Version 2 of my CVE Intelligence TA for Splunk is live on Splunkbase.
I’ve added EPSS probability, CISA KEV status, and SSVC data to the baseline for 327k+ vulnerabilities.
Zero-config and pre-joined lookups for faster triage.
Full details and download: jerrygamblin.com/2026/04/18/p...
When the NVD and GitHub disagree on a CVSS score, who do you trust?
I’m at #VulnCon and built Vuln Anarchy to visualize the scoring gap. This chart shows nearly 1,500 instances where the math doesn't align.
Live Data: rogolabs.github.io/vuln-anarchy/
Repo: github.com/RogoLabs/vul...
Paid $25 on eBay for a 1943 cryptography book. It arrived signed by LTC George R. Eckman, the Executive Officer of the Alsos Mission, the WWII task force that hunted Nazi nuclear scientists across Europe.
It's going to the U.S. Army Intelligence Hall of Fame. Some books belong in archives. 🔐
I heard you like CVEs, so I reported CVEs in your CVE filing software.
I reported and fixed CVE-2026-35466 & CVE-2026-35467 in CVEClient.
github.com/CERTCC/cveCl...
March 2026 was a brutal month for vulnerabilities. 🛡️
Here is the damage:
• 6,246 new CVEs (+55.7% Over Last March)
• 169 new vulns per day 🤯
• 7.1 median CVSS severity (High)
The Top 3 Culprits:
🥇 XSS (730)
🥈 SQLi (325)
🥉 Missing Auth (292)
2026 is already up 27% YoY.
The "Zero Day Clock" is a masterclass in bad data science. 📉
Ignoring right-censoring and selection bias forces a "collapse" that doesn't exist. It mistakes NVD backlog for attacker velocity.
Data audit & technical receipts here:
gist.github.com/jgamblin/91f...
#RSAC2026 #Infosec #CyberSecurity
Infographic titled '2026 CVE Growth Report' showing cumulative CVE counts through February 28, 2026. 2026 has 8,932 CVEs compared to 7,950 in 2025 over the same period, a +12.4% year-over-year change. A line chart shows 2026 trending above 2025. A lollipop chart compares monthly totals. Data source: NIST National Vulnerability Database.
Infographic titled '2026 CVE Growth Report' showing cumulative CVE counts through February 28, 2026. 2026 has 8,932 CVEs compared to 7,950 in 2025 over the same period, a +12.4% year-over-year change. A line chart shows 2026 trending above 2025. A lollipop chart compares monthly totals. Data source: NIST National Vulnerability Database.
February 2026 CVE Growth Report:
YTD (February):
▸ 8,932 total CVEs (+12.4% vs 2025 YTD)
▸ 151 new vulnerabilities per day
▸ +982 more CVEs than 2025 through February
February alone:
▸ 4,619 CVEs (+25.7% vs February 2025)
The CVE Board January minutes read like a gossip mag for vuln geeks.
Good: The March "funding cliff" is a myth.
Bad: Mystery draft legislation.
Drama: A Board With No Term Limits Votes For Member 23.
Full gossip here: www.mail-archive.com/cve-editoria...
The @openclaw project has exploded this month. 🛡️
Since I've given it deep local access, I’m tracking its security in real-time.
📈 92 Advisories
🚨 55 High/Critical
🔄 Hourly V5 sync
Link: github.com/jgamblin/Ope...
Plot twist: I had OpenClaw build the tracker for me. 🤖
Vulnerability intel shouldn’t be a luxury.
Next week at BSidesGalway, I’m launching VulnRadar:
✅ 100% Open Source
✅ Runs on free GitHub services
✅ NO API keys to manage
Good intel is a community necessity. Let’s make it the standard.
#BSidesGalway #CyberSecurity #OSS
Jan 2026 CVEs: 4,319.
While +1.0% YoY looks flat, it's 139 CVEs/day—nearly 7% HIGHER than 2025's average.
#cybersecurity #CVE #infosec #RogoLabs
I built Ghost CVEs this weekend to catch bugs that are public in code commits but invisible in the official registries.
See what I found so far 👇 github.com/RogoLabs/Gho...
#ThreatIntel #OpenSource #GhostCVEs
It’s official: 48,185 CVEs were published in 2025 (+21% YoY). 🚨
The landscape has shifted. WordPress security firms are now out-publishing Big Tech, and "Patch Tuesday" is now "Patch Every Day."
