The following are freely available vulnerability management resources. This list is non-exhaustive.
General
Common Vulnerabilities and Exposures: The Common Vulnerabilities and Exposures (CVE) Program provides a globally recognized, standardized set of identifiers and descriptions for publicly disclosed cybersecurity vulnerabilities, enabling users to uniquely refer to specific issues across different tools and platforms. By serving as a uniform "dictionary" rather than a deeply technical database, CVE ensures interoperability—security products, advisories, and databases can “speak” the same language—allowing organizations to reliably assess which vulnerabilities affect them and how well their tools cover those risks.
CISA Known Exploited Vulnerabilities Catalog (KEV): The KEV catalog provides a curated, authoritative list of CVEs that are currently being exploited in the wild. Unlike the broader CVE list, KEV prioritizes only those vulnerabilities with reliable evidence of real-world malicious activity, paired with available fixes or mitigations. This allows organizations to focus their vulnerability management efforts where they matter most—ensuring the most dangerous, actively exploited weaknesses are patched quickly.
Forum of Incident Response and Security Teams (FIRST): By providing interoperable scoring standards and service guidelines, FIRST empowers security professionals, vendor teams, and response organizations to communicate clearly, assess risk consistently, and act swiftly based on CVE data—turning a simple vulnerability identifier into a structured, actionable foundation for global cybersecurity collaboration.
Vulnerability Databases
European Union Vulnerability Database (EUVD): The EUVD, maintained by ENISA under the NIS2 Directive, extends and complements the global CVE ecosystem with regionally relevant, coordinated, and enriched vulnerability intelligence. Operating as a CVE Numbering Authority since January 2024, ENISA issues both EU-specific IDs and CVE IDs.
United States National Vulnerability Database: The NVD, managed by NIST, plays a pivotal role for CVE users by enriching CVE records. Each new CVE is ingested and enhanced with standardized metadata—severity scores (CVSS 3.1/4.0), weakness taxonomy (CWE), and explicit product coverage (CPE)—facilitating automated identification, prioritization, and remediation of vulnerabilities.
Japan Vulnerability Notes (JVN): The JVN, maintained jointly by the JPCERT Coordination Center (JPCERT/CC) and Information-technology Promotion Agency (IPA), acts as Japan’s national vulnerability database that both ingests and enriches CVE entries with detailed local context while also assigning its own JVN‑specific IDs. By participating as a CVE data source since 2008, JVN ensures that vulnerabilities affecting Japanese products or environments are quickly mapped to global CVEs and enhanced with precise remediation steps and translations.
Provides a standardized method to identify and describe software, hardware, and operating systems, enabling precise matching of vulnerabilities to affected products.
Defines a machine-readable format for publishing and exchanging security advisories to improve automation and consistency in vulnerability communication.
Establishes a standardized structure for CVE records, ensuring consistent, clear, and interoperable documentation of vulnerability identifiers and key metadata.
Provides probabilistic scores estimating the likelihood that a given vulnerability will be exploited in the wild, helping prioritize remediation efforts.
Defines a simple and consistent way to identify and locate software packages across different ecosystems, supporting precise tracking of vulnerable components.
United States National Vulnerability Database: The NVD, managed by NIST, plays a pivotal role for CVE users by enriching CVE records. Each new CVE is ingested and enhanced with standardized metadata—severity scores (CVSS 3.1/4.0), weakness taxonomy (CWE), and explicit product coverage (CPE)—facilitating automated identification, prioritization, and remediation of vulnerabilities.
