This post includes a list of public resources (e.g., databases) for vulnerability research. It also features some well-known sites that are no longer available.
List of resources for Vulnerability Research
These are the resources listed on this post:
- Common Vulnerabilities and Exposure (CVE)
- Exploit Database
- SecurityFocus
- National Vulnerability Database (NVD)
- Common Vulnerability Scoring System (CVSS)
- Microsoft Security Response Center (MSRC)
Common Vulnerabilities and Exposure (CVE)
Common Vulnerabilities and Exposure (CVE) is an online list of vulnerabilities identifiers.
Exploit Database
National Vulnerability Database (NVD)
National Vulnerability Database (NVD) is the US Government vulnerability database. It is managed by NIST.
Common Vulnerability Scoring System (CVSS)
https://nvd.nist.gov/vuln-metrics/cvss
Common Vulnerability Scoring System (CVSS) is an standard that provides an open framework for communicating the characteristics and severity of IT vulnerabilities. You can find more about it on this NIST link.
Microsoft Security Response Center (MSRC)
https://www.microsoft.com/en-us/msrc
Microsoft Security Response Center is the report to report vulnerabilities on Microsoft product.
MSRC does not hold a database on its own, but uses CVE instead. Microsoft’s CVE vulnerabilities are listed on the Security Update Guide.
Microsoft develops its Microsoft Vulnerability Research (MSVR) program. It is designed to help improve the security ecosystem as a whole through the sharing of knowledge and best practices.
Security Magazine
Help Net Security
HackerStorm
SC Magazine
Computerworld
WindowsSecurity
CVE Details
Security Tracker
Vulnerability Lab
D’Crypt
Trend Micro
Rapid7
Dark Reading
List of Disappeared Vulnerability Resources
The vulnerability resources that disappeared:
- Open Source Vulnerability Database (OSVDB)
- SecurityFocus
Open Source Vulnerability Database (OSVDB)
http://www.osvdb.org
Now defunct. It worked from 2002 to 2016.
It was independent an open-sourced vulnerability database.
SecurityFocus
https://www.securityfocus.com
Now defunct. It worked from 2002 to 2021.
It hosted the BugTraq mailing lists.