- [Feature] Some users mistake their mail address as legitimate username to login. In this case a warning message informs the user about the mistake. (this was a customer request)
- [Optimization] Performance optimization for CTI country analysis (closed beta invite only at the moment). Time range analysis is now incremental which makes report generation much faster (especially for larger ranges).
- [Optimization] All listings in the personal profile do contain timestamps to make identification of single items much easier.
- [Optimization] Completed some of the missing translations for French, Italian, Spanish, Polish, and Swedish.
- [Optimization] Improved the handling of time format regarding country-specific definitions. The language en will show A.M. and P.M. only if the browser is also set to en-us. Otherwise the 24 hour format is used. If the language is set to fr and the browser announces fr-fr there will be the French format 12h34. The 24 hour format is also used as default for all languages without a specific definition.
- [Bugfix] Fixed a bug where some long product names, product listings and titles did not show the product name in its entirety.
- [Optimization] In API 3.26 fixed an issue where queries for
entry_timestamp_all_startdid not work properly if the request value had a trailing whitespace.
- [Feature] The personal API history does show the execution time for a request to help optimize queries. The column is shown as seconds and sortable.
- [Feature] Added planned features in a roadmap to announce upcoming functionality. The items shown are just suggestions and might change regarding implementation and deployment. (this was a customer request)
- [Optimization] Better description of update handling, especially prioritization of new data for existing entries and update requests by customers. (this was a customer request)
- [Optimization] Optimized the description of different commit moderation approaches. The actions for handling spam and profanity are explained in detail.
- [Bugfix] In API 2.20/3.25 the list of multiple items in
software_notaffectedlistdo trim trailing whitespaces correctly.
- [Optimization] Added a new community rank Guru which requires 5000 points to be reached. Therefore, Grand Master is not the highest rank anymore.
- [Feature] Introduced API 3.24 with the new request type
entry_timestamp_all_startwhich combines new items from
entry_timestamp_create_startand updated items from
entry_timestamp_change_startin a single stream. (this was a customer request)
- [Optimization] Optimized speed and memory consumption of queries based on LIKE statements in search queries.
- [Feature] Documentation of the different levels used in the field exploit_exploitability shown on multiple listings on the web site. (this was a customer request)
- [Feature] Made internal changelog public to provide full transparency for our customers. Entries earlier than 2020 just show milestones and not detailed changes. (this was a customer request)
- [Feature] Added link to changelog under support in main menu and in the footer of the page.
- [Optimization] Updated internal quality guidance for CVSS fields during creation of new entries based on official Microsoft disclosures.
- [Optimization] Updated internal quality requirements for
advisory_person_nicknamefields to prevent inaccurate information during daily update procedure.
- [Optimization] Optimized limiter to prohibit crawling of view elements by non-commercial users.
- [Optimization] Limiter uses better geolocation data to prevent malicious users from changing IP addresses to slow down detection of abuse.
- [Bugfix] Fixed a rare German translation issue in a specific sentence of some vulnerability summaries.
- [Optimization] Optimized language database for better performance.
- [Feature] Prepared language database for upcoming translations.
- [Feature] CTI Analysis (closed-beta only) supports search strings for technology-specific research.
- [Optimization] Optimized internal CTI event analysis module.
- [Feature] Added user element under search in main menu.
- [Feature] Added load balancing features to handle performance peaks much better.
- [Feature] Enabled priority module to provide high-availability for enterprise customers.
- [Optimization] Optimized normalize module to improve quality assurance of vulnerability data management.
- [Feature] Initiated preparation for port of web services to PHP8. First polyfill functions tested.
- [Bugfix] Fixed a bug where some new user submissions were shown as rejected even though they were still not processsed yet. This issue was reported by user misc.
- [Feature] Start of internal testing for CTI attribution module to identify APT group activities as such. Used by CTI team to create CTI alerts and infos for paying customers.
- [Optimization] Changed
120to keep commit grouping much smaller. Entries updated within a short period of time will pushed into the update stream to provide the most actual data to API users. (this was a customer request)
- [Optimization] Performance improvement of search engine. Early dissection will speed up some specific search requests.
- [Optimization] Performance improvement of monoblock engine. Compilation of entries is a bit faster under certain circumstances.
