Förändringslogg

12/04/2021

  • [Feature] Some users mistake their mail address as legitimate username to login. In this case a warning message informs the user about the mistake. (this was a customer request)

08/04/2021

  • [Optimization] Performance optimization for CTI country analysis (closed beta invite only at the moment). Time range analysis is now incremental which makes report generation much faster (especially for larger ranges).

31/03/2021

  • [Optimization] All listings in the personal profile do contain timestamps to make identification of single items much easier.

  • [Optimization] Completed some of the missing translations for French, Italian, Spanish, Polish, and Swedish.

  • [Optimization] Improved the handling of time format regarding country-specific definitions. The language en will show A.M. and P.M. only if the browser is also set to en-us. Otherwise the 24 hour format is used. If the language is set to fr and the browser announces fr-fr there will be the French format 12h34. The 24 hour format is also used as default for all languages without a specific definition.

30/03/2021

  • [Bugfix] Fixed a bug where some long product names, product listings and titles did not show the product name in its entirety.

  • [Optimization] In API 3.26 fixed an issue where queries for advisory_date_start, entry_timestamp_create_start, entry_timestamp_change_start, and entry_timestamp_all_start did not work properly if the request value had a trailing whitespace.

29/03/2021

  • [Feature] The personal API history does show the execution time for a request to help optimize queries. The column is shown as seconds and sortable.

  • [Feature] Added planned features in a roadmap to announce upcoming functionality. The items shown are just suggestions and might change regarding implementation and deployment. (this was a customer request)

28/03/2021

  • [Optimization] Better description of update handling, especially prioritization of new data for existing entries and update requests by customers. (this was a customer request)

  • [Optimization] Optimized the description of different commit moderation approaches. The actions for handling spam and profanity are explained in detail.

26/03/2021

  • [Bugfix] In API 2.20/3.25 the list of multiple items in software_affectedlist and software_notaffectedlist do trim trailing whitespaces correctly.

25/03/2021

  • [Optimization] Added a new community rank Guru which requires 5000 points to be reached. Therefore, Grand Master is not the highest rank anymore.

24/03/2021

  • [Feature] Introduced API 3.24 with the new request type entry_timestamp_all_start which combines new items from entry_timestamp_create_start and updated items from entry_timestamp_change_start in a single stream. (this was a customer request)

20/03/2021

  • [Optimization] Optimized speed and memory consumption of queries based on LIKE statements in search queries.

17/03/2021

  • [Feature] Documentation of the different levels used in the field exploit_exploitability shown on multiple listings on the web site. (this was a customer request)

10/03/2021

  • [Feature] Made internal changelog public to provide full transparency for our customers. Entries earlier than 2020 just show milestones and not detailed changes. (this was a customer request)

  • [Feature] Added link to changelog under support in main menu and in the footer of the page.

  • [Optimization] Updated internal quality guidance for CVSS fields during creation of new entries based on official Microsoft disclosures.

08/03/2021

  • [Optimization] Updated internal quality requirements for advisory_person_name and advisory_person_nickname fields to prevent inaccurate information during daily update procedure.

04/03/2021

  • [Optimization] Optimized limiter to prohibit crawling of view elements by non-commercial users.

  • [Optimization] Limiter uses better geolocation data to prevent malicious users from changing IP addresses to slow down detection of abuse.

03/03/2021

  • [Bugfix] Fixed a rare German translation issue in a specific sentence of some vulnerability summaries.

01/03/2021

  • [Optimization] Optimized language database for better performance.

  • [Feature] Prepared language database for upcoming translations.

28/02/2021

  • [Feature] CTI Analysis (closed-beta only) supports search strings for technology-specific research.

22/02/2021

04/02/2021

  • [Feature] Added load balancing features to handle performance peaks much better.

  • [Feature] Enabled priority module to provide high-availability for enterprise customers.

03/02/2021

  • [Optimization] Optimized normalize module to improve quality assurance of vulnerability data management.

01/02/2021

  • [Feature] Initiated preparation for port of web services to PHP8. First polyfill functions tested.