See the full data review:
jerrygamblin.com/2026/01/01/2...
London bound next week (Dec 7–15)! 🇬🇧
I’ll be at #BlackHatEU giving my talk on the "Post-NVD Era" (Thurs Dec 11 @ 2:30 PM) and then hitting up #BSidesLDN for the weekend.
#Infosec #VulnMgmt #CVE
A professor reached out about my 3-year-old CVElk project—it was broken. Spent some time last night fixing it: 4 live data sources, 300K+ CVEs, modern Python CLI, auto-updates.
Always happy to fix old code if it helps! 🙏
github.com/jgamblin/CVElk
2025 CVE Growth Report (Data through Nov 30):
⚠️ Total: 42,697 CVEs (+16.9% YoY)
📅 Daily Avg: 128
📉 November Dip: Monthly volume dropped 25% YoY (3,028 CVEs), the lowest since Jan.
We are still on track for a record year, sitting at +6,187 CVEs over 2024.
🚨 BLACK FRIDAY DOORBUSTER 🚨
CVE.ICU just got a MASSIVE upgrade: EPSS, CISA KEV, & Risk Matrix.
Our unbeatable price remains: $0.00.
No credit card. No sales calls. Just vibes and vulnerabilities.
#BlackFriday #CyberSecurity #OpenSource
2025 CVE Stats Update (October 31st, 2025)
Total Number of CVEs: 39,681
Average CVEs Per Day: 130.53
Average CVSS Score: 6.61
YOY Growth: 22.42% or +7,267 (32,414 CVEs in 2024)
Forget cryptocurrency—let's talk real cryptography! If you're into ciphers and code-breaking, this special on the hidden messages of Mary, Queen of Scots, is a must-watch. www.pbs.org/video/cracki...
Spent Sunday watching football & analyzing 314,705 CVEs to track update velocity.
Key takeaway: Some issues require constant attention—the top CVE, CVE-2023-4255, has been updated 220 times! See the full analysis and charts:
rogolabs.github.io/CVE-Updates/
📢 New Open-Source Tool: CNAPulse.org
Getting a quick, transparent overview of CNA activity was nearly impossible. It required manual processing of raw CVE data.
I built CNAPulse.org to automate and bring transparency to publishing in the CVE ecosystem.
2025 CVE Stats Update (September 30th, 2025)
Total Number of CVEs: 35,404
Average CVEs Per Day: 129.68
Average CVSS Score: 6.62
YOY Growth: 22.72% or +6,555 (28,849 CVEs in 2024)
I've added a new page to CVEForecast.org: a CNA Forecast. It's a fun project to track the growth and decline trends.
Hopefully, it provides some interesting insights for anyone in the vuln space.
Check it out here: cveforecast.org/cna_forecast...
#infosec #cybersecurity #vulnerability #cve
The CVE Program is stepping into its Quality Era, and I couldn't be happier.
CISA's vision prioritizes trust, quality, and responsiveness in vulnerability management. This is a fantastic step to ensure CVE data remains a public good for everyone
www.cisa.gov/sites/defaul...
2025 CVE Stats Update (August 31st, 2025)
Total Number of CVEs: 31,077
Average CVEs Per Day: 127.89
Average CVSS Score: 6.63
YOY Growth: 17.81% or +4,699 (26,378 CVEs in 2024)
Here are my slides from #BSidesLV on "The Art of Concealment."
TLDR: Many CVEs are published without the four pillars (CWE, CPE, CVSS, Fix) needed for security teams to remediate the vulnerabilities successfully.
rogolabs.net/Talks/The%20...
At DEF CON? I'm speaking today at 1PM in the AppSec Village. Stop by to hear me talk about the post NVD era of vulnerability data.
Just announced after my talk: CNAScorecard.org is LIVE! 🚀
Did you know only 2% of CVEs have CPE data and just 4.8% have patch info? This cripples automation & leaves us blind.
2025 CVE Stats Update (July 31st, 2025)
Total Number of CVEs: 27,447
Average CVEs Per Day: 129.47
Average CVSS Score: 6.62
YOY Growth: 17.32% or +4,053 (23,394 CVEs in 2024)
