HPI Vulnerability Database

The Project
HPI-VDB portal is the result of research work conducted by the IT-Security Engineering Team at the HPI. It is a comprehensive and up-to-date repository which contains a large number of known vulnerabilities of Software. The vulnerability information being gathered from the Internet is evaluated, normalized, and centralized in a high performance database. The textual descriptions about each vulnerability entry are grabbed from public portals of other vulnerability databases, software vendors, etc. A well-structured data model is proposed to host all pieces of information which is related to the specific vulnerability entry. Thanks to the high quality data saved in our database, many services can be provided, including browsing, searching, self-diagnosis, Attack Graph Generation (AG), etc. Additionally, we offer an API for developers to use our database for their development.

The Project

HPI-VDB portal is the result of research work conducted by the IT-Security Engineering Team at the HPI. It is a comprehensive and up-to-date repository which contains a large number of known vulnerabilities of Software. The vulnerability information being gathered from the Internet is evaluated, normalized, and centralized in a high performance database. The textual descriptions about each vulnerability entry are grabbed from public portals of other vulnerability databases, software vendors, etc. A well-structured data model is proposed to host all pieces of information which is related to the specific vulnerability entry. Thanks to the high quality data saved in our database, many services can be provided, including browsing, searching, self-diagnosis, Attack Graph Generation (AG), etc. Additionally, we offer an API for developers to use our database for their development.

Top 5 Recent most tweeted Vulnerabilities

CVE-ID	Description	Tweets		CVSS-Score
		Yesterday	7 days	V2	V3
CVE-2023-2868	A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehens...>	257	307	None	9.8
CVE-2023-34362	In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application th...>	146	1370	None	None
CVE-2023-29336	Win32k Elevation of Privilege Vulnerability>	141	163	None	7.8
CVE-2023-25157	GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) a...>	107	457	None	9.8
CVE-2023-3079	Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)>	68	624	None	None

Publications	Features
F. Cheng, S. Roschke, Ch. Meinel, An Integrated Network Scanning Tool for Attack Graph Construction, in Proceedings of the 6th International Conference on Grid and Pervasive Computing (GPC'11), Springer LNCS 6646, Oulu, Finland, May 11-13, 2011. S. Roschke, F. Cheng, Ch. Meinel, Using Vulnerability Information and Attack Graphs for Intrusion Detection , in Proceedings of the 6th International Conference on Information Assurance and Security(IAS'10), IEEE Press, Atlanta, USA, August 23-25, 2010. F. Cheng, S. Roschke, R. Schuppenies, Ch. Meinel, Remodeling Vulnerability Information, in Post-Proceedings (selected revised paper) of the 5th SKLOIS Conference on Information Security and Cryptology (INSCRYPT'09), Springer LNCS 6151. Beijing, China. December 12 - 15, 2009. S. Roschke, F. Cheng, R. Schuppenies, Ch. Meinel, Towards Unifying Vulnerability Information for Attack Graph Construction, in Proceedings of the 12th Information Security Conference (ISC'09), Springer LNCS 5735, Pisa, Italy, September 7 - 9, 2009. Robert Schuppenies, MSc.: Automatic Extraction of Vulnerability Information for Attack Graphs, HPI Master Thesis, Mar. 2009,	Structured representation of known vulnerabilities API to programs of security analytics and many other purpose Searching functionality using CVE-ID, CWE-ID, CPE-ID, MS-ID, Full text, ... Addon services (login needed): rich exportation, self-diagnosis, Attack Graph Daily update to include the latest published/confirmed vulnerabilities Statistics and visualization

Publications

Features

F. Cheng, S. Roschke, Ch. Meinel, An Integrated Network Scanning Tool for Attack Graph Construction, in Proceedings of the 6th International Conference on Grid and Pervasive Computing (GPC'11), Springer LNCS 6646, Oulu, Finland, May 11-13, 2011.

S. Roschke, F. Cheng, Ch. Meinel, Using Vulnerability Information and Attack Graphs for Intrusion Detection , in Proceedings of the 6th International Conference on Information Assurance and Security(IAS'10), IEEE Press, Atlanta, USA, August 23-25, 2010.

F. Cheng, S. Roschke, R. Schuppenies, Ch. Meinel, Remodