VulnMCP is an MCP server built with FastMCP that provides AI clients, chat agents, and other automated systems with tools for vulnerability management. It offers modular "skills" that can be easily extended or integrated, enabling intelligent analysis and automated insights on software […]
cpe-guesser 2.0 released - Multi-Source CPE Imports, Better Ranking, and Greater Autonomy Beyond NVD
Version 2.0 brings major improvements to CPE import, ranking, and CVE v5 data handling. This release focuses on better import performance, broader format support, improved search relevance, and […]
gcve-eu-kev updated — a CISA KEV and ENISA CNW/EUVD to GCVE BCP-07 converter.
It now also includes a generic RSS/Atom exporter for any GCVE KEV BCP-07 feed.
@gcve
#cybersecurity #gcve #kev #cve #vulnerability #vulnerabilitymanagement
🔗 https://github.com/gcve-eu/gcve-eu-kev
🔗 […]
With the recent integration of CERT-VDE’s CSAF advisories, it becomes even clearer why diverse vulnerability data sources are essential. CSAF delivers direct vendor remediation information, and when correlated with the CVE Program , it highlights how important federation and data correlation are for remediation efforts and vulnerability management as a whole. (See example below)
With the recent integration of CERT-VDE’s CSAF advisories, it becomes even clearer why diverse vulnerability data sources are essential.
CSAF delivers direct vendor remediation information, and when correlated with the CVE Program , it highlights how […]
[Original post on infosec.exchange]
An overview of the current set of sources in the db.gcve.eu instance running the latest version of vulnerability-lookup. https://db.gcve.eu/recent#fstec
A new pull request for Vulnerability-Lookup adds a CSAF producer that publishes advisories for many manufacturers.
This is great for defenders and researchers, as it increases the amount of detailed vulnerability information available.
It will push the […]
[Original post on infosec.exchange]
~Socket~
GCVE launched a decentralized vulnerability publishing ecosystem to address CVE centralization bottlenecks.
-
IOCs: (None identified)
-
#GCVE #ThreatIntel #Vulnerability
GCVE federated model
The GCVE.eu initiative will take part in hackathon.lu (14–15 April, Luxembourg), alongside core developers of GCVE-related projects. See you there to build, experiment, and collaborate!
#gcve #cve #opensource #openstandard #hackathon
🔗 https://hackathon.lu
@gcve
@circl
[🧵 3/3]
CodeClarity is a free, open-source alternative to Snyk & Checkmarx.
🦉 Join the parliament and contribute!
#OpenSource #CyberSecurity #DevSecOps #GCVE
GCVE and CRA - overview
Many people are concerned about the CRA requirements, especially how they map to real-world coordinated vulnerability disclosure (CVD) processes.
I tried to map the standard to the functionality we have in GCVE.eu to see how it could be integrated into a […]
[Original post on infosec.exchange]
Acknowledging Reality in Vulnerability Disclosure.
Every few years, vulnerability disclosure is declared settled. We are told that the ecosystem has matured, that coordinated disclosure is the answer, and that whatever remains outside this model is either irresponsible, obsolete, or simply […]
Full disclosure in computer security still exists and is complementary to other disclosure models. The evolution of vulnerability disclosure is not linear from full disclosure to responsible disclosure to coordinated disclosure. These models coexist and all need to be taken into account.
You […]
Following a great question from CERT.PL about GCVE KEV assertion format and especially about the confidence level for an evidence of a vulnerability assertion.
We made a first table of confidence level for the evidence in the KEV record format.
| Confidence | Label | Meaning (confidence in […]
GCVE will be at hackathon.lu - April 14th and 15th, 2026
So if you want to work on all the cool stuff around vulnerability management, federated publication of vulnerability information, analytics, and anything related to vulnerabilities, join us.
#gcve #opensource #vulnerabilitymanagement […]
GCVE-BCP-08 - GCVE GNA Directory File
Following some good pre-discussion at #fosdem - a first draft of the directory file specification has been updated. The goal is clarify some of the fields. Feedback is more than welcome.
