Working on a prototype for collaborative CPE editing, including relationship handling. It is starting to come together, and I see a lot of potential in extending the CPE format to make it more useful.
Maybe join me at hackathon.lu if you want to be part of this.
VulnMCP can now leverage multiple skills to classify vulnerability descriptions written in English, Russian, or Chinese.
https://github.com/vulnerability-lookup/VulnMCP
#AI #Orchestration #NLP #MCP #VulnerabilityLookup #Vulnerability #CVE #GCVE #Agentic #Python #OpenSource #Transformers
Just submitted - “GCVE Backstage: BCPs, Tooling, and Hackathon Opportunities” for hackathon.lu to show what can be done during the hackathon with the GCVE.eu project.
If you want a voucher to join the hackathon, let me know.
For hackathon.lu, I was initially unsure what my main project would be, but I ultimately decided to focus on implementing the future GCVE BCP-10.
GCVE-BCP-10: Improved Common Platform Enumeration for GCVE
The idea is combine it with the cpe-guesser and have a registry to facilitate the interaction with the CPE values to handle vendor and product references.
#gcve #cve #cpe #opensource #cybersecurity
🔗 Draft https://discourse.ossbase.org/t/gcve-bcp-10-improved-common-platform-enumeration-for-gcve/1042
🔗 Hackathon https://hackathon.lu/
GCVE-BCP-10: Improved Common Platform Enumeration for GCVE Document ID: GCVE-BCP-10 Title: Improved Common Platform Enumeration for GCVE Status: Draft Category: Best Current Practice Updates: CPE-compatible naming and match semantics Author: GCVE.eu Intended use: Platform and product identification, applicability matching, vendor management, and synonym handling in the GCVE ecosystem Abstract This document specifies an improved platform enumeration format for GCVE. The format is intentionally ...
The GCVE project team will be at the Hackathon in Luxembourg on April 14–15, 2026, to present the project and collaborate on its future.
We’d be delighted to welcome anyone interested in joining us and contributing to the future of GCVE.
https://hackathon.lu/projects/#gcve
VulnMCP is an MCP server built with FastMCP that provides AI clients, chat agents, and other automated systems with tools for vulnerability management. It offers modular "skills" that can be easily extended or integrated, enabling intelligent analysis and automated insights on software vulnerabilities.
A new component in the galaxy of tooling of vulnerability-lookup.
Thanks to @cedric who is becoming an orchestrator for many AI tools nowadays.
#cve #gcve #vulnerability #vulnerabilitymanagement #opensource #ai #mcp #vulnerabilitylookup
A modular MCP providing AI-driven vulnerability management skills, including severity classification and automated insights. - vulnerability-lookup/VulnMCP
cpe-guesser 2.0 released - Multi-Source CPE Imports, Better Ranking, and Greater Autonomy Beyond NVD
Version 2.0 brings major improvements to CPE import, ranking, and CVE v5 data handling. This release focuses on better import performance, broader format support, improved search relevance, and more robust indexing for vendor and product matching.
A notable change in this release is that cpe-guesser is no longer limited to NVD as its only practical CPE source. In addition to the NVD feeds, it can also leverage the Vulnerability-Lookup dump available at https://vulnerability.circl.lu/dumps/ , providing additional CPE sources and more autonomy from the previously NVD-only source model.
This release lays an important foundation for improving the GCVE ecosystem, especially by strengthening vendor and product references through better CPE source diversity, indexing, and matching capabilities. If you have ideas for further improvements, additional data sources, or better ways to refine vendor and product identification, we would be very happy to hear your feedback.
https://www.vulnerability-lookup.org/2026/03/22/cpe-guesser-2.0-released/
https://github.com/vulnerability-lookup/cpe-guesser
#gcve #cve #opensource #cpe #vulnerability #vulnerabilitymanagement
gcve-eu-kev updated — a CISA KEV and ENISA CNW/EUVD to GCVE BCP-07 converter.
It now also includes a generic RSS/Atom exporter for any GCVE KEV BCP-07 feed.
#cybersecurity #gcve #kev #cve #vulnerability #vulnerabilitymanagement
🔗 https://github.com/gcve-eu/gcve-eu-kev
🔗 https://gcve.eu/bcp/gcve-bcp-07/
With the recent integration of CERT-VDE’s CSAF advisories, it becomes even clearer why diverse vulnerability data sources are essential.
CSAF delivers direct vendor remediation information, and when correlated with the CVE Program , it highlights how important federation and data correlation are for remediation efforts and vulnerability management as a whole. (See example below)
🔗 https://db.gcve.eu/vuln/vde-2025-066
#gcve #cve #vulnerabilitymanagement #cybersecurity #opensource
A new pull request for Vulnerability-Lookup adds a CSAF producer that publishes advisories for many manufacturers.
This is great for defenders and researchers, as it increases the amount of detailed vulnerability information available.
It will push the number of ingested feeds to more than 50 unique sources, highlighting the growing diversity of our data sources.
If someone tells you there is a single source of truth for vulnerability information, they’re ignoring the reality: vulnerability intelligence comes from many different sources.
Thanks to @rafi0t for the continuous work on adding CSAF and feeds to vulnerability-lookup
#gcve #cve #cybersecurity #csaf #vulnerability #opendata #opensource
🔗 The new PR with many new CSAF sources https://github.com/vulnerability-lookup/vulnerability-lookup/pull/348
🔗 The open source vulnerability-lookup software https://www.vulnerability-lookup.org/
🔗 GCVE instance https://db.gcve.eu/
Alexandre Dulaunoy
Cedric
gcve.eu