Vulnerability-Lookup 2.20.0 released

Just in time for the end of the year, we’re happy to share our final release before the holidays: Vulnerability-Lookup 2.20.0 🎄

What’s New

GCVE (Global CVE Allocation System): Relationships

We’ve updated the bundled Vulnogram interface to better support the GCVE ecosystem. Vulnerability-Lookup now allows you to define and manage relationships between vulnerabilities, in line with the GCVE BCP-05 specification.

Commit: 2f39bf8

This is a first step toward implementing full GCVE BCP-05 compliance.

Displaying relationships of a vulnerability

Displaying relationships of a vulnerability

https://vulnerability.circl.lu/vuln/GCVE-1-2025-0032

In this case, opposes indicates that the GNA does not agree with the status or validity of the referenced vulnerability. This can be used when a GCVE published by another GNA is considered not to be a vulnerability for the product in question (e.g., the behavior is expected, or the scenario describes a discouraged or unsupported configuration).

Editing relationships with the Vulnogram UI

Edition relationships with Vulnogram user interface

Sightings Visualization

Understanding how vulnerabilities are observed in the wild just got easier. We’ve added a new Heat Map to visualize vulnerability sightings over time, featuring built-in filters for dates and sighting types.

Commit: 56a66e0

Heatmap for sightings

Examples

Heatmap example 1

https://vulnerability.circl.lu/vuln/CVE-2025-61757#sightings

Heatmap example 2

Bar chart

https://vulnerability.circl.lu/vuln/CVE-2018-13379#sightings

Sighting correlations

Sighting correlations

https://vulnerability.circl.lu/vuln/CVE-2025-59718#sightingsCorrelations

Changes

  • Authentication: Allowed password recovery triggers based on case-insensitive usernames. #290
  • Vulnerability Disclosure: A guidance message is now displayed to unauthenticated users when attempting to submit a new disclosure. (90787db)
  • Product API: product.find_vulnerabilities now returns more comprehensive results. (a31f6c3)

CVE tags example

https://vulnerability.circl.lu/vuln/GCVE-1-2025-0041

Fixes

  • Data Ingestion: Fixed an issue to ignore temporary files in ossf/malicious-packages. (6bc93b1)
  • Website: Fixed the routing path used to delete vulnerability disclosures. (e2ecb2a)
  • Website: Updated vulnerability ID requirements to be optional for disclosures. (5bd5353)

Changelog

For the full list of changes, check the GitHub release:
v2.20.0 Release Notes

Thank you to all our contributors and testers!

Feedback and Support

If you encounter any issues or have suggestions, please open a ticket on our GitHub repository:
GitHub Issues

Follow Us on the Fediverse

Stay updated on security advisories in real-time by following us on Mastodon:
@vulnerability_lookup