17/01/2021

  • [Bugfix] Fixed a bug where some new user submissions were shown as rejected even though they were still not processsed yet. This issue was reported by user misc.

16/01/2021

  • [Feature] Start of internal testing for CTI attribution module to identify APT group activities as such. Used by CTI team to create CTI alerts and infos for paying customers.

09/01/2021

  • [Optimization] Changed entry_timestamp_delta behavior from 7200 to 120 to keep commit grouping much smaller. Entries updated within a short period of time will pushed into the update stream to provide the most actual data to API users. (this was a customer request)

04/01/2021

  • [Optimization] Performance improvement of search engine. Early dissection will speed up some specific search requests.

  • [Optimization] Performance improvement of monoblock engine. Compilation of entries is a bit faster under certain circumstances.

08/12/2020

  • [Feature] In API 3.23 added request type cursorinit to determine ideal initial cursor position for ongoing vulnerability stream (e.g. Splunk).

04/12/2020

  • [Feature] Introduced information regarding ATT&CK. The fields are currently auto-generated and not part of the monoblock.

  • [Feature] In API 2.19/3.22 added field source_cve_cna which contains a string of the CVE Numbering Authority that assigned the CVE.

  • [Bugfix] Corrected a display bug for tooltips of CVSS fields on certain overview pages.

03/12/2020

  • [Optimization] Optimized signup flood protection to prevent malicious users from auto-generating community accounts.

26/11/2020

  • [Feature] Added enw import feature for vulnerability moderators to handle custom entries and large batches of submissions.

16/10/2020

  • [Optimization] Optimized some indexes within the database to improve performance.

09/10/2020

  • [Feature] Introduced new monoblock structure to provide more possibilities like commits, commit histories, etc.

01/05/2020

  • [Optimization] Upgrading to an extended server cluster for better performance.

17/04/2020

  • [Bugfix] In API 3.21 the field entry_timestamp_change is now always present even if the entry was just created and never updated yet. In this case it will contain the same value like entry_timestamp_create. User of the official VulDB Splunk App are advised to update to the latest release.

31/10/2019

  • [Feature] In API 3.20 added field vulnerability_name which contains a string or array a popular names of the vulnerability (e.g. Shellshock, Poodle). (this was a customer request)

13/09/2019

  • [Feature] In API 3.19 added field family entry_details_* which contain entry_details_affected, entry_details_vulnerability, entry_details_impact, entry_details_exploit, entry_details_countermeasures, and entry_details_sources. (this was a customer request)

31/08/2019

  • [Feature] In API 3.18 added field entry_replaces to display duplicates which have been replaced by this entry.

26/08/2019

  • [Feature] In API 3.17 added fields vulnerability_cvss3_basevector_vuldb and vulnerability_cvss3_tempvector_vuldb to display full VulDB CVSSv3 vectors easily.

01/07/2019

  • [Feature] Introduction of software type categories available in the field software_type. (this was a customer request)

04/06/2019

  • [Bugfix] In API 3.16 fixed value of field advisory_identifier, disabled safeguard mechanism to prevent inconsistency in result count.

01/06/2019

  • [Optimization] Updated the Data Privacy Notice to clarifying wording and added details about payment processing.

17/05/2019

  • [Feature] In API 3.15 added fields software_website_vendor and software_website_product to the output.

08/05/2019

  • [Feature] In API 3.14 requesting dedicated CVSS fields supports the official response format (e.g. vulnerability_cvss3_vuldb_basescore) and the legacy format (e.g. vulnerability_cvss3_basescore_vuldb). The legacy format will be dropped in a future major release of the API.

17/04/2019

  • [Feature] In API 1.8/2.18/3.13 added field software_cpe23 which introduces full CPE 2.3 support whereas software_cpe is still providing CPE 2.2 data. (this was a customer request)

04/03/2019

  • [Feature] In API 1.7/2.17/3.12 added fields entry_locked_status and entry_locked_reason to inform about entries undergoing update and review processes (they might change soon).

01/03/2019

  • [Feature] Introduction of the C3BM Index (CVSSv3 Base Meta Index) based on CVSS data of multiple sources.

