This post includes a list of public resources (e.g., databases) for vulnerability research. It also features some well-known sites that are no longer available.
- Common Vulnerabilities and Exposure (CVE)
- Exploit DB
- SecurityFocus
- National Vulnerability Database
- CISA Known Exploited Vulnerabilities Catalog
- Microsoft Security Response Center (MSRC)
- CVE Details
- Vulnerability Lab
Exploit Database (Exploit DB) is an archive of exploits for the purpose of public security, and it explains what can be found on the database.
National Vulnerability Database
National Vulnerability ( NVD ) Database by NIST.
CISA Known Exploited Vulnerabilities Catalog
The Cybersecurity & Instrastructure Security Agency (CISA) holds the CISA Known Exploited Vulnerabilities Catalog.
CISA Known Exploited Vulnerabilities Catalog official webiste
MSRC
Microsoft Security Response Center (MSRC)
CVE Details
CVE Details offers statistics about CVE.
List of Extinct Vulnerability Resources
The vulnerability resources that disappeared:
- Open Source Vulnerability Database
- SecurityFocus
- WindowsSecurity
- SecurityTracker
Open Source Vulnerability Database
Open Source Vulnerability Database is now defunct. It worked from 2002 to 2016. Its domain was osvdb.org.
It was independent an open-sourced vulnerability database.
SecurityFocus
SecurityFocus is now defunct. It worked from 2002 to 2021.
It hosted the BugTraq mailing lists.
Bugtraq was a mailing list about IT security that was started in 1993. The archive was kept, but the activity of the group stopped completely in 2021.
BugTraq at SecurityFocus Archive at Wayback Machine
WindowsSecurity.com
WindowsSecurity.com was a vulnerability resource active from 2001 to 2017.
Since 2018 the domain was redirecting to techgenix.com/security website.
Windows Security at Wayback Machine
Security Tracker
Security Tracker was a vulnerability resource active since April 2001 to November 2018
Security Tracker at Wayback Machine