cpe-guesser 2.0 released - Multi-Source CPE Imports, Better Ranking, and Greater Autonomy Beyond NVD

Version 2.0 brings major improvements to CPE import, ranking, and CVE v5 data handling. This release focuses on better import performance, broader format support, improved search relevance, and more robust indexing for vendor and product matching.

A notable change in this release is that cpe-guesser is no longer limited to NVD as its only practical CPE source. In addition to the NVD feeds, it can also leverage the Vulnerability-Lookup dump available at https://vulnerability.circl.lu/dumps/ , providing additional CPE sources and more autonomy from the previously NVD-only source model.

This release lays an important foundation for improving the GCVE ecosystem, especially by strengthening vendor and product references through better CPE source diversity, indexing, and matching capabilities. If you have ideas for further improvements, additional data sources, or better ways to refine vendor and product identification, we would be very happy to hear your feedback.

https://www.vulnerability-lookup.org/2026/03/22/cpe-guesser-2.0-released/

https://github.com/vulnerability-lookup/cpe-guesser

@circl
@gcve

#gcve #cve #opensource #cpe #vulnerability #vulnerabilitymanagement

gcve-eu-kev updated — a CISA KEV and ENISA CNW/EUVD to GCVE BCP-07 converter.

It now also includes a generic RSS/Atom exporter for any GCVE KEV BCP-07 feed.

@gcve

#cybersecurity #gcve #kev #cve #vulnerability #vulnerabilitymanagement

🔗 https://github.com/gcve-eu/gcve-eu-kev
🔗 https://gcve.eu/bcp/gcve-bcp-07/

With the recent integration of CERT-VDE’s CSAF advisories, it becomes even clearer why diverse vulnerability data sources are essential.

CSAF delivers direct vendor remediation information, and when correlated with the CVE Program , it highlights how important federation and data correlation are for remediation efforts and vulnerability management as a whole. (See example below)

🔗 https://db.gcve.eu/vuln/vde-2025-066

#gcve #cve #vulnerabilitymanagement #cybersecurity #opensource

@circl
@gcve
@CVE_Program

A new pull request for Vulnerability-Lookup adds a CSAF producer that publishes advisories for many manufacturers.

This is great for defenders and researchers, as it increases the amount of detailed vulnerability information available.

It will push the number of ingested feeds to more than 50 unique sources, highlighting the growing diversity of our data sources.

If someone tells you there is a single source of truth for vulnerability information, they’re ignoring the reality: vulnerability intelligence comes from many different sources.

Thanks to @rafi0t for the continuous work on adding CSAF and feeds to vulnerability-lookup

#gcve #cve #cybersecurity #csaf #vulnerability #opendata #opensource

🔗 The new PR with many new CSAF sources https://github.com/vulnerability-lookup/vulnerability-lookup/pull/348
🔗 The open source vulnerability-lookup software https://www.vulnerability-lookup.org/
🔗 GCVE instance https://db.gcve.eu/

@gcve
@cedric

Publishing Vulnerability Information with GCVE

With GCVE, publishing vulnerability information can be done in three straightforward steps.

#gcve #vulnerabilitymanagement #vulnerability #cybersecurity

🔗 https://gcve.eu/publishing-vulnerability-information/

We have scheduled the community meetings for March 2026. This is where you meet fellows working with the same issues, discuss and help us set our priorities for the project.

Register for free here: https://www.gvip-project.org/community/

#CVE #gcve #NVD #EUVD #CWE #CVSS #EPSS

The GCVE.eu initiative will take part in hackathon.lu (14–15 April, Luxembourg), alongside core developers of GCVE-related projects. See you there to build, experiment, and collaborate!

#gcve #cve #opensource #openstandard #hackathon

🔗 https://hackathon.lu

@gcve
@circl

🚀 CodeClarity v0.0.25-alpha released!

New in this version:
• Starting our GCVE journey — now fetching vulnerability data from cvelistv5 hosted by CIRCL
• Archive upload — import projects from .zip archives, no git repo required
• Smarter vuln detection — fewer false positives, multi-language analysis

Coming soon: Beta release!

🦉 Open-source alternative to Snyk & Checkmarx
🌐 www.codeclarity.io

#OpenSource #CyberSecurity #DevSecOps #InfoSec #FOSS #AppSec #GCVE #SCA #VulnerabilityManagement

db.gcve.eu updated with Vulnerability-Lookup 4.0: Enabling Federated Vulnerability Intelligence

The GCVE project is pleased to announce a major update of the platform. The service is now running the latest version of Vulnerability-Lookup (4.0), introducing federated synchronisation capabilities that significantly expand how vulnerability intelligence can be shared, enriched, and consumed across organisations.

🔗 https://gcve.eu/2026/02/17/db-gcve-eu-updates-2026/

#gcve #cve #cvd #opensource

The past six weeks have been an important milestone for the GCVE.eu initiative. What started as an experiment in decentralized vulnerability identification and coordination continues to evolve into a mature ecosystem supported by standards, implementations, and a rapidly growing community.

BCP-07 published and already implemented. BCP-06 published. Many ongoing activities for GCVE.

🔗 https://gcve.eu/2026/02/15/what-s-new-2026-02-15/

#gcve #cve #vulnerabilitymanagement #vulnerability #cybersecurity

@circl