Skip to content


Vulnerability Databases

  • Bugtraq (BID) - Software security bug identification database compiled from submissions to the SecurityFocus mailing list and other sources, operated by Symantec, Inc.
  • CXSecurity - Archive of published CVE and Bugtraq software vulnerabilities cross-referenced with a Google dork database for discovering the listed vulnerability.
  • China National Vulnerability Database (CNNVD) - Chinese government-run vulnerability database analoguous to the United States's CVE database hosted by Mitre Corporation.
  • Common Vulnerabilities and Exposures (CVE) - Dictionary of common names (i.e., CVE Identifiers) for publicly known security vulnerabilities.
  • Exploit-DB - Non-profit project hosting exploits for software vulnerabilities, provided as a public service by Offensive Security.
  • Full-Disclosure - Public, vendor-neutral forum for detailed discussion of vulnerabilities, often publishes details before many other sources.
  • GitHub Advisories - Public vulnerability advisories published by or affecting codebases hosted by GitHub, including open source projects.
  • HPI-VDB - Aggregator of cross-referenced software vulnerabilities offering free-of-charge API access, provided by the Hasso-Plattner Institute, Potsdam.
  • Inj3ct0r - Exploit marketplace and vulnerability information aggregator. (Onion service.)
  • Microsoft Security Advisories and Bulletins - Archive and announcements of security advisories impacting Microsoft software, published by the Microsoft Security Response Center (MSRC).
  • Mozilla Foundation Security Advisories - Archive of security advisories impacting Mozilla software, including the Firefox Web Browser.
  • National Vulnerability Database (NVD) - United States government's National Vulnerability Database provides additional meta-data (CPE, CVSS scoring) of the standard CVE List along with a fine-grained search engine.
  • Open Source Vulnerabilities (OSV) - Database of vulnerabilities affecting open source software, queryable by project, Git commit, or version.
  • Packet Storm - Compendium of exploits, advisories, tools, and other security-related resources aggregated from across the industry.
  • SecuriTeam - Independent source of software vulnerability information.
  • Snyk Vulnerability DB - Detailed information and remediation guidance for vulnerabilities known by Snyk.
  • US-CERT Vulnerability Notes Database - Summaries, technical details, remediation information, and lists of vendors affected by software vulnerabilities, aggregated by the United States Computer Emergency Response Team (US-CERT).
  • Vulnerability Lab - Open forum for security advisories organized by category of exploit target.
  • Vulners - Security database of software vulnerabilities.
  • Vulmon - Vulnerability search engine with vulnerability intelligence features that conducts full text searches in its database.
  • Zero Day Initiative - Bug bounty program with publicly accessible archive of published security advisories, operated by TippingPoint.