VulDB is an open database which allows the edits from users all over the world. The edit of a single field is called a commit and introduces a wide variety of additional possibilities.


All edits are reviewed by selected moderators which allows us to guarantee the desired level of data quality and accuracy. A new commit might be processed like this:

  • If a commit is correct and can be validated, it is accepted and will be published to the official entry.
  • If a commit is partially incorrect (e.g. wording, wrong data field selected), it is corrected by a moderator.
  • If a commit could not be verified entierly, it is published with a low confidence score and/or addition comment.
  • If a commit is wrong (e.g. could not be verified, wrong data, spam), it is rejected with a comment. The values of rejected commits containing spam or profanity are set to invisible.

Time Variance

VulDB is the only vulnerability database providing time variance. All commits are stored in the database and can be reviewed. This makes it possible to show commit histories and diffs of different versions of an entry. Vulnerability historians, investigating administrators and penetrations testers use this feature to understand the lifecycle of a vulnerability. It is possible to change the view during display of a vulnerability entry.

Interested in the pricing of exploits?

See the underground prices here!