20/02/2019

  • [Optimization] In API 1.6/2.16/3.11 improved speed, reliability and accuracy of updates queries.

06/02/2019

  • [Feature] In API 3.10 added request parameter offset to set a starting point for results (pagination). (this was a customer request)

01/02/2019

  • [Optimization] Reached the 10.000th community user. Congratulations!

18/01/2019

  • [Feature] In API 3.9 added field software_type.

11/01/2019

  • [Feature] In API 3.8 VulDB CVSSv3 scores use AI-driven autocomplete based on historical data and additional sources. The field vulnerability_cvss3_vuldb_confidence indicates the confidence of the vectors. (this was a customer request)

08/01/2019

  • [Bugfix] In API 1.5/2.15/3.7 field software_component is not returning multiple fields anymore to prevent parsing errors.

01/01/2019

  • [Feature] Enabling real-time views of recent and updated entries. You are now able to see the moderation time at work.

13/12/2018

  • [Feature] In API 1.4/2.14/3.6 requesting details without unlocked archive access will warn in field entry_warning about limitation. (this was a customer request)

01/10/2018

  • [Feature] Launch of Video Tutorial Series on YouTube to introduce new users to the capabilities of the service. (this was a customer request)

01/09/2018

  • [Feature] Release of official Splunk App which is available on Splunkbase for free. Commercial or enterprise license is recommended. (this was a customer request)

06/08/2018

  • [Feature] In API 3.5 support for the queries advisory_date_start, entry_timestamp_create_start, entry_timestamp_change_start.

12/06/2018

  • [Bugfix] In API 2.13/3.4 fixed enforcement of querylimit for details=0 queries. This issue was reported by user portal. (this was a customer request)

11/06/2018

06/06/2018

  • [Bugfix] In API 1.3/2.12/3.2 fixed wrong values in response_remaining (calculation was correct, value shown was wrong). This issue was reported by user portal. (this was a customer request)

04/06/2018

  • [Bugfix] In API 1.2/2.11/3.1 fixed default sort order of recent and updates requests.

18/05/2018

  • [Feature] Introduced API 3.0, which moved vulnerability_cpe to software_cpe. (this was a customer request)

15/05/2018

  • [Feature] In API 2.10 added software_affectedlist and software_notaffectedlist.

  • [Feature] In API 2.10 added vulnerability_risk (also shown in non-detail responses).

14/05/2018

  • [Optimization] In API 2.9 added detailed error messages regarding API key problems (missing, wrong, unknown, valid). (this was a customer request)

  • [Optimization] In API 2.9 enterprise customers have performance priority over free users.

08/05/2018

  • [Feature] In API 2.8 the field entry_title does not show CVE anymore.

  • [Feature] In API 2.8 added fields vulnerability_timeline, countermeasure_reactiondays, countermeasure_0daydays, countermeasure_exposuredays, and countermeasure_exploitdelaydays.

07/05/2018

  • [Feature] In API 2.7 added support for request type topsoftware. (this was a customer request)

01/05/2018

01/04/2018

22/03/2018

  • [Feature] Working on a proof-of-concept to use Alexa as a gateway to work with vulnerability data. (this was a customer request)

22/01/2018

  • [Feature] Upgrade to API 2.0. Response contains three elements (request, response, result) instead just the results.

16/09/2017

02/06/2017

01/06/2017

  • [Feature] Introduction of dynamic graphs shown in different views.

19/05/2017

16/05/2017

  • [Bugfix] Fixed a display issue on the frontpage. Under certain circumstances new items were not shown as bold.

28/04/2017

  • [Feature] Added dynamic charts in the results overview of web searches.

21/04/2017

  • [Feature] Added dynamic charts of all kind of overview pages.

10/04/2017

  • [Feature] Created an About page which explains the history of our vulnerability service.

01/04/2017

  • [Feature] Added the 100.000th entry to the database. Check the stats for more details. Congratulations!

22/03/2017

  • [Feature] Vulnerability entries flagged as false-positive do now highlight this fact on their pages (title and introduction). (this was a customer request)

21/03/2017

  • [Feature] Introduced data for OVAL and IAVM. Completed all existing entries with appropriate data.

