Vulnerability-Lookup 4.6.0 released

We are excited to announce the release of Vulnerability-Lookup 4.6.0!
This version brings more transparency, new data sources, API improvements, notable UI enhancements, and several performance and stability fixes.

What’s New

VLAI model transparency

The VLAI badge popover now surfaces the exact model name and revision used for a given analysis, with direct links to the HuggingFace model card and the revision commit. This is particularly useful as we regularly update our AI models and publish new versions on HuggingFace, making it easy to track exactly which model version produced a given result.

VLAI badge popover showing the AI model name and exact revision commit used for severity classification of a CVE

VLAI badge popover on a Chinese-language advisory, showing the MacBERT-based model name, revision hash, and a link to the HuggingFace model card

Moksha feeder

A new feeder for Moksha has been added, mirroring the indexing pattern used by the cvelistv5 source. Because Moksha is accessible over Tor, the feeder requires a local Tor instance and is disabled by default.

Recent vulnerabilities page filtered to the Moksha source, listing MOKSHA-2026 entries for XenServer (Cloud Software Group) with CVSS scores, short descriptions, and publication dates

KEV catalog on the homepage and search results

The latest entries from CISA’s Known Exploited Vulnerabilities (KEV) catalog are now displayed directly on the homepage. KEV catalog badges also appear on the search results page, giving you an immediate signal when a vulnerability is actively exploited in the wild.

Vulnerability-Lookup homepage showing four weekly sighting observation charts (mentions, confirmations, exploitations, published proof-of-concept), a recent activity sidebar, and the new Latest KEV Entries panel listing recently added CVEs

Improved CSAF advisory display

CSAF advisories now show a structured per-status product table derived from the product_tree, and the /recent page loads only the selected source with its own pagination — making it faster to browse recent activity.

CSAF advisory detail page for WID-SEC-W-2026-1047 (Adobe Acrobat Reader), showing the new per-status Affected Products section with Known Affected and Last Affected groups, each listing product, identifier, version, and remediation columns

API additions

  • A new with_meta parameter on the vulnerabilities list endpoint lets consumers fetch enriched metadata in a single call.
  • Optional, tier-aware rate limits can now be applied to vulnerability read endpoints.
  • A machine-readable access policy endpoint is available for automated consumers.

About page showing the new For Automated Consumers section, listing machine-readable access endpoints: api-policy.json, llms.txt, robots.txt, and security.txt

Changes

  • Performance improvements — Hot read endpoints are now cached with a Redis backend, full-text index writes are batched, and homepage sighting statistics are computed via a dedicated aggregated endpoint. These changes significantly reduce load under traffic spikes.
  • Homepage and template updates — The home page displays more information at a glance; the sources list on the About page is now in a collapsible accordion; Moksha is available in the /recent source menu.
  • ML-Gateway — The gateway response now includes the model name and revision, which are forwarded by the API (project page).
  • Dependencies — Python dependencies have been updated.

Fixes

This release includes a number of stability and correctness fixes: rate-limiter accuracy improvements (correct client IP resolution, dedicated Redis backend), Flask-Caching Redis pool reliability under gunicorn/gevent, EPSS badges on search results, timezone-aware timestamps for comments and bundles, restricted comment editing to authorized users only, and several minor UI and template corrections.

Migration Notes

Commit de3deb9 adds a composite index ix_sighting_creation_timestamp_type_vulnerability on the sighting table to support the /api/sighting/stats aggregation as an index-only scan.

To pick up the new index after pulling, run:

poetry run flask --app website.app db upgrade

Large instances: On really large sighting tables, consider building the index with CREATE INDEX CONCURRENTLY outside Alembic to avoid blocking writes during the build.

Changelog

📂 For the full list of changes, check the GitHub release:
https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v4.6.0

🙏 A big thank you to all contributors and testers!

Feedback and Support

If you find any issues or have suggestions, please open a ticket on our GitHub repository:
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/ I want We appreciate your feedback!

Follow Us on Fediverse/Mastodon

Stay updated on security advisories in real-time by following us on Mastodon:
https://social.circl.lu/@vulnerability_lookup/