/Vulnerability-Databases

Vulnerability Databases

GNU General Public License v3.0GPL-3.0

Vulnerability Databases

  • Common Vulnerabilities and Exposures (CVE) - Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
  • National Vulnerability Database (NVD) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
  • US-CERT Vulnerability Notes Database - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
  • Full-Disclosure - Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources.
  • Bugtraq (BID) - Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
  • Exploit-DB - Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
  • Microsoft Security Bulletins - Announcements of security issues discovered in Microsoft software, published by the Microsoft Security Response Center (MSRC).
  • Microsoft Security Advisories - Archive of security advisories impacting Microsoft software.
  • Mozilla Foundation Security Advisories - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
  • Packet Storm - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
  • CXSecurity - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
  • SecuriTeam - Independent source of software vulnerability information.
  • Vulnerability Lab - Open forum for security advisories organized by category of exploit target.
  • Zero Day Initiative - Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint.
  • Vulners - Security database of software vulnerabilities.
  • Inj3ct0r - Exploit marketplace and vulnerability information aggregator. (Onion service.)
  • HPI-VDB - Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam.
  • China National Vulnerability Database (CNNVD) - Chinese government-run vulnerability database analoguous to the United States's CVE database hosted by Mitre Corporation.
  • Distributed Weakness Filing (DWF) - Federated CNA (CVE Number Authority) mirroring MITRE's CVE database and offering additional CVE-equivalent numbers to otherwise out-of-scope vulnerability disclosures.