- [Feature] In API 3.23 added request type
cursorinitto determine ideal initial cursor position for ongoing vulnerability stream (e.g. Splunk).
- [Feature] Introduced information regarding ATT&CK. The fields are currently auto-generated and not part of the monoblock.
- [Feature] In API 2.19/3.22 added field
source_cve_cnawhich contains a string of the CVE Numbering Authority that assigned the CVE.
- [Bugfix] Corrected a display bug for tooltips of CVSS fields on certain overview pages.
- [Optimization] Optimized signup flood protection to prevent malicious users from auto-generating community accounts.
- [Feature] Added enw import feature for vulnerability moderators to handle custom entries and large batches of submissions.
- [Optimization] Optimized some indexes within the database to improve performance.
- [Feature] Introduced new monoblock structure to provide more possibilities like commits, commit histories, etc.
- [Optimization] Upgrading to an extended server cluster for better performance.
- [Bugfix] In API 3.21 the field
entry_timestamp_changeis now always present even if the entry was just created and never updated yet. In this case it will contain the same value like
entry_timestamp_create. User of the official VulDB Splunk App are advised to update to the latest release.
- [Feature] In API 3.20 added field
vulnerability_namewhich contains a string or array a popular names of the vulnerability (e.g. Shellshock, Poodle). (this was a customer request)
- [Feature] In API 3.19 added field family
entry_details_sources. (this was a customer request)
- [Feature] In API 3.18 added field
entry_replacesto display duplicates which have been replaced by this entry.
- [Feature] In API 3.17 added fields
vulnerability_cvss3_tempvector_vuldbto display full VulDB CVSSv3 vectors easily.
- [Feature] Introduction of software type categories available in the field
software_type. (this was a customer request)
- [Bugfix] In API 3.16 fixed value of field
advisory_identifier, disabled safeguard mechanism to prevent inconsistency in result count.
- [Optimization] Updated the Data Privacy Notice to clarifying wording and added details about payment processing.
- [Feature] In API 3.15 added fields
software_website_productto the output.
- [Feature] In API 3.14 requesting dedicated CVSS fields supports the official response format (e.g.
vulnerability_cvss3_vuldb_basescore) and the legacy format (e.g.
vulnerability_cvss3_basescore_vuldb). The legacy format will be dropped in a future major release of the API.
- [Feature] In API 1.8/2.18/3.13 added field
software_cpe23which introduces full CPE 2.3 support whereas
software_cpeis still providing CPE 2.2 data. (this was a customer request)
- [Feature] In API 1.7/2.17/3.12 added fields
entry_locked_reasonto inform about entries undergoing update and review processes (they might change soon).
- [Feature] Introduction of the C3BM Index (CVSSv3 Base Meta Index) based on CVSS data of multiple sources.
- [Optimization] In API 1.6/2.16/3.11 improved speed, reliability and accuracy of
- [Feature] In API 3.10 added request parameter
offsetto set a starting point for results (pagination). (this was a customer request)
- [Optimization] Reached the 10.000th community user. Congratulations!
- [Feature] In API 3.9 added field
- [Feature] In API 3.8 VulDB CVSSv3 scores use AI-driven autocomplete based on historical data and additional sources. The field
vulnerability_cvss3_vuldb_confidenceindicates the confidence of the vectors. (this was a customer request)
- [Bugfix] In API 1.5/2.15/3.7 field
software_componentis not returning multiple fields anymore to prevent parsing errors.
- [Feature] Enabling real-time views of recent and updated entries. You are now able to see the moderation time at work.
- [Feature] In API 1.4/2.14/3.6 requesting details without unlocked archive access will warn in field
entry_warningabout limitation. (this was a customer request)
- [Feature] Launch of Video Tutorial Series on YouTube to introduce new users to the capabilities of the service. (this was a customer request)
- [Feature] Release of official Splunk App which is available on Splunkbase for free. Commercial or enterprise license is recommended. (this was a customer request)
- [Feature] In API 3.5 support for the queries
- [Bugfix] In API 2.13/3.4 fixed enforcement of
details=0queries. This issue was reported by user portal. (this was a customer request)
- [Bugfix] In API 1.3/2.12/3.2 fixed wrong values in
response_remaining(calculation was correct, value shown was wrong). This issue was reported by user portal. (this was a customer request)
- [Bugfix] In API 1.2/2.11/3.1 fixed default sort order of
- [Feature] Introduced API 3.0, which moved
software_cpe. (this was a customer request)
- [Feature] In API 2.10 added
- [Feature] In API 2.10 added
vulnerability_risk(also shown in non-detail responses).
