Download Our Latest Report
Risk Based Security publishes Vulnerability Intelligence Reports that provide a Quick View into vulnerability trends, using charts and graphs to summarize the most recently reported vulnerabilities
About VulnDB
VulnDB is the most comprehensive and timely vulnerability intelligence available and provides actionable information about the latest in security vulnerabilities via an easy-to-use SaaS Portal, or a RESTful API that allows easy integration into GRC tools and ticketing systems.
VulnDB allows organizations to search and be alerted on the latest vulnerabilities, both in end-user software and the 3rd Party Libraries or dependencies.
A subscription to VulnDB provides organizations with simple to understand ratings
and metrics on their vendors and products, and how each contributes to the organization’s risk-profile and cost of ownership.
Comprehensive Vulnerability Intelligence
Vulnerability source information, extensive references, links to Proof of Concept code and solutions
Disclosure timeline, researcher & other vulnerability metadata
Full mapping to CVE
Identified and cataloged over 100,893 vulnerabilities not found in CVE/NVD
Vulnerability Alerting Without Scanning
RESTful API provides access to raw vulnerability data
Vulnerabilities identified without having to scan your network by mapping to your assets
Real time alerting and threat modeling
Integrate vulnerability intelligence into your existing tools or workflow
Leverage existing GRC, ITIL, Asset Management/CMDB or SIEM products
Vendor and Product Risk Ratings
Proprietary Vulnerability Timeline and Exposure Metrics (VTEM)
Determine which products and vendors are putting your organization at risk, including how quickly they respond to researchers and provide patches
Extended classification system and our own CVSS scores
Extensive historical data, for a full picture of a vendor or product
Ability to compare vendor and products
Cost of Ownership Analysis
3rd Party Libraries
Over 2,000 software libraries identified
Comprehensive insight on vulnerabilities in 3rd Party Libraries used in products and software development
Single source of information to monitor each library to ensure that newly disclosed vulnerabilities are addressed
Metrics provide the ability to evaluate and select the best third-party libraries
Connectors & Integrations
Easily link VulnDB with existing IT tools and security software at your organization
Automatic identification of dependencies/libraries that are used by development teams
Faster setup to monitor products for vulnerability alerts
Easily map your critical assets to vulnerabilities in your Asset Management systems
Numerous options including Github, Slack, RSA Archer, Splunk and more!
Application Framework
Ability to group products and dependencies used by applications or projects
Track and alert on vulnerabilities for applications
Track the various open source licenses by dependency
Connect to Github or upload a dependency file to automatically create an Application
Multiple languages supported including .NET, Java, JavaScript, PHP, Python and Ruby
VulnDB Features
VulnDB is derived from a proprietary search engine and the thorough analysis of thousands
of disclosed vulnerabilities by our world-renowned research team.
Comprehensive Intelligence & 3rd Party Libraries
Over 332,481 vulnerabilities, covering products of 35,898 vendors, including vulnerabilities not found in CVE/NVD, making VulnDB the most comprehensive solution on the market. Over 2,000 3rd Party Libraries have been identified and monitored for vulnerabilities.
RESTful API
Access provided to raw data via our API for integration into your existing tools or workflow such as GRC tools such as Archer, ITIL ticketing tool, Asset Management/CMDB, SIEM or internally developed products.
VTEM Metrics & Historical Data
Proprietary VTEM metrics and historical vulnerability data provide a complete picture, helping to determine if a product is secure and if the vendor responds to security issues appropriately.
Vulnerability Metadata
Each vulnerability contains an extended classification system and our own CVSS metrics provides ratings for remediation and prioritization.
Procurement & Vendor Selection
Support procurement and vendor selection processes by using ratings enabling organizations to reduce the likelihood of a data breach due to insecure products.
Email Alerting & Logging
Ability to configure email alerts by Vendor, Product of Search Criteria to be sent to users or group when a vulnerability is disclosed or updated.
Cost of Ownership
VulnDB provides details on average disclosure dates and analysis to help IT organizations understand the amount of money required to keep a product secure through repeating patching.
Reporting
Custom reports can be run or scheduled to show vulnerability trends, organization activity, or to get a better understanding of the vendors and products in use.
Research Team
Our world-renowned research team performs further in-depth analysis of select vulnerabilities to provide customers with the most detailed information available on cause and impact.
Vulnerability Experts
VulnDB is provided by the former maintainers of the OSVDB project. Our leadership team has been at the forefront of vulnerability research for over a decade, we have two members of the CVE Editorial Board and we are on the FIRST SIG for CVSS and VRDX.
Trusted By Organizations Around The World
Risk Based Security is honored to serve the vulnerability and cyber risk intelligence needs of organizations both large and small across a broad array of industries. Our clients include cyber insurance companies and brokers, automobile manufacturers, banks and credit unions, software developers, security solution providers, health care providers, life sciences and other technology service and product companies.
