Vulnerability-Lookup 4.4.0 released

We are pleased to announce the release of Vulnerability-Lookup 4.4.0!

This release introduces public disclosure list views, enhanced sightings with automatic creation and heatmap navigation controls, toggleable chart events, and configurable CVD policy alerts. It also includes numerous fixes for database stability and performance, notification reliability, and Meilisearch error handling.

The technical documentation has been revamped for greater clarity and expanded with deployment guidance for high-traffic environments, validated in our production setup handling 15,000–20,000 queries per second (public API + Web pages).

What’s New

  • new: [views] Add public disclosures list view and improve disclosure detail template. ac97550
  • new: [heatmap] Add navigation and zoom controls to sightings heatmap. 57c1fb8
  • new: [sightings] Add toggleable extra events (published, reserved, KEV) to sightings charts. 1ae5cdf
  • new: [sightings] Add backfill_sightings script to create sightings from existing data. 3c036b3
  • new: [sightings] Automatically create sightings when bundles, comments, or KEV entries are created. 5676730, eb20f85, 351d538

Disclosed Vulnerabilities (CVD process)

Disclosures part of the CVD process are now listed on a dedicated page once they are disclosed (the CVD feature can be disabled in Vulnerability-Lookup). Previously, they were publicly accessible but not listed in a single view.

List view of publicly disclosed vulnerabilities in the CVD process

Comments as a sighting

Creating a comment on a vulnerability now automatically generates a sighting.

Comment automatically created as a sighting entry

Displaying reserved and published dates in the sightings visualisations

Sightings chart showing reserved and published date markers

CVE-2026-23456 was mentioned in the list of Ghost CVEs in our February Vulnerability Report. The CVE record is now available, and the visualisations show our sightings predating the publication date.

KEV entry as exploited sightings

Creating a KEV entry — whether directly, via synchronisation from another Vulnerability-Lookup instance, or by pulling from the CISA or ENISA catalogs — now automatically generates a sighting.

KEV entry displayed as an exploited sighting in the chart

KEV sighting details view

Zoom feature for the sightings visualisations

Zoom and navigation controls on the sightings heatmap

Changes

  • chg: [config] Make CVD policy alert messages configurable (CVD_POLICY_TITLE, CVD_POLICY_URL, CVD_POLICY_LOGIN_MESSAGE). 38a9fc8
  • chg: [views] Set disclosed_timestamp when admin transitions disclosure state to disclosed. b1265ca
  • chg: [templates] Link vulnerability ID, affected products, and CWEs in disclosure detail page. 0b57f62, c7f750e, 24512cf, 7dde7dc
  • chg: [templates] GCVE vulnerabilities show a parenthesized link to the associated CVE ID. 2944a32
  • chg: [templates] Vulnerabilities from FSTEC use the severity classification model. 9896c18
  • chg: [documentation] Convert documentation to Markdown and improvements. af2de56, ba70b69, 54d004b, 497c45a
  • chg: [dependencies] Updated Python and JavaScript dependencies. 81ea0d7, af81a41, ab94807, 7706a5c, b7cfab2

Fixes

  • fix: [views] Skip timestamp check for disclosed state in disclosures query. 88f8fe9
  • fix: [models] Handle None values in Product and Organization field validators. 3f56d34, 078eb1d
  • fix: [fulltext] Auto-purge Meilisearch tasks on no_space_left_on_device error. e7ffbfa
  • fix: [database] Fix DetachedInstanceError and idle-in-transaction timeouts. 801eefd, 9b89ce3, 028da84
  • fix: [notifications] Release DB transaction before slow email rendering/sending. 1c1a552, 913ecc1
  • fix: [tags] Sync comment tags with upstream MISP vulnerability taxonomy. 5b3d08f
  • fix: [forms] Align SignupForm login max length with database constraint. 210594a
  • fix: [bundle] Use JSONB contains operator for bundle vuln_id filter. 80c7295
  • fix: [sightings] Use KEV asserted_at date for backfilled sighting timestamp. 8c7d455

Changelog

📂 For the full list of changes, check the GitHub release:
https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v4.4.0

🙏 Thank you to all contributors and testers!

Feedback and Support

If you encounter any issues or have suggestions, feel free to open a ticket on our GitHub repository:
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/
Your feedback is always appreciated!

Follow Us on Fediverse/Mastodon

You can follow us on Mastodon and get real-time information about security advisories:
https://social.circl.lu/@vulnerability_lookup/