- [Optimization] In API 2.9 added detailed error messages regarding API key problems (
valid). (this was a customer request)
- [Optimization] In API 2.9 enterprise customers have performance priority over free users.
- [Feature] In API 2.8 the field
entry_titledoes not show CVE anymore.
- [Feature] In API 2.8 added fields
- [Feature] In API 2.7 added support for request type
topsoftware. (this was a customer request)
- [Feature] Made Data Privacy Notice available to comply with european GDRP requirements.
- [Feature] Release of Alexa Skill to make vulnerability management possible with the AI by Amazon. (original announcement)
- [Feature] Working on a proof-of-concept to use Alexa as a gateway to work with vulnerability data. (this was a customer request)
- [Feature] Upgrade to API 2.0. Response contains three elements (request, response, result) instead just the results.
- [Feature] Partnership with Titanium Team of scipag to establish Cyber Threat Intelligence services (CTI). (original announcement)
- [Optimization] Optimization of automated exploit price calculation to gain more accuracy.
- [Feature] Introduction of dynamic graphs shown in different views.
- [Optimization] Optimization of the official Twitter feed.
- [Bugfix] Fixed a display issue on the frontpage. Under certain circumstances new items were not shown as bold.
- [Feature] Added dynamic charts in the results overview of web searches.
- [Feature] Added dynamic charts of all kind of overview pages.
- [Feature] Created an About page which explains the history of our vulnerability service.
- [Feature] Added the 100.000th entry to the database. Check the stats for more details. Congratulations!
- [Feature] Vulnerability entries flagged as false-positive do now highlight this fact on their pages (title and introduction). (this was a customer request)
- [Feature] Introduced data for OVAL and IAVM. Completed all existing entries with appropriate data.
- [Feature] Supporting CVSS scores from multiple sources (VulDB, vendor, researcher, NVD). (this was a customer request)
- [Optimization] Optimized the indexing of the database to improve search performance.
- [Feature] Public availability of community edition. Create your account for free.
- [Optimization] Optimized performance by using specific features and configuration settings in PHP7.
- [Feature] Added an advanced search on the web site to improve specific search capabilities.
- [Feature] Start open beta of community edition.
- [Feature] Introduced Bug of the Day on the front page. One of the more serious or interesting issues of the recent days is shown every day.
- [Optimization] Redesign of the front-page with a slick layout and better data accessibility.
- [Feature] Implemented a module to detect loss of data integrity on the service.
- [Feature] Introduction of public API to provide vulnerability for automated processing. (this was a customer request)
- [Optimization] Optimization of database table structures to gain more flexibility and performance.
- [Feature] Implementation of Content Security Policy (CSP) to improve web security of the service.
- [Feature] It is now possible to upvote comments for vulnerability entries. Upvoted comments are shown on top of the list.
- [Feature] Start closed beta of community edition.
- [Feature] Editing a section of a vulnerability will automatically jump to the correct section of the edit form.
- [Feature] Existing vulnerability entries can now be edited immediately by members of the moderation team.
- [Feature] Enhanced the existing cache module to allow caching of database queries and results.
- [Feature] Every user account has now a profile.
- [Feature] Registered users are able to tweak their own configuration of the service.
- [Feature] Registered users are able to see history of vulnerability entries they have been viewing earlier.
- [Feature] Registered users are able to gain community points with activities to get a higher ranking on the site.
- [Feature] Users are able to submit new entries which will be queued and processed by the vulnerability moderation team.
- [Feature] Users accessing ressources which require an authentication receive a proper error message.
- [Feature] Users are able to reset their password via email (password recovery).
- [Feature] Logins with a new device or from an unknown source will inform the account holder about the potentially suspicious login. New devices are stored and shown in the personal device management overview. (this was a customer request)
- [Feature] Added a limiter to prevent malicious users from scraping our data without authorization.
- [Feature] Added full support for CVSSv3. (this was a customer request)
- [Feature] Introduction of exploit price calculations to provide a better tool to prioritize exposed vulnerabilies.
