Vulnerability Intelligence
Indices
Anchore NVD Data Overrides
Anchore NVD Data Overrides is an index of data overrides for the NVD dataset curated by Anchore that provides additional data that might be missing from NVD.
Browse the anchore-nvd-override index
CANVAS Exploit Packs
CANVAS Exploit Packs developed by Gleg are powerful tools used in penetration testing and vulnerability assessment. These exploit packs provide a comprehensive range of exploits and attack vectors to assess the security of computer systems and applications.
CISA KEV (Known Exploited Vulnerabilities)
The CISA Known Exploited Vulnerabilities catalog contains a list of exploited vulnerabilities known to CISA.
Common Weakness Enumeration Database
The MITRE Common Weakness Enumeration (CWE) is a community-developed list of common software security weaknesses. The CWE is maintained by the MITRE Corporation, a not-for-profit organization that operates federally funded research and development centers (FFRDCs) sponsored by the U.S. government. The CWE is a valuable resource for software developers, security professionals, and other stakeholders in the software industry. It provides a standardized way to identify and describe common software security weaknesses, which helps to improve the security of software systems and applications.
Emerging Threats Snort
Proofpoint's Emerging Threats Snort Rules are snort rules that can be used to monitor network traffic for malicious activity.
Browse the emerging-threats-snort index
EPSS Data
The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the probability that a software vulnerability will be exploited in the wild.
The Exploit Database
The Exploit Database (ExploitDB) is an archive of public exploits curated by OffSec.
Gitee Exploits
| Exploits hosted on Gitee
Browse the gitee-exploits index
GitHub Exploits
| Exploits hosted on GitHub
Browse the github-exploits index
GitLab Exploits
| Exploits hosted on GitLab
Browse the gitlab-exploits index
Project Zero In the Wild Exploits
Project Zero's In the Wild Exploits exploits list are curated by Google's Project Zero team and tracks zero day exploits found in the wild.
Browse the google-0day-itw index
GreyNoise Metadata
GreyNoise Metadata Advisories are a type of security advisory that provides information about metadata associated with various IP addresses, domains, and other internet-connected devices.
Browse the greynoise-metadata index
Huawei IPS Vulnerabilities
Huawei IPS Vulnerabilities are official notifications released by Huawei to address security vulnerabilities caught by Huawei's Intrusion Prevention System. These vulnerability notifications provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
Japan Vulnerability Notes
JVN stands for "the Japan Vulnerability Notes." It is a vulnerability information portal site designed to help ensure Internet security by providing vulnerability information and their solutions for software products used in Japan. JVN is operated jointly by the JPCERT Coordination Center and the Information-technology Promotion Agency (IPA).
Metasploit Modules
Metasploit Modules is a list of modules that can be utilized via the metasploit framework for pentesting.
MISP Threat Actors
MISP Threat Actors is an open source list of known threat actors for the MISP (Malware Information Sharing Program) Open Source Threat Intelligence Sharing Platform.
Browse the misp-threat-actors index
Qubes Security Bulletin
Qubes Security Bulletins are official notifications released by QubesOS to address security vulnerabilities and updates. These advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure security.
SAINT Exploits
SAINT Exploits exploits list are advisories and contain vulnerability details that are curated by the SAINT Corporation.
Security Lab Advisories
Security Lab Advisories are official notifications released by Positive Research's Security Lab to address security vulnerabilities and updates. These advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure security.
Shadowserver Foundation Vulnerabilities
Shadowserver foundation vulnerabilities contain attack statistics. Vulnerabilities are ranked according to the frequency with which exploitation attempts are made against honeypots.
Browse the shadowserver-exploited index
Shielder Advisories
Shielder Advisories are official notifications released by Shielder to address security vulnerabilities and updates. These advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure security.
Sigma Rules
Sigma Rules is a collection of rules where detection engineers, threat hunters and all defensive security practitioners collaborate on detection rules for SIEM systems.
Tenable Research Advisories
Tenable Research Advisories are official notifications released by Tenable to address security vulnerabilities and updates. These advisories provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure security.
Browse the tenable-research-advisories index
VapidLabs Vulnerabilities
VapidLabs Vulnerabilities are advisories and contain vulnerability details along with exploits that are curated by Larry Cashdollar.
VulnCheck CPE Dictionary
A dictionary of CPEs used in the construction of VCConfigurations.
Browse the vc-cpe-dictionary index
CISA Vulnrichment
The CISA Vulnrichment project is the public repository of CISA's enrichment of public CVE records through CISA's ADP (Authorized Data Publisher) container. In this phase of the project, CISA is assessing new and recent CVEs and adding key SSVC decision points. Once scored, some higher-risk CVEs will also receive enrichment of CWE, CVSS, and CPE data points, where possible.
