Open Vulnerability Database

Name: Vulnetix VDB
Author: Vulnetix

Query 150+ sources across CVEs, exploits, advisories, and malware feeds. One API. Every identifier format. Always current.

$ brew install vulnetix/tap/vulnetix

curl, go install, scoop, nix →

Get free API key API reference

Vulnetix VDB search — querying CVE-2025-43698

Click to try the live vulnerability search

Intelligence coverage

Intelligence sources

Aggregated, normalised, and enriched from 150+ authoritative sources. Every record is tagged with its origin, linked to upstream advisories, and queryable by any identifier.

Vulnerability Authorities

23 sources

Normalised records from every major vulnerability database and numbering authority worldwide.

Government & National Cyber Defence

16 sources

Advisories from 14+ national CERTs and government cybersecurity agencies.

Vendor & Product Security

24 sources

Consolidated vendor intelligence with structured affected-product data.

Supply Chain & Malware Detection

9 sources

Malicious package detection across typosquatting, dependency confusion, and backdoored code.

Exploit Intelligence

21 sources

Exploit availability, PoC code, framework modules, and weaponisation status.

Threat Observation & Research

9 sources

Live exploitation signals from honeypots, scanning infrastructure, and research communities.

Ecosystem & Patch Intelligence

47 sources

Patch availability across 30+ distributions and ecosystems with version-specific fix tracking.

Browse all sources →

FAQs about
the VDB

Common questions about querying the Vulnetix open vulnerability database.

Need more? Read the docs.

Is the VDB free to use?

Yes. The Community tier provides full access to aggregated vulnerability data with a free API key. Higher rate limits, proprietary enrichment, and enterprise integrations are available on paid plans.

Which identifier formats does the VDB support?

78+ formats — CVE, GHSA, PYSEC, RUSTSEC, GO, SNYK, ZDI, MSCVE, RHSA, KEV, EUVD, OSV, and more. Query by any identifier; cross-references are resolved automatically.

Where does the data come from?

150+ authoritative sources spanning vulnerability authorities, national CERTs, vendor advisories, exploit intelligence (Metasploit, ExploitDB, Nuclei, VulnCheck XDB), threat observation feeds, and ecosystem patch trackers. Every record is tagged with its origin and linked to upstream advisories.

How fresh is the data?

Continuously aggregated and normalised. KEV updates, vendor advisories, and exploit-intelligence feeds are ingested within minutes of publication.

Can I use the VDB from my AI coding agent?

Yes. The Vulnetix plugin works with 41+ agents that support SKILLS.md — Claude Code, Cursor, Windsurf, and more. Plugin documentation.

How do I get started?

Install the CLI (brew install vulnetix/tap/vulnetix), grab a free API key, and run vulnetix vdb <identifier>. See the getting started guide.

Get started

Ready to query the VDB?

Free Community API. Every identifier format. Always current. Upgrade when you need higher rate limits or enterprise integrations.

Get free API key Read the docs