- [Optimization] Performance optimization for all web views.
- [Feature] Some statistical data is now stored in a centralized table which allows them to be shown on multiple places without new calculations every time.
- [Feature] Support for data fields of Tenable Nessus.
- [Optimization] Optimize redirects of RSSS feed requests.
- [Feature] Some data points are now shown in bubbles.
- [Optimization] Introduced a new site footer.
- [Optimization] Complete rewrite of the search engine to provide better matches and optimized performance.
- [Optimization] Optimization of HTML code to make pages smaller and faster to download and render.
- [Bugfix] Fixed a bug or slow indexes which improved the performance of vulnerability display a lot.
- [Feature] Introduction of new summaries and descriptions with more data enrichment.
- [Optimization] Performance optimization.
- [Feature] Introducing Chart.js to generate dynamic charts.
- [Optimization] Establish VulDB as independent service to gain more flexibility.
- [Optimization] Migration to new hardware.
- [Optimization] Renaming the Twitter handle from scipvulbot to "vuldb"https://twitter.com/vuldb.
- [Feature] Enhancing statistical overview to provide previews and forecasts based in historical data.
- [Feature] Creating new text for different pages and sub-pages.
- [Optimization] Adding caching modules to improve site performance. Caching is possible per site and file. (this was a customer request)
- [Optimization] Increasing update frequency of existing entries. (this was a customer request)
- [Bugfix] Corrected the listing of multiple authors of a vulnerability.
- [Optimization] More performance optimization of database queries.
- [Optimization] Performance optimization of database queries.
- [Feature] Introduction of Top 5 lists.
- [Feature] Adding Qualys data to vulnerability entries.
- [Feature] Adding SecurityCenter data to vulnerability entries.
- [Feature] Introduction of new queue for vulnerability processing by mod team.
- [Optimization] Optimization of all X-Force data import and display.
- [Optimization] Optimizaton of summaries and descriptions of vulnerability entries.
- [Optimization] Optimization of version descriptions of vulnerability entries.
- [Feature] Approaching backlog of old entries before 2003 with vulnerabilities ranging back to 1988. (original announcement) (this was a customer request)
- [Feature] Introduction of the "see also" hint which lists entries with are connected or similar.
- [Feature] Adding a field to declare the date of the introduction of a vulnerability.
- [Optimization] Optimization of queuing of new vulnerabilities to better prioritize processing.
- [Feature] Added language support for Polish. (this was a customer request)
- [Optimization] Database index optimization.
- [Optimization] Optimizing collision detection during the processing of new entries.
- [Optimization] Optimizing summaries regarding sources of vulnerability entries.
- [Optimization] Added helper for vulnerability moderation team to determine arguments of attacks faster and more reliable.
- [Optimization] Optimizing summaries regarding code samples.
- [Optimization] Optimizing helper for vulnerability moderation team to complete new and existing entries with additional data. This increases data quality drastically.
- [Bugfix] Fixed a bug where sometimes summaries and descriptions did contain spaces twice instead of once. This was just a problem in the HTML source code and not on the rendered web site.
- [Optimization] Added helper for vulnerability moderation team to determine keywords which shall be used within the title of a vulnerability entry.
- [Optimization] Optimizing the autocomplete feature to update new entries with historical data.
- [Optimization] Optimizing the pre-parser to handle import of new vulnerability entries.
- [Optimization] Changing the algorithm to calculate the current threat level.
- [Optimization] Changing the algorithm to calculate the risk rating of vulnerability entries.
- [Feature] Adding the support for OpenVAS data.
- [Feature] Introducing the threat level to show an indicator for the current vulnerability landscape.
- [Feature] Adding the possibility to add a custom word to the title to provide more details on first sight.
- [Feature] Establishing a background updater which handles entries which need to be updated without interfering with the manual work of the moderation team.
- [Optimization] Enhancement of the review procedure of CVE entries pushed by MITRE to improve processing and quality.
- [Feature] Collaboration with vFeed to exchange and enrich vulnerability data. (original announcement)
- [Optimization] Completing all existing entries with Secunia data.
- [Feature] Introducing risk maps to provide easy comparability between risk ratings of different sources.
- [Feature] Introducing support for Secunia data as a source.