23/02/2017

  • [Feature] Supporting CVSS scores from multiple sources (VulDB, vendor, researcher, NVD). (this was a customer request)

13/02/2017

  • [Optimization] Optimized the indexing of the database to improve search performance.

01/02/2017

20/01/2017

  • [Optimization] Optimized performance by using specific features and configuration settings in PHP7.

18/01/2017

  • [Feature] Added an advanced search on the web site to improve specific search capabilities.

01/01/2017

  • [Feature] Start open beta of community edition.

20/12/2016

  • [Feature] Introduced Bug of the Day on the front page. One of the more serious or interesting issues of the recent days is shown every day.

19/12/2016

  • [Optimization] Redesign of the front-page with a slick layout and better data accessibility.

16/12/2016

  • [Feature] Implemented a module to detect loss of data integrity on the service.

01/12/2016

  • [Feature] Introduction of public API to provide vulnerability for automated processing. (this was a customer request)

08/11/2016

  • [Optimization] Optimization of database table structures to gain more flexibility and performance.

07/11/2016

  • [Feature] Implementation of Content Security Policy (CSP) to improve web security of the service.

02/11/2016

  • [Feature] It is now possible to upvote comments for vulnerability entries. Upvoted comments are shown on top of the list.

01/11/2016

  • [Feature] Start closed beta of community edition.

26/10/2016

  • [Feature] Editing a section of a vulnerability will automatically jump to the correct section of the edit form.

25/10/2016

  • [Feature] Existing vulnerability entries can now be edited immediately by members of the moderation team.

14/10/2016

  • [Feature] Enhanced the existing cache module to allow caching of database queries and results.

11/10/2016

  • [Feature] Every user account has now a profile.

  • [Feature] Registered users are able to tweak their own configuration of the service.

10/10/2016

  • [Feature] Registered users are able to see history of vulnerability entries they have been viewing earlier.

07/10/2016

  • [Feature] Registered users are able to gain community points with activities to get a higher ranking on the site.

06/10/2016

05/10/2016

  • [Feature] Users accessing ressources which require an authentication receive a proper error message.

04/10/2016

  • [Feature] Users are able to reset their password via email (password recovery).

03/10/2016

  • [Feature] Logins with a new device or from an unknown source will inform the account holder about the potentially suspicious login. New devices are stored and shown in the personal device management overview. (this was a customer request)

24/06/2016

  • [Feature] Added a limiter to prevent malicious users from scraping our data without authorization.

22/06/2016

  • [Feature] Added full support for CVSSv3. (this was a customer request)

01/10/2016

05/07/2016

  • [Optimization] Performance optimization for all web views.

30/06/2016

  • [Feature] Some statistical data is now stored in a centralized table which allows them to be shown on multiple places without new calculations every time.

02/05/2016

  • [Feature] Support for data fields of Tenable Nessus.

29/04/2016

  • [Optimization] Optimize redirects of RSSS feed requests.

27/04/2016

  • [Feature] Some data points are now shown in bubbles.

  • [Optimization] Introduced a new site footer.

14/04/2016

  • [Optimization] Complete rewrite of the search engine to provide better matches and optimized performance.

06/04/2016

  • [Optimization] Optimization of HTML code to make pages smaller and faster to download and render.

04/04/2016

  • [Bugfix] Fixed a bug or slow indexes which improved the performance of vulnerability display a lot.

01/04/2016

  • [Feature] Introduction of new summaries and descriptions with more data enrichment.

  • [Optimization] Performance optimization.

14/03/2016

  • [Feature] Introducing Chart.js to generate dynamic charts.

11/03/2016

  • [Optimization] Establish VulDB as independent service to gain more flexibility.

23/02/2016

  • [Optimization] Migration to new hardware.

17/02/2016

  • [Optimization] Renaming the Twitter handle from scipvulbot to "vuldb"https://twitter.com/vuldb.

19/01/2016

  • [Feature] Enhancing statistical overview to provide previews and forecasts based in historical data.

  • [Feature] Creating new text for different pages and sub-pages.

