This post includes a list of public resources (e.g., databases) for vulnerability research. It also features some well-known sites that are no longer available.
- Common Vulnerabilities and Exposure (CVE)
- NVD
- EUVD
- CISA Known Exploited Vulnerabilities Catalog
- ExploitDB
- SecurityFocus
- Microsoft Security Response Center (MSRC)
- CVE Details
- Vulnerability Lab
CVE
Common Vulnerabilities and Exposure (CVE) is managed by MITRE.
CVE is funded by the USA public organization CISA.
The CVE Foundation was founded in 2025 to reduce the government dependency.
NVD
National Vulnerability Database (NVD) is aimed to the USA public sector. It is managed by NIST.
EUVD
European Union Vulnerability System (EUVD) is maintained by ENISA.
It is created under the NIS2 Directive. It was announced in June 2024.
CISA Known Exploited Vulnerabilities Catalog
The Cybersecurity & Instrastructure Security Agency (CISA) holds the CISA Known Exploited Vulnerabilities Catalog.
CISA Known Exploited Vulnerabilities Catalog official webiste
Exploit DB
Exploit Database (Exploit DB) isĀ an archive of exploits for the purpose of public security, and it explains what can be found on the database.
MSRC
Microsoft Security Response Center (MSRC)
CVE Details
CVE Details offers statistics about CVE.
List of Extinct Vulnerability Resources
The vulnerability resources that disappeared:
- Open Source Vulnerability Database
- SecurityFocus
- WindowsSecurity
- SecurityTracker
Open Source Vulnerability Database
Open Source Vulnerability Database is now defunct. It worked from 2002 to 2016. Its domain was osvdb.org.
It was independent an open-sourced vulnerability database.
SecurityFocus
SecurityFocus is now defunct. It worked from 2002 to 2021.
It hosted the BugTraq mailing lists.
Bugtraq was a mailing list about IT security that was started in 1993. The archive was kept, but the activity of the group stopped completely in 2021.
BugTraq at SecurityFocus Archive at Wayback Machine
WindowsSecurity.com
WindowsSecurity.com was a vulnerability resource active from 2001 to 2017.
Since 2018 the domain was redirecting to techgenix.com/security website.
Windows Security at Wayback Machine
Security Tracker
Security Tracker was a vulnerability resource active since April 2001 to November 2018
Security Tracker at Wayback Machine