Get the podcast on Apple Podcasts
×

DanielMiessler

search
Login Become a Member Subscribe

Public Vulnerability Database Resources


Created/Updated: December 17, 2019

sisyphus-image-01c

List of Vulnerability Databases

There are a number of vulnerability databases out there. Here’s a list of some/most of the main ones.

NVD
(https://nvd.nist.gov)
NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.

OSVDB
(http://www.osvdb.org)
OSVDB’s goal is to provide accurate, detailed, current, and unbiased technical security information. The project currently covers 120,980 vulnerabilities, spanning 198,976 products from 4,735 researchers, over 113 years.

Exploit Database
(https://www.exploit-db.com)
The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is a non-profit project that is provided as a public service by Offensive Security.

Rapid7 Vulnerability and Exploit Database
(http://www.rapid7.com/db/)
A database of vulnerabilities and Metasploit modules.

Securityfocus BugTraq (BID) Database
(http://www.securityfocus.com/bid)
The SecurityFocus Vulnerability Database provides security professionals with the most up-to-date information on vulnerabilities for all platforms and services.

WPScan Vulnerability Database (BID) Database
(https://wpvulndb.com)
A Vulnerability Database for WordPress, its Plugins and Themes.

Vulnerability Database Use Cases

Here are some use cases for the various databases.

  1. Find details on a particular issue you’ve discovered using a tool
  2. Search for products you have and see how they’re vulnerable
  3. Gain a general awareness of how insecure most products are that we use
  4. Find issues in products that you’re performing authorized security testing for
  5. Satisfy curiosity

Notes

  1. Some of these are for different types of security information, i.e. not technically vulnerabilities, but it’s good to have them all in one place regardless of those differences.
  2. There are a number of other databases out there that are not open to the public, and I have not included them for this reason.
  3. Let me know if you think I should add any other databases.


ul-header-march23

Written By Daniel Miessler

Daniel Miessler is a cybersecurity leader, writer, and founder of Unsupervised Learning. He writes about security, tech, and society and has been featured in the New York Times, WSJ, and the BBC.
DanielMiessler
© Daniel Miessler 1999-2023


Security, Tech, and Society in 10 Minutes
20 hours of reading and analysis condensed into a 10-minute summary every Monday morning.


Join 55,000+ readers who see the patterns in the noise.