01/12/2015

  • [Optimization] Adding caching modules to improve site performance. Caching is possible per site and file. (this was a customer request)

20/11/2015

  • [Optimization] Increasing update frequency of existing entries. (this was a customer request)

19/08/2015

  • [Bugfix] Corrected the listing of multiple authors of a vulnerability.

07/08/2015

  • [Optimization] More performance optimization of database queries.

03/08/2015

  • [Optimization] Performance optimization of database queries.

10/07/2015

  • [Feature] Introduction of Top 5 lists.

07/07/2015

  • [Feature] Adding Qualys data to vulnerability entries.

  • [Feature] Adding SecurityCenter data to vulnerability entries.

09/03/2015

  • [Feature] Introduction of new queue for vulnerability processing by mod team.

25/02/2015

  • [Optimization] Optimization of all X-Force data import and display.

03/02/2015

  • [Optimization] Optimizaton of summaries and descriptions of vulnerability entries.

08/01/2015

  • [Optimization] Optimization of version descriptions of vulnerability entries.

24/06/2014

  • [Feature] Approaching backlog of old entries before 2003 with vulnerabilities ranging back to 1988. (original announcement) (this was a customer request)

26/05/2014

  • [Feature] Introduction of the "see also" hint which lists entries with are connected or similar.

17/04/2014

  • [Feature] Adding a field to declare the date of the introduction of a vulnerability.

27/03/2014

  • [Optimization] Optimization of queuing of new vulnerabilities to better prioritize processing.

20/03/2014

  • [Feature] Added language support for Polish. (this was a customer request)

14/03/2014

  • [Optimization] Database index optimization.

07/03/2014

  • [Optimization] Optimizing collision detection during the processing of new entries.

10/02/2014

  • [Optimization] Optimizing summaries regarding sources of vulnerability entries.

29/01/2014

  • [Optimization] Added helper for vulnerability moderation team to determine arguments of attacks faster and more reliable.

28/01/2014

  • [Optimization] Optimizing summaries regarding code samples.

23/01/2014

  • [Optimization] Optimizing helper for vulnerability moderation team to complete new and existing entries with additional data. This increases data quality drastically.

14/01/2014

  • [Bugfix] Fixed a bug where sometimes summaries and descriptions did contain spaces twice instead of once. This was just a problem in the HTML source code and not on the rendered web site.

09/01/2014

  • [Optimization] Added helper for vulnerability moderation team to determine keywords which shall be used within the title of a vulnerability entry.

19/12/2013

  • [Optimization] Optimizing the autocomplete feature to update new entries with historical data.

06/11/2013

  • [Optimization] Optimizing the pre-parser to handle import of new vulnerability entries.

22/10/2013

  • [Optimization] Changing the algorithm to calculate the current threat level.

21/10/2013

  • [Optimization] Changing the algorithm to calculate the risk rating of vulnerability entries.

18/10/2013

  • [Feature] Adding the support for OpenVAS data.

17/10/2013

  • [Feature] Introducing the threat level to show an indicator for the current vulnerability landscape.

03/10/2013

  • [Feature] Adding the possibility to add a custom word to the title to provide more details on first sight.

01/10/2013

  • [Feature] Establishing a background updater which handles entries which need to be updated without interfering with the manual work of the moderation team.

  • [Optimization] Enhancement of the review procedure of CVE entries pushed by MITRE to improve processing and quality.

13/09/2013

12/09/2013

  • [Optimization] Completing all existing entries with Secunia data.

11/09/2013

  • [Feature] Introducing risk maps to provide easy comparability between risk ratings of different sources.

10/09/2013

  • [Feature] Introducing support for Secunia data as a source.

  • [Feature] Introducing support for IBM X-Force data as a source.

23/08/2013

12/08/2013

09/08/2013

  • [Feature] Adding support for a wide variety of new data fields.

05/07/2013

  • [Optimization] Enhancement of the review procedure of Nessus entries.

28/06/2013

  • [Optimization] Optimizing the plausability checks during vulnerability moderation to prevent contradicting and wrong data.

