News
Vulnerability-Lookup 2.12.0 released
We’re glad to announce the immediate availability of Vulnerability-Lookup version 2.12.0. What’s New CWE statistics Users can now access CWE occurrence statistics by year and optionally by month. The vulnerability detail page also displays the associated CWEs, with a direct link to the CWE detail page, which includes potential mitigations. New Kvrocks indexes are used for the lookup. (#140) by Léa This update enhances accessibility by making it easier for everyone to explore trends in common weaknesses over time directly through the web interface.
June 20, 2025
Vulnerability-Lookup 2.11.0 released
We’re excited to announce the release of Vulnerability-Lookup 2.11.0 — and it comes with a major milestone for decentralized vulnerability publication! What’s New GCVE-BCP-03 - Decentralized Publication Standard The GCVE BCP-03 Decentralized Publication Standard has now been implemented for the first time. This standard enables GCVE Numbering Authority (GNA) organizations to publish their vulnerability information directly—without relying on a centralized system. As a first step, version 2.10.0 of Vulnerability-Lookup introduced support for maintaining a local copy of the GCVE registry. With the latest release, it’s now possible to synchronize the list of local organizations in a Vulnerability-Lookup instance with this local GCVE registry.
June 13, 2025
Vulnerability Report - May 2025
All vulnerability reports Introduction This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community.
June 3, 2025
Vulnerability-Lookup 2.10.0 released
We’re delighted to announce the release of Vulnerability-Lookup 2.10.0, and it’s packed with exciting features! What’s New AI-Powered Enrichment using our in-house AI models Vulnerability-Lookup now enhances vulnerability advisories using our in-house AI models. We recently worked on a new project, ML-Gateway, a FastAPI service for serving NLP models. It loads one or more pre-trained NLP models during startup and expose them through a clean, RESTful API for inference. For example, it leverages the transformers library to load the CIRCL/vulnerability-severity-classification-roberta-base model, which specializes in classifying vulnerability descriptions according to their severity level. The server initializes this model once at startup, ensuring minimal latency during inference requests.
May 22, 2025
Vulnerability-Lookup 2.9.0 released
We’re delighted to announce the release of Vulnerability-Lookup 2.9.0, with new features, enhancements, and bug fixes. What’s New Adversarial Techniques from MITRE EMB3D The Adversarial Techniques from MITRE EMB3D are now integrated into Vulnerability-Lookup as a new source and are correlated with existing security advisories. This feature was contributed by Piotr Kaminski during the last Hack.lu hackathon. (#129) Global CVE Allocation System (GCVE) GCVE identifiers are now supported in HTML templates and URL parameters, thanks to the GCVE Python client. These identifiers can now be used when disclosing a new vulnerability as part of the Coordinated Vulnerability Disclosure (CVD) process, in alignment with NIS 2 requirements. (8bb3d84, 58c394a)
May 6, 2025
Vulnerability Report - April 2025
All vulnerability reports Introduction This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community.
May 1, 2025
Vulnerability-Lookup 2.8.0 released
We’re pleased to announce the immediate availability of Vulnerability-Lookup version 2.8.0. What’s New Simplified Vulnerability Reporting (aligned with NIS 2 requirements) Members of a Vulnerability-Lookup instance can now easily report vulnerabilities as preliminary advisories in the context of NIS 2. Operators can review these notifications and, if deemed relevant, generate a security advisory directly from Vulnerability-Lookup. The advisory will then be made publicly accessible, similar to those from other sources. #114
April 10, 2025
Vulnerability Report - March 2025
All vulnerability reports Introduction This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community.
April 1, 2025
Vulnerability-Lookup 2.7.0 released
We’re delighted to announce the release of Vulnerability-Lookup 2.7.0, packed with new features, enhancements, and bug fixes. There should have been a video here but your browser does not seem to support it. What’s New Vendor and Product Management Added support for extending or aliasing CPE names, allowing vendor and product names to be mapped. This addresses the issue of CPE fragmentation or inconsistency, where an organization might have multiple vendor names, or a single product is referenced by different CPE identifiers (e.g., "cpe:/a:oracle:java" vs. "cpe:/a:sun:java" for the same product).
March 27, 2025
Vulnerability Report - February 2025
All vulnerability reports Introduction This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community.
March 1, 2025