US Flag Official website of the Department of Homeland Security
U.S. Department of Homeland Security Seal. Software and Supply Chain Assurance. Community Resources and Information Clearinghouse (CRIC).

Exploit and Vulnerability Databases

NATIONAL VULNERABILITY DATABASE (NVD) VERSION 2.2

NVD is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). These data enable automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics. NVD contains content (and pointers to tools) for performing configuration checking of systems implementing the Federal Desktop Core Configuration settings (FDCC) using the SCAP.FDCC Checklists are available (to be used with SCAP FDCC capable tools), and SCAP FDCC Capable Tools are available. Other NVD resources include:

OPEN SOURCE VULNERABILITY DATABASE (OSVDB)

The OSVDB is an independent and open source database created by and for the community—its goal is to provide accurate, detailed, current, and unbiased technical information. The database covers more than 66,700 vulnerabilities, spanning more than 27,730 products from more than 4,730 researchers, over 45 years. The HackerStorm website http://www.hackerstorm.com was originally created for OSVDB and has additional information, including news and alerts feeds conveniently located in one place to help with vulnerability research. It includes tutorials for penetration testing with various tools.

EXPLOIT DATABASE (EDB)

EDB is an archive of exploits and vulnerable software that serves as a resource for penetration testers, vulnerability researchers, and security addicts alike. The aim of EDB is to collect exploits from submittals and mailing lists and concentrate them in one, easy-to-navigate database. EDB also hosts the Abysssec Security Team’s Month Of Abysssec Undisclosed Bugs (MOAUB)—a collection of 0days, web application vulnerabilities, and detailed binary analysis (and pocs) for recently released advisories by vendors. The 0day collection includes PoCs and Exploits. The MOAUB is updated on a daily basis. Follow both exploit-db and Abysssec twitter feed to keep updated!

Back to Top