
- Send notifications to admins and users when new comments are added to a disclosure. (58b6b60)
- Improved admin notification system for published comments. (2d2b917)
- Added a new API endpoint to verify the integrity of the local GCVE registry. (a4416c6, 27cdb50, 92c3c1b)
- Introduced a new Flask/Click command to update the local GCVE registry in the background using data from gcve.eu. This can also be triggered from the HML dashboard. (0a35027)
- Queries the backend to retrieve the vendor/product information for hovered vulnerability IDs in the charts and the table of the main public dashboard. Related to #136 (9f138a7)
- Enhanced the vulnerability sightings correlation graph.
Related to #136
(ac17667) - Various graphical improvements to the admin dashboard. (7c4e549)
Fixes
Changelog
📂 To see the full rundown of the changes, users can visit the changelog on GitHub: https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v2.10.0
🙏 A big thank you to all our contributors — with a special welcome to Léa, our newest contributor!
Feedback and Support
If you encounter issues or have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us!
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/
Follow us on Fediverse/Mastodon
You can follow us on Mastodon and get real time informationa about security advisories:
https://social.circl.lu/@vulnerability_lookup/