News
Vulnerability-Lookup 2.13.0 released
We’re excited to announce the release of Vulnerability-Lookup 2.13.0! This version introduces several new features, enhancements, and fixes. What’s New Support for VLAI Severity Classification in Chinese For vulnerabilities originating from the CNVD source, Vulnerability-Lookup now leverages the ML-Gateway to perform inference using the CIRCL/vulnerability-severity-classification-chinese-macbert-base model. (0b85b2d) More information is available on VLAI Severity Classification (preprint for the 25V4C-TC: 2025 Vulnerability Forecasting Technical Colloquia. Darwin College Cambridge, UK).
July 11, 2025
Vulnerability Report - June 2025
All vulnerability reports Introduction This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community.
July 7, 2025
Beyond CVEs: Mastering the Landscape with Vulnerability-Lookup
We had the pleasure of presenting at FIRST.org 2025, showcasing the Vulnerability-Lookup and GCVE.eu initiatives. Although CVEs are a cornerstone of vulnerability management, they often provide an incomplete view of the security landscape. Vulnerability-Lookup, a new open-source project developed by CIRCL, addresses this limitation by offering a comprehensive and enriched vulnerability intelligence platform that goes beyond basic CVE data. The platform aggregates and correlates information from diverse sources, including exploit databases, vulnerability scanners, product advisories, and community contributions. This integration delivers a more complete picture of vulnerability threats. We demonstrate how this enhanced level of detail empowers security professionals to move beyond simple patch management and adopt proactive, actionable, risk-based strategies.
June 25, 2025
Vulnerability-Lookup 2.12.0 released
We’re glad to announce the immediate availability of Vulnerability-Lookup version 2.12.0. What’s New CWE statistics Users can now access CWE occurrence statistics by year and optionally by month. The vulnerability detail page also displays the associated CWEs, with a direct link to the CWE detail page, which includes potential mitigations. New Kvrocks indexes are used for the lookup. (#140) by Léa This update enhances accessibility by making it easier for everyone to explore trends in common weaknesses over time directly through the web interface.
June 20, 2025
Vulnerability-Lookup 2.11.0 released
We’re excited to announce the release of Vulnerability-Lookup 2.11.0 — and it comes with a major milestone for decentralized vulnerability publication! What’s New GCVE-BCP-03 - Decentralized Publication Standard The GCVE BCP-03 Decentralized Publication Standard has now been implemented for the first time. This standard enables GCVE Numbering Authority (GNA) organizations to publish their vulnerability information directly—without relying on a centralized system. As a first step, version 2.10.0 of Vulnerability-Lookup introduced support for maintaining a local copy of the GCVE registry. With the latest release, it’s now possible to synchronize the list of local organizations in a Vulnerability-Lookup instance with this local GCVE registry.
June 13, 2025
Vulnerability Report - May 2025
All vulnerability reports Introduction This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community.
June 3, 2025
Vulnerability-Lookup 2.10.0 released
We’re delighted to announce the release of Vulnerability-Lookup 2.10.0, and it’s packed with exciting features! What’s New AI-Powered Enrichment using our in-house AI models Vulnerability-Lookup now enhances vulnerability advisories using our in-house AI models. We recently worked on a new project, ML-Gateway, a FastAPI service for serving NLP models. It loads one or more pre-trained NLP models during startup and expose them through a clean, RESTful API for inference. For example, it leverages the transformers library to load the CIRCL/vulnerability-severity-classification-roberta-base model, which specializes in classifying vulnerability descriptions according to their severity level. The server initializes this model once at startup, ensuring minimal latency during inference requests.
May 22, 2025
Vulnerability-Lookup 2.9.0 released
We’re delighted to announce the release of Vulnerability-Lookup 2.9.0, with new features, enhancements, and bug fixes. What’s New Adversarial Techniques from MITRE EMB3D The Adversarial Techniques from MITRE EMB3D are now integrated into Vulnerability-Lookup as a new source and are correlated with existing security advisories. This feature was contributed by Piotr Kaminski during the last Hack.lu hackathon. (#129) Global CVE Allocation System (GCVE) GCVE identifiers are now supported in HTML templates and URL parameters, thanks to the GCVE Python client. These identifiers can now be used when disclosing a new vulnerability as part of the Coordinated Vulnerability Disclosure (CVD) process, in alignment with NIS 2 requirements. (8bb3d84, 58c394a)
May 6, 2025
Vulnerability Report - April 2025
All vulnerability reports Introduction This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community.
May 1, 2025
Vulnerability-Lookup 2.8.0 released
We’re pleased to announce the immediate availability of Vulnerability-Lookup version 2.8.0. What’s New Simplified Vulnerability Reporting (aligned with NIS 2 requirements) Members of a Vulnerability-Lookup instance can now easily report vulnerabilities as preliminary advisories in the context of NIS 2. Operators can review these notifications and, if deemed relevant, generate a security advisory directly from Vulnerability-Lookup. The advisory will then be made publicly accessible, similar to those from other sources. #114
April 10, 2025