- [Feature] Introducing support for IBM X-Force data as a source.
- [Feature] Added the 10.000th entry about Google Chrome to the database. Check the stats for more details. Congratulations! (original announcement)
- [Feature] Adding support for a wide variety of new data fields.
- [Optimization] Enhancement of the review procedure of Nessus entries.
- [Optimization] Optimizing the plausability checks during vulnerability moderation to prevent contradicting and wrong data.
- [Feature] Added support for CPE to better identification of products.
- [Optimization] Updating large quantities of vulnerabilities is now improved thanks to incremental updates.
- [Feature] Added support for screenshots per entries to illustrate attacks and countermeasures. (original announcement)
- [Feature] Added support to embed external videos per entries to illustrate attacks and countermeasures. Videos can be hosted at YouTube and Vimeo. (original announcement)
- [Feature] Added the capability to add quotes from advisories to enrich entries.
- [Feature] Added the capability to add links to videos for a vulnerability.
- [Feature] Added the capability to list multiple different products in an affected list. This is done additionally to the main product that is affected by a vulnerability.
- [Optimization] Enhanced input validation mechanism during vulnerability management to prevent mistakes regarding vendor/product definitions.
- [Optimization] Optimization of logging and tracking of queued items processed by the moderation team.
- [Optimization] Optimized input validation mechanisms during vulnerability management.
- [Feature] Added input validation mechanisms during vulnerability management.
- [Bugfix] Fixed an issue in the database. This did only affect moderation of vulnerabilities and was not reflected on the user-side of the service.
- [Feature] Added a feature to normalize terms between different vulnerability entries.
- [Optimization] Prepared the support for Milw0rm data for entries with an ID up to 50000.
- [Feature] Added language support for Spanish. (original announcement) (this was a customer request)
- [Bugfix] Fixed an upload problem of new entries into the database.
- [Feature] Migrating all available data from NASLDB.
- [Feature] Added language support for Italian. (original announcement) (this was a customer request)
- [Bugfix] Fixed a problem in the German module responsible to handle umlauts.
- [Optimization] Optimizing the autocomplete feature to update new entries with historical data.
- [Bugfix] Fixed a problem during the display of archive data.
- [Feature] Added support for better linking to external sources.
- [Optimization] Added new categories/keywords in the existing RSS feeds.
- [Feature] Added the calculation of the exposure time which measures the time of the disclosure and the mitigation possibilities of a vulnerability.
- [Optimization] Reviewed all available data of OSVDB.
- [Feature] Added support to show images of vendors/products.
- [Feature] Added support for Google dorks to find issues very quickly.
- [Optimization] Optimization of summaries and descriptions.
- [Optimization] Performance optimization.
- [Optimization] Performance optimization.
- [Optimization] Move to more powerful hardware due to increase in access.
- [Feature] Introduction of Reference Maps for better linking of vulnerabilities and sources. (original announcement)
- [Optimization] Make more statistical data available with better flexibility.
- [Feature] Adding the alert info on top of the site to show the most recent vulnerability with the highest emergency rating.
- [Optimization] Improved summary details per entries. (original announcement)
- [Optimization] Performance optimization for all RSS feeds. (original announcement)
- [Feature] Partnership with OSVDB to cross-link vulnerability entries. (original announcement)
- [Feature] Introduction of statistical overview. (original announcement)
- [Feature] Introduction of product overview. (original announcement)
- [Feature] Completing existing entries with mast actual data. This includes but is not limited to CVE, Secunia, SecurityTracker, vendor, and confirmation details. (original announcement)
- [Feature] Introduction of recurring update processes.
- [Optimization] Optimization of existing RSS feeds by adding summaries and categories. (original announcement)
- [Optimization] Complete re-write of the site in PHP. (original announcement)
- [Feature] Introduction of Emergency-SMS notification service.
- [Feature] Bugbase is completely re-written in Perl and uses a dedicated backend for vulnerability moderation to gain more flexibility.
- [Optimization] Bugbase is re-branded as scip VulnDB and hosted on www.scip.ch.
- [Optimization] Changed from static web site to dynamic database (with the kind support of DukeCS).
- [Feature] Bugbase project launch by Marc Ruef.
Interested in the pricing of exploits?
See the underground prices here!