Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

EU cybersecurity agency’s vulnerability database goes live

(NoName 13 / Pixabay)

The European Union Agency for Cybersecurity (ENISA) has developed the European Vulnerability Database (EUVD), which is now operational.

The database provides aggregated, reliable, and actionable information such as mitigation measures and exploitation status on cybersecurity vulnerabilities affecting Information and Communication Technology (ICT) products and services.

The objective of the EUVD is to ensure a high level of interconnection of publicly available information coming from multiple sources such as CSIRTs, vendors, as well as existing databases. As an interconnected database the EUVD enables the correlation of vulnerabilities by facilitating the open-source software Vulnerability-Lookup for cybersecurity risk management.

The database is accessible to the public at large to consult information related to vulnerabilities impacting IT products and services. It is also addressed to suppliers of network and information systems and entities using their services. Documented information in the EUVD is also intended for competent national authorities such as the EU CSIRTs network as well as private companies and researchers.

The aggregated information of the database is displayed through dashboards. The EUVD offers three dashboard views: for critical vulnerabilities, for exploited ones and for EU coordinated ones. The EU Coordinated Vulnerabilities lists the vulnerabilities coordinated by European CSIRTs and includes the members of the EU CSIRTs network.

The collected and referenced vulnerability information comes from open-source databases. Additional information is added via advisories and alerts issued by national CSIRTs, mitigation and patching guidelines published by vendors, together with exploited vulnerability markings. EUVD data records may include a description of the vulnerability; ICT products or ICT services affected and/or affected versions, the severity of the vulnerability and how it could be exploited; information of existing relevant available patches or guidance provided by competent authorities including CSIRTs, and addressed to users on how to mitigate risks.

ENISA said that the remainder of 2025 will be dedicated to further improve and develop the EUVD and all related services. The agency is gathering feedback for this purpose.

Read more at ENISA

Click to listen highlighted text!