19/06/2013

  • [Feature] Added support for CPE to better identification of products.

11/06/2013

  • [Optimization] Updating large quantities of vulnerabilities is now improved thanks to incremental updates.

03/06/2013

  • [Feature] Added support for screenshots per entries to illustrate attacks and countermeasures. (original announcement)

  • [Feature] Added support to embed external videos per entries to illustrate attacks and countermeasures. Videos can be hosted at YouTube and Vimeo. (original announcement)

31/05/2013

  • [Feature] Added the capability to add quotes from advisories to enrich entries.

  • [Feature] Added the capability to add links to videos for a vulnerability.

29/04/2013

11/04/2013

  • [Feature] Added the capability to list multiple different products in an affected list. This is done additionally to the main product that is affected by a vulnerability.

04/04/2013

  • [Optimization] Enhanced input validation mechanism during vulnerability management to prevent mistakes regarding vendor/product definitions.

28/03/2013

  • [Optimization] Optimization of logging and tracking of queued items processed by the moderation team.

19/03/2013

  • [Optimization] Optimized input validation mechanisms during vulnerability management.

  • [Feature] Added input validation mechanisms during vulnerability management.

09/01/2013

  • [Bugfix] Fixed an issue in the database. This did only affect moderation of vulnerabilities and was not reflected on the user-side of the service.

21/12/2012

  • [Feature] Added a feature to normalize terms between different vulnerability entries.

26/11/2012

  • [Optimization] Prepared the support for Milw0rm data for entries with an ID up to 50000.

31/10/2012

15/10/2012

01/10/2012

  • [Feature] Added language support for Spanish. (original announcement) (this was a customer request)

  • [Bugfix] Fixed an upload problem of new entries into the database.

24/09/2012

04/07/2012

  • [Feature] Migrating all available data from NASLDB.

18/06/2012

  • [Feature] Added language support for Italian. (original announcement) (this was a customer request)

  • [Bugfix] Fixed a problem in the German module responsible to handle umlauts.

05/06/2012

  • [Optimization] Optimizing the autocomplete feature to update new entries with historical data.

10/04/2012

  • [Bugfix] Fixed a problem during the display of archive data.

13/03/2012

  • [Feature] Added support for better linking to external sources.

09/03/2012

  • [Optimization] Added new categories/keywords in the existing RSS feeds.

08/03/2012

  • [Feature] Added the calculation of the exposure time which measures the time of the disclosure and the mitigation possibilities of a vulnerability.

  • [Optimization] Reviewed all available data of OSVDB.

06/03/2012

  • [Feature] Added support to show images of vendors/products.

  • [Feature] Added support for Google dorks to find issues very quickly.

  • [Optimization] Optimization of summaries and descriptions.

05/03/2012

  • [Optimization] Performance optimization.

02/03/2012

  • [Optimization] Performance optimization.

01/12/2010

  • [Optimization] Move to more powerful hardware due to increase in access.

08/03/2010

10/02/2010

08/02/2010

  • [Feature] Adding the alert info on top of the site to show the most recent vulnerability with the highest emergency rating.

02/02/2010

16/12/2009

27/10/2009

03/09/2009

25/08/2009

  • [Feature] Completing existing entries with mast actual data. This includes but is not limited to CVE, Secunia, SecurityTracker, vendor, and confirmation details. (original announcement)

01/08/2009

  • [Feature] Introduction of recurring update processes.

26/06/2009

  • [Optimization] Optimization of existing RSS feeds by adding summaries and categories. (original announcement)

23/06/2009

01/07/2006

19/05/2004

01/01/2004

  • [Feature] Introduction of Emergency-SMS notification service.

19/12/2003

18/11/2003

01/03/2003

  • [Feature] Bugbase is completely re-written in Perl and uses a dedicated backend for vulnerability moderation to gain more flexibility.

  • [Optimization] Bugbase is re-branded as scip VulnDB and hosted on www.scip.ch.

01/09/2002

  • [Optimization] Changed from static web site to dynamic database (with the kind support of DukeCS).

01/01/1997

  • [Feature] Bugbase project launch by Marc Ruef.

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!