I checked out the European vulnerability database, EUVD, which was officially launched yesterday

I checked out the European vulnerability database, EUVD****, which was officially launched yesterday. Its usefulness is questionable for now. 🤷‍♂️

🔹 Basically, they pull data from public sources (MITRE CVE DB, CISA KEV, GHSA, EPSS, and a few others), map it under their own EUVD identifier (everything is mapped by CVE 😉), and provide a web interface.

🔹 The web interface is a bit odd. For example, there’s no search by alternative IDs, and CVEs can only be found via full-text search. 🙄

🔹 Do they have original vulns? Sort of. EU CSIRT is a CVE CNA. Vulnerabilities submitted via this CSIRT are shown separately on the EUVD dashboard – but they all have CVE IDs, so you can just view them on MITRE or NVD. So, what’s the point? 🙂

🔹 You can see delays in database updates for recent vulnerabilities, even though the data is available in the upstream databases.

🔹 There’s no effective way to export the database for analysis. The API only lets you export 100 identifiers per request. 😏

На русском

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.

А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.