Vulnerability Intelligence
Indices
Anchore NVD Data Overrides
Anchore NVD Data Overrides is an index of data overrides for the NVD dataset curated by Anchore that provides additional data that might be missing from NVD.
Browse the anchore-nvd-override
index
CANVAS Exploit Packs
CANVAS Exploit Packs developed by Gleg are powerful tools used in penetration testing and vulnerability assessment. These exploit packs provide a comprehensive range of exploits and attack vectors to assess the security of computer systems and applications.
CISA Known Exploited Vulnerabilities
The CISA Known Exploit Vulnerabilities catalog contains a list of exploited vulnerabilities known to CISA.
Common Weakness Enumeration Database
The MITRE Common Weakness Enumeration (CWE) is a community-developed list of common software security weaknesses. The CWE is maintained by the MITRE Corporation, a not-for-profit organization that operates federally funded research and development centers (FFRDCs) sponsored by the U.S. government. The CWE is a valuable resource for software developers, security professionals, and other stakeholders in the software industry. It provides a standardized way to identify and describe common software security weaknesses, which helps to improve the security of software systems and applications.
Emerging Threats Snort
Proofpoint's Emerging Threats Snort Rules are snort rules that can be used to monitor network traffic for malicious activity.
Browse the emerging-threats-snort
index
EPSS Data
The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the probability that a software vulnerability will be exploited in the wild.
The Exploit Database
The Exploit Database (ExploitDB) is an archive of public exploits curated by OffSec.
Gitee Exploits
| Exploits hosted on Gitee
Browse the gitee-exploits
index
GitHub Exploits
| Exploits hosted on GitHub
Browse the github-exploits
index
GitLab Exploits
| Exploits hosted on GitLab
Browse the gitlab-exploits
index
Project Zero In the Wild Exploits
Project Zero's In the Wild Exploits exploits list are curated by Google's Project Zero team and tracks zero day exploits found in the wild.
Browse the google-0day-itw
index
GreyNoise Metadata
GreyNoise Metadata Advisories are a type of security advisory that provides information about metadata associated with various IP addresses, domains, and other internet-connected devices.
Browse the greynoise-metadata
index
Huawei IPS Vulnerabilities
Huawei IPS Vulnerabilities are official notifications released by Huawei to address security vulnerabilities caught by Huawei's Intrusion Prevention System. These vulnerability notifications provide important information about the vulnerabilities, their potential impact, and recommendations for users to apply necessary patches or updates to ensure the security of their systems.
Metasploit Modules
Metasploit Modules is a list of modules that can be utilized via the metasploit framework for pentesting.
MISP Threat Actors
MISP Threat Actors is an open source list of known threat actors for the MISP (Malware Information Sharing Program) Open Source Threat Intelligence Sharing Platform.
Browse the misp-threat-actors
index
SAINT Exploits
SAINT Exploits exploits list are advisories and contain vulnerability details that are curated by the SAINT Corporation.
Shadowserver Foundation Vulnerabilities
Shadowserver foundation vulnerabilities contain attack statistics. Vulnerabilities are ranked according to the frequency with which exploitation attempts are made against honeypots.
Browse the shadowserver-exploited
index
Sigma Rules
Sigma Rules is a collection of rules where detection engineers, threat hunters and all defensive security practitioners collaborate on detection rules for SIEM systems.
VapidLabs Vulnerabilities
VapidLabs Vulnerabilities are advisories and contain vulnerability details along with exploits that are curated by Larry Cashdollar.
CISA Vulnrichment
The CISA Vulnrichment project is the public repository of CISA's enrichment of public CVE records through CISA's ADP (Authorized Data Publisher) container. In this phase of the project, CISA is assessing new and recent CVEs and adding key SSVC decision points. Once scored, some higher-risk CVEs will also receive enrichment of CWE, CVSS, and CPE data points, where possible.