Vulnerability-Lookup 4.0.0 released
We are pleased to announce the release of Vulnerability-Lookup 4.0.0 — a second major milestone at the beginning of this year.
This version is paving the way for federated deployments of Vulnerability-Lookup instances.
What’s New
Remote Instance Synchronization
A local instance can now pull objects — including bundles, comments, sightings, and KEV entries (BCP-07) — from configured remote Vulnerability-Lookup instances via their public APIs.
The synchronization engine includes:
- Remote instance management with per-object-type synchronization controls
- Timestamp-based update detection to keep data consistent
- Asynchronous scheduler with graceful shutdown support
- CLI command and systemd service template for automation
- Administrative controls to trigger synchronization manually
- Visual indicators in the interface to clearly identify synchronized objects
This enables controlled federation between trusted instances while maintaining operational visibility.
The documentation is available here.
Remote instances configuration
About page listening configured remote instances
Synced comments
Synced KEV Catalogs
New Security Advisory Sources
Two new feeders expand Vulnerability-Lookup’s ingestion capabilities:
Changes
Improved global dashboard layout for better clarity and navigation 91db7fd
CSAF and OSV templates made fully generic 418b590
Fixes
Timestamps are now consistently converted to UTC before JSON serialization, preventing timezone mislabeling when the database session runs in a non-UTC timezone 4f7149e
API updated to handle the new data format returned by Rulezet 5489d29
Changelog
For the complete list of changes, please refer to the GitHub release notes:
v4.0.0 Release Notes
Feedback and Support
If you encounter any issues or have suggestions, please open a ticket on our GitHub repository: GitHub Issues
Follow Us on the Fediverse
Stay updated on security advisories and project news in real time by following us on Mastodon:
@vulnerability_lookup