Authoritative Vulnerability Intelligence

Vulnerability Authorities

The challenge: Vulnerability data is fragmented across dozens of disconnected databases, each with different formats, identifiers, and update cadences. Correlating a single vulnerability across NVD, GHSA, and OSV means querying three APIs and reconciling the results yourself.

What you get: One API query returns normalised, enriched records from every major vulnerability authority worldwide. Cross-referenced identifiers, unified severity scoring, and a single source of truth.

Source	Prefix	Description
MITRE CVE	CVE-	The global standard for vulnerability identification. Official CVE Records in CVE JSON 5.0 format from the MITRE Corporation.
NIST NVD	CVE-	US National Vulnerability Database. CVSS scoring, CPE matching, and CWE classification for published CVEs.
NIST NVD Recent	CVE-	Recently published and modified NVD entries, polled at higher frequency for faster ingestion.
NIST NVD (OSV)	CVE-	NVD data surfaced through the OSV ecosystem for package-level correlation.
VulnCheck NVD	CVE-	VulnCheck's enhanced NVD mirror with faster update cadence and additional enrichment.
GHSA	GHSA-	GitHub Security Advisories. Ecosystem-specific advisories with affected version ranges for open source packages.
GHSA (OSV)	GHSA-	GitHub Security Advisories surfaced through the OSV schema.
EUVD	EUVD-	European Union Vulnerability Database. EU-wide vulnerability coordination under the NIS2 directive.
CISA KEV	CVE-	CISA Known Exploited Vulnerabilities catalog. Confirmed actively exploited vulnerabilities with remediation deadlines.
VulnCheck KEV	CVE-	VulnCheck's expanded KEV dataset with additional exploitation evidence beyond the CISA catalog.
ENISA EU KEV	CVE-	ENISA's European Known Exploited Vulnerabilities list. EU-specific exploitation intelligence.
CISA ADP Vulnrichment	CVE-	CISA Authorized Data Publisher enrichment. SSVC scores, stakeholder context, and supplemental analysis.
Anchore ADP	CVE-	Anchore's Authorized Data Publisher feed. Container and supply chain vulnerability enrichment.
CNVD Advisory	CNVD-	China National Vulnerability Database. Chinese-language vulnerability advisories and coordination.
FSTEC BDU	BDU:	Russian Federal Service for Technical and Export Control. Russian vulnerability database and advisories.
VARIoT	VAR-	Vulnerability and Attack Repository for IoT. IoT-specific vulnerability intelligence.
Open Cloud Vulnerability DB		Cloud-native vulnerability intelligence for AWS, Azure, and GCP services.
Google Open Source Intelligence		Google's open source vulnerability intelligence programme and research disclosures.
circl		Computer Incident Response Center Luxembourg. European vulnerability coordination and intelligence sharing.
Coalition ESS		Coalition Exploit Scoring System. Exploit availability and usage probability scores for risk prioritisation.
Wiz Vulnerability Database		Wiz cloud security vulnerability intelligence with cloud-specific context and remediation guidance.
Veracode SourceClear		Veracode SourceClear Vulnerability Database. Commercial SCA vulnerability data with method-level analysis.
Snyk	SNYK-	Snyk vulnerability database. Commercial vulnerability intelligence with remediation advice and fix PRs.

See the Licensing Appendix for redistribution terms applicable to each source.