@gcve
#opensource #gcve
🔗 […]
Want to help working on a future global vulnerability intelligence platform with us? Join our community meetings!
https://www.gvip-project.org/blog/2026/community-feb/
#CVE #NVD #GCVE #CRA
🇪🇺 Європа запустила власну публічну базу даних для відстеження вразливостей програмного забезпечення під назвою #GCVE. Метою ініціативи є зміцнення цифрової безпеки та створення децентралізованої альтернативи американським сервісам.
hackread.com/eu-launches-...
#Europe launches GCVE to track security vulnerabilities without relying on the US, creating a new independent platform for reporting security flaws in software.
Read: hackread.com/eu-launches-...
#CyberSecurity #InfoSec #Vulnerabilities #EU #GCVE
# KEV Assertion Format – Draft Specification (potential BCP?)
This format describes a **generic KEV (Known Exploited Vulnerability) assertion format**.
The goal is to express _who claims exploitation_ , _when_ , _based on what_ , _where it was observed_ , and _with which level of confidence_ […]
GCVE-BCP-02 - Practical Guide to Vulnerability Handling and Disclosure.
version 1.3 published
gcve.eu/bcp/gcve-bcp...
#cve #gcve #cvd #vulnerabilitymanagement
We’ve updated the draft GCVE BCP-05 standard to introduce flexible record types, making it easier to extend, enrich, and structure security advisories.
Comments are more than welcome!
#gcve #cve #vulnerability #openstandard
@gcve
@circl
🔗 […]
GCVE-BCP-05 - GCVE Vulnerability Format (Updated CVE Record Format) has been published as DRAFT and ready for public review.
The standard is similar to the @cve record format with some extensions (via the `X_` prefixes) for GCVE format and the reference implementation vulnerability-lookup. This […]
We presented “Advancing Vulnerability Tracking and Disclosure Through an Open and Distributed Platform” at the excellent @uybhys.bsky.social
#cve #vulnerability #opensource #vulnerabilitymanagement #cybersecurity #gcve
🔗 www.vulnerability-lookup.org/2025/11/08/u...
Gestion des vulnérabilités par @adulau.bsky.social et C.Bonhomme du #CIRCL🇱🇺 à #UYBHYS2025, agrègent et corrèlent 27 sources 🇺🇸 🇨🇳 🇪🇺...👍🏻
Prédiction par IA de la sévérité à partir des descriptions textes 🤩
#GCVE permet à chacun de publier des vulnérabilités gcve.eu
www.vulnerability-lookup.org
Good example why open sources projects should self-publish or even counter-publish as a GNA in @gcve
Distributed publishing is not weakening the security advisory publication but it’s providing additional valuable sources.
#gcve #cve
🔗 www.openwall.com/lists/oss-security/2025/...
Overview of vulnerability-lookup
Vulnerability Lookup and GCVE: A Decentralized Approach to Vulnerability Publishing and Management Workshop at Hack.lu 2025
We published all the materials from the workshop given at #hacklu 2025
#gcve #vulnerabilitymanagement #opensource #cybersecurity […]
[Original post on infosec.exchange]
RE: https://infosec.exchange/@UYBHYS/115342659808677542
Glad to present at #UYBHYS with @cedric our work on GCVE and Vulnerability Lookup, facilitating vulnerability management and publishing through a fully open-source stack.
🔗 Online version https://vulnerability.circl.lu/
🔗 […]
GCVE-BCP-04 - Recommendations and Best Practices for ID Allocation version 1.1 published.
GCVE-BCP-04 - Recommendations and Best Practices for ID Allocation version 1.1 published.
BCP Document https://gcve.eu/bcp/gcve-bcp-04/
PDF https://gcve.eu/files/bcp/gcve-bcp-04.pdf
Comments and feedback […]
[Original post on infosec.exchange]
So @gcve brings a lot of interesting new aspects to cybersecurity! opensourcesecurity.io/2025/2025-08-gcve-cedric... -> are you a security researcher and you don't agree with the vendors assessment of the vuln you found and CVD'd -> you fork their disclosure and add your own meta data […]
I’ll do an online session about GCVE in 30 minutes. If you want to join, all details are below.
#gcve #vulnerability #vulnerabilitymanagement
infosec.exchange/@gcve@social.circl.lu/11...
