- VulDB - Vulnerability management and threat intelligence platform documenting and explaining vulnerabilities since 1970.
- Vulnerability-Lookup - Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD).
- Open Source Vulnerability - A distributed vulnerability database for Open Source
Vulnerability-Oriented Standards
Identification and Enumeration Standards
- CVE - Common Vulnerabilities and Exposures (CVE™) Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program.
- CWE - Common Weakness Enumeration (CWE) is a list of common software and hardware weakness types. It categorizes the causes of vulnerabilities, helping developers and security professionals understand and prevent them from being introduced in the first place.
Scoring and Assessment Standards
- CVSS - Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.
- ASVS - OWASP Application Security Verification Standard (ASVS) provides a basis for testing web application technical security controls and offers developers a list of requirements for secure development. It’s often used to establish a level of confidence in the security of web applications.
- NIST CSF - National Institute of Standards and Technology (NIST) Cybersecurity Framework’s (CSF) “Identify” and “Protect” functions emphasize understanding and mitigating vulnerabilities.
Vulnerability Scanner