We’re delighted to announce the release of Vulnerability-Lookup 2.16.0 — packed with exciting new features!

Statistics page

Statistics page

Statistics page

Search page

What’s New

Backend

  • Introduced source-scoped kvrocks counters and source-scoped sorted indexes for vulnerability advisories by state (published, updated, reserved). (#211, PR #215)
    Examples of newly available queries:

    • GET published:count:github:2025-09
    • ZREVRANGE index:csaf_certbund:published 0 9 WITHSCORES
    • ZREVRANGE vendors:ranking:2025-08 0 9 WITHSCORES

  • Added feeders for CERT-FR Avis and CERT-FR Alerte. (b99291f)

API

The Stats API endpoint now delivers statistics on CVE publications, with filters available by source, date, and advisory state. These new endpoints leverage the new indexes provided by the kvrocks backend. The result can be returned as JSON (default) or Markdown table. (0d153ed)

Frontend

  • Added a new public statistics page displaying various insights on CVE publications. This new page features several interactive charts powered by the new Stats API endpoints. (0d153ed, c842876)

  • Added XSLT support for various RSS/Atom feeds. The XSLT is injected immediately after feed generation, before delivery to the user. (241c6ca)

Migration Notes

  • To reset the indexes, you can execute bin/index_vulnerabilities.py which is using various reindexing utilities. This will delete indexes and counters! Alternatively, you can rerun the appropriate feeder with the --reimport parameter.

Changes

  • Improved search page: (82b9f95, f9f5c58)

    • Filtering on sources, vendors, and products.
    • Sorting based on advisory state (reserved, published, updated) and order (ascending/descending).
    • Displaying all vulnerabilities related to a vendor with pagination (without specifying a product).

  • Improved recent page: vulnerabilities from multiple sources can now be sorted by publication or update date. (df1e472c)

  • Improved admin dashboard for user management. (#221)

  • Improved Vulnerability API endpoint: The GET List endpoint now provides more advanced filtering by source and advisory state. (0d153ed)

  • Various improvements related to the vulnerability description pages.

Fixes

  • NDJSON data dumps: fixed an issue where dumps did not actually contain newlines. (#218)
  • Prevent reimport of already ingested vulnerabilities from flaky CSAF sources. (#1848619)

Changelog

📂 For the full list of changes, check the GitHub release:
https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v2.16.0

🙏 A big thank you to all contributors and testers!

Feedback and Support

If you find any issues or have suggestions, please open a ticket on our GitHub repository:
https://github.com/vulnerability-lookup/vulnerability-lookup/issues/
We appreciate your feedback!

Follow Us on Fediverse/Mastodon

Stay updated on security advisories in real-time by following us on Mastodon:
https://social.circl.lu/@vulnerability_lookup/