# Vulnerability-Lookup
::::{only} html
[](https://github.com/vulnerability-lookup/vulnerability-lookup/releases/latest)
[](https://github.com/vulnerability-lookup/vulnerability-lookup/blob/main/LICENSE.md)
[](https://github.com/vulnerability-lookup/vulnerability-lookup/stargazers)
[](https://github.com/vulnerability-lookup/vulnerability-lookup/graphs/contributors)
::::
```{toctree}
:caption: Architecture
:maxdepth: 3
:hidden:
architecture
webservice
streaming
fulltextsearch
```
```{toctree}
:caption: Installation & Operations
:maxdepth: 3
:hidden:
prerequisites
installation
update
command-line-interface
```
```{toctree}
:caption: Configuration
:maxdepth: 3
:hidden:
notification
sync
logging
performance-tuning
```
```{toctree}
:caption: Usage
:maxdepth: 3
:hidden:
feeds
api-v1
```
```{toctree}
:caption: Community
:maxdepth: 3
:hidden:
contributing
```
## Overview
[Vulnerability-Lookup](https://www.vulnerability-lookup.org) facilitates quick correlation of vulnerabilities
from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD).
Vulnerability-Lookup is also a collaborative platform where users can comment on security advisories and create bundles.
A public instance operated by [CIRCL](https://www.circl.lu) is available at .
[GCVE](https://www.gcve.eu) is also running a Vulnerability-Lookup instance at [https://db.gcve.eu](https://db.gcve.eu).
## Features
**Data ingestion and correlation**
- **Feeders**: Modular ingestion framework to import vulnerabilities from multiple sources. Default feeders are bundled and enabled out of the box.
- **Global CVE Allocation System**: Native integration with the [GCVE](https://gcve.eu).
- **EPSS**: Integration with the Exploit Prediction Scoring System for improved risk prioritization.
- **Full-text search**: Optional full-text indexing across all ingested vulnerability data.
**Vulnerability management**
- **CVD process**: End-to-end management of **Security Advisories** and [Coordinated Vulnerability Disclosures](https://www.circl.lu/pub/coordinated-vulnerability-disclosure).
- **Local sources**: Support for adding instance-specific, custom vulnerability sources.
- **KEV catalogs**: Per-instance management with synchronization of remote KEV catalogs (e.g. ENISA, CISA).
**Collaboration and tracking**
- **Sightings**: Record and track vulnerability observations, including *seen*, *exploited*, *not exploited*, *confirmed*, *not confirmed*, *patched*, and *not patched*.
- **Comments**: Add, review, and share analyst notes on advisories.
- **Bundles**: Group related vulnerability advisories with contextual descriptions for easier tracking and analysis.
- **Watchlists**: Monitor vulnerabilities affecting specific products and receive email notifications.
**Integration and distribution**
- **API**: Fast and comprehensive Vulnerability-Lookup API, including cross-source correlation by vulnerability identifier.
- **RSS/Atom**: Subscribe to vulnerability updates and comments via RSS or Atom feeds.
- **Synchronization**: Optional synchronization of comments, bundles, sightings, and KEV entries between Vulnerability-Lookup instances.
## Getting Started
New to Vulnerability-Lookup? Follow these steps:
1. Review the {doc}`prerequisites`
2. Follow the {doc}`installation` guide
3. Explore the {doc}`api-v1` documentation
4. Subscribe to {doc}`feeds` for real-time updates
## Contributing
If you are interested in contributing to Vulnerability-Lookup, take a look at the
{doc}`contributing` guide and the [official repository](https://github.com/vulnerability-lookup/vulnerability-lookup).
By contributing, you agree to follow our [Code of Conduct](https://github.com/vulnerability-lookup/vulnerability-lookup/blob/main/CODE_OF_CONDUCT.md)
## Contact
[CIRCL - Computer Incident Response Center Luxembourg](https://www.circl.lu) -
[info@circl.lu](mailto:info@circl.lu)
## License
Vulnerability-Lookup is licensed under
[GNU Affero General Public License version 3](https://www.gnu.org/licenses/agpl-3.0.html).