The Project

HPI-VDB portal is the result of research work conducted by the IT-Security Engineering Team at the HPI. It is a comprehensive and up-to-date repository which contains a large number of known vulnerabilities of Software. The vulnerability information being gathered from the Internet is evaluated, normalized, and centralized in a high performance database. The textual descriptions about each vulnerability entry are grabbed from public portals of other vulnerability databases, software vendors, etc. A well-structured data model is proposed to host all pieces of information which is related to the specific vulnerability entry. Thanks to the high quality data saved in our database, many services can be provided, including browsing, searching, self-diagnosis, Attack Graph Generation (AG), etc. Additionally, we offer an API for developers to use our database for their development.

Advanced Search

Top 5 Recent most tweeted Vulnerabilities

CVE-ID
Description
Tweets CVSS-Score
Yesterday 7 days V2 V3
CVE-2022-4096 Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/appsmith prior to 1.8.2.> 25 148

None

6.5

CVE-2022-2808 Algan Yaz?l?m Prens Student Information System product has an authenticated Insecure Direct Object Reference (IDOR) vulnerability.> 22 22

None

None

CVE-2022-2807 Algan Yazılım Prens Student Information System product has an unauthenticated SQL Injection vulnerability.> 20 20

None

None

CVE-2022-21225 Improper neutralization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.> 16 45

None

8.0

CVE-2022-44930 D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.> 13 13

None

None

PublicationsFeatures
  • F. Cheng, S. Roschke, Ch. Meinel, An Integrated Network Scanning Tool for Attack Graph Construction, in Proceedings of the 6th International Conference on Grid and Pervasive Computing (GPC'11), Springer LNCS 6646, Oulu, Finland, May 11-13, 2011.
  • S. Roschke, F. Cheng, Ch. Meinel, Using Vulnerability Information and Attack Graphs for Intrusion Detection , in Proceedings of the 6th International Conference on Information Assurance and Security(IAS'10), IEEE Press, Atlanta, USA, August 23-25, 2010.
  • F. Cheng, S. Roschke, R. Schuppenies, Ch. Meinel, Remodeling Vulnerability Information, in Post-Proceedings (selected revised paper) of the 5th SKLOIS Conference on Information Security and Cryptology (INSCRYPT'09), Springer LNCS 6151. Beijing, China. December 12 - 15, 2009.
  • S. Roschke, F. Cheng, R. Schuppenies, Ch. Meinel, Towards Unifying Vulnerability Information for Attack Graph Construction, in Proceedings of the 12th  Information Security Conference (ISC'09), Springer LNCS 5735, Pisa, Italy, September 7 - 9, 2009.
  • Robert Schuppenies, MSc.: Automatic Extraction of Vulnerability Information for Attack Graphs, HPI Master Thesis, Mar. 2009, 
  • Structured representation of known vulnerabilities
  • API to programs of security analytics and many other purpose
  • Searching functionality using CVE-ID, CWE-ID, CPE-ID, MS-ID, Full text, ...
  • Addon services (login needed): rich exportation, self-diagnosis, Attack Graph
  • Daily update to include the latest published/confirmed vulnerabilities
  • Statistics and visualization