'/%3e%3cpath%20d='M0%2028.187c0%208.682%205.95%2015.999%2013.98%2018.076%201.49.385%203.052.59%204.66.59a9.301%209.301%200%20017.272%203.502A9.31%209.31%200%200127.96%2056h9.32a18.577%2018.577%200%2000-3.237-10.317%2018.743%2018.743%200%2000-3.085-3.496A18.549%2018.549%200%200018.64%2037.52a9.266%209.266%200%2001-4.66-1.253%209.343%209.343%200%2001-4.66-8.08%209.3%209.3%200%20012.048-5.832%2023.28%2023.28%200%2001-8.13-4.672A18.577%2018.577%200%20000%2028.187'%20fill='url(%23b)'/%3e%3cpath%20d='M60.541%2014.514c-7.692%200-13.928%206.245-13.928%2013.947%200%207.703%206.236%2013.948%2013.928%2013.948%207.693%200%2013.929-6.245%2013.929-13.948%200-7.702-6.236-13.947-13.929-13.947m0%204.836c5.017%200%209.099%204.088%209.099%209.111%200%205.025-4.082%209.112-9.099%209.112s-9.098-4.087-9.098-9.112c0-5.023%204.081-9.11%209.098-9.11m25.164%2013.231h8.963l-4.482-10.988-4.481%2010.988zm-8.81%209.363L88.14%2014.978h4.095l11.243%2026.967h-5.1l-2.202-5.378H84.198l-2.202%205.378h-5.1zm33.073-7.97c1.39%202.747%203.631%204.101%206.76%204.101%203.362%200%204.56-1.78%204.56-3.52%200-1.2-.425-2.013-1.545-2.748-1.12-.774-1.933-1.122-3.941-1.857-2.473-.928-3.903-1.625-5.448-2.863-1.545-1.277-2.28-3.018-2.28-5.3%200-2.167.812-3.908%202.396-5.262%201.622-1.354%203.593-2.012%205.95-2.012%203.67%200%206.452%201.47%208.307%204.372l-3.44%202.36c-1.042-1.586-2.626-2.399-4.79-2.399-2.125%200-3.67%201.2-3.67%202.863%200%201.122.463%201.664%201.12%202.321.425.31%201.507.774%202.01%201.045l1.39.542%201.584.619c2.55%201.045%204.366%202.167%205.487%203.366%201.12%201.2%201.7%202.824%201.7%204.836%200%204.759-3.285%207.97-9.428%207.97-4.984%200-8.654-2.321-10.354-6.151l3.632-2.283zm22.562%207.97h4.83V14.978h-4.83zm14.372-7.97c1.39%202.747%203.632%204.101%206.761%204.101%203.362%200%204.56-1.78%204.56-3.52%200-1.2-.426-2.013-1.546-2.748-1.12-.774-1.932-1.122-3.941-1.857-2.473-.928-3.902-1.625-5.448-2.863-1.545-1.277-2.279-3.018-2.279-5.3%200-2.167.811-3.908%202.395-5.262%201.623-1.354%203.593-2.012%205.95-2.012%203.67%200%206.453%201.47%208.307%204.372l-3.439%202.36c-1.043-1.586-2.627-2.399-4.79-2.399-2.126%200-3.671%201.2-3.671%202.863%200%201.122.464%201.664%201.12%202.321.425.31%201.507.774%202.01%201.045l1.39.542%201.585.619c2.55%201.045%204.365%202.167%205.486%203.366%201.12%201.2%201.7%202.824%201.7%204.836%200%204.759-3.284%207.97-9.427%207.97-4.984%200-8.655-2.321-10.354-6.151l3.631-2.283zm39.455-19.461c-7.692%200-13.928%206.245-13.928%2013.947%200%207.703%206.236%2013.948%2013.928%2013.948%207.693%200%2013.929-6.245%2013.929-13.948%200-7.702-6.236-13.947-13.929-13.947m0%203.018c6.019%200%2010.915%204.903%2010.915%2010.93%200%206.026-4.896%2010.93-10.915%2010.93-6.018%200-10.914-4.904-10.914-10.93%200-6.027%204.896-10.93%2010.914-10.93m24.513%2011.065h5.487c1.507%200%202.782-.503%203.786-1.548%201.044-1.044%201.546-2.321%201.546-3.869%200-1.547-.502-2.824-1.546-3.869-1.004-1.044-2.28-1.547-3.786-1.547h-5.486v10.833zm-3.013%2013.348V14.978h8.616c2.28%200%204.25.774%205.834%202.36%201.584%201.548%202.396%203.482%202.396%205.842%200%202.36-.812%204.295-2.396%205.881-1.584%201.548-3.554%202.322-5.834%202.322h-5.602v10.562h-3.014zm24.07%200V14.978h15.222v2.786H234.94v8.55h11.475V29.1H234.94v10.06h12.48v2.785zm23.143%200V14.978h2.626l16.266%2021.59v-21.59h3.014v26.967h-2.434l-16.46-21.821v21.821z'%20fill='%230A2540'/%3e%3c/g%3e%3c/svg%3e)
