Download Our Latest Report
Risk Based Security publishes Vulnerability Intelligence Reports that provide a Quick View into vulnerability trends, using charts and graphs to summarize the most recently reported vulnerabilities
VulnDB is the most comprehensive and timely vulnerability intelligence available and provides actionable information about the latest in security vulnerabilities via an easy-to-use SaaS Portal, or a RESTful API that allows easy integration into GRC tools and ticketing systems.
VulnDB allows organizations to search and be alerted on the latest vulnerabilities, both in end-user software and the 3rd Party Libraries or dependencies.
A subscription to VulnDB provides organizations with simple to understand ratings and metrics on their vendors and products, and how each contributes to the organization’s risk-profile and cost of ownership.
"Selecting a Vulnerability Intelligence Solution can be a difficult project. Risk Based Security’s VulnDB outperformed the competition with better technical research, more comprehensive vulnerability coverage, a modern and flexible API, consistent CPE naming, and more direct and faster support in case of questions or technical issues. VulnDB quickly became the obvious choice for us."
Stefan Beck & Ulrich Reiff
Product Security Officers for Unify Software and Solutions GmbH & Co. KG
"We love VulnDB and it helps our daily monitoring of security vulnerabilities. Without this great service, we would be back in the Stone Age. "
Yuji Ino, Recruit Technologies
CSIRT Incident Response Group
"Swisscom evaluated various suppliers of vulnerability intelligence. We have been convinced by VulnDB superior coverage, timeliness in the updates, and long term monitoring of exploits. We are also really appreciating RBS' own CVSS rating and classification, based on expert knowledge of the standard and practical use in the industry. Having all these curated information at your fingertip is a game changer."
Vulnerability Manager, Swisscom (Switzerland) Ltd.
Comprehensive Vulnerability Intelligence
Vulnerability source information, extensive references, links to Proof of Concept code and solutions
Disclosure timeline, researcher & other vulnerability metadata
Full mapping to CVE
Identified and cataloged over 71,239 vulnerabilities not found in CVE/NVD
Vulnerability Alerting Without Scanning
RESTful API provides access to raw vulnerability data
Vulnerabilities identified without having to scan your network by mapping to your assets
Real time alerting and threat modeling
Integrate vulnerability intelligence into your existing tools or workflow
Leverage existing GRC, ITIL, Asset Management/CMDB or SIEM products
Vendor and Product Risk Ratings
Proprietary Vulnerability Timeline and Exposure Metrics (VTEM)
Determine which products and vendors are putting your organization at risk, including how quickly they respond to researchers and provide patches
Extended classification system and our own CVSS scores
Extensive historical data, for a full picture of a vendor or product
Ability to compare vendor and products
Cost of Ownership Analysis
3rd Party Libraries
Over 2,000 software libraries identified
Comprehensive insight on vulnerabilities in 3rd Party Libraries used in products and software development
Single source of information to monitor each library to ensure that newly disclosed vulnerabilities are addressed
Metrics provide the ability to evaluate and select the best third-party libraries
Connectors & Integrations
Easily link VulnDB with existing IT tools and security software at your organization
Automatic identification of dependencies/libraries that are used by development teams
Faster setup to monitor products for vulnerability alerts
Easily map your critical assets to vulnerabilities in your Asset Management systems
Numerous options including Github, Slack, RSA Archer, Splunk and more!
Ability to group products and dependencies used by applications or projects
Track and alert on vulnerabilities for applications
Track the various open source licenses by dependency
Connect to Github or upload a dependency file to automatically create an Application
VulnDB is derived from a proprietary search engine and the thorough analysis of thousands of disclosed
vulnerabilities by our world-renowned research team.
Vulnerabilities YTD 2019
Vulnerabilities Missing From CVE
Vulnerabilities All Time
VulnDB is derived from a proprietary search engine and the thorough analysis of thousands
of disclosed vulnerabilities by our world-renowned research team.
Comprehensive Intelligence & 3rd Party Libraries
Over 216,300 vulnerabilities, covering products of 24,256 vendors, including vulnerabilities not found in CVE/NVD, making VulnDB the most comprehensive solution on the market. Over 2,000 3rd Party Libraries have been identified and monitored for vulnerabilities.
Access provided to raw data via our API for integration into your existing tools or workflow such as GRC tools such as Archer, ITIL ticketing tool, Asset Management/CMDB, SIEM or internally developed products.
VTEM Metrics & Historical Data
Proprietary VTEM metrics and historical vulnerability data provide a complete picture, helping to determine if a product is secure and if the vendor responds to security issues appropriately.
Each vulnerability contains an extended classification system and our own CVSS metrics provides ratings for remediation and prioritization.
Procurement & Vendor Selection
Support procurement and vendor selection processes by using ratings enabling organizations to reduce the likelihood of a data breach due to insecure products.
Email Alerting & Logging
Ability to configure email alerts by Vendor, Product of Search Criteria to be sent to users or group when a vulnerability is disclosed or updated.
Cost of Ownership
VulnDB provides details on average disclosure dates and analysis to help IT organizations understand the amount of money required to keep a product secure through repeating patching.
Custom reports can be run or scheduled to show vulnerability trends, organization activity, or to get a better understanding of the vendors and products in use.
Our world-renowned research team performs further in-depth analysis of select vulnerabilities to provide customers with the most detailed information available on cause and impact.
VulnDB is provided by the former maintainers of the OSVDB project. Our leadership team has been at the forefront of vulnerability research for over a decade, we have two members of the CVE Editorial Board and we are on the FIRST SIG for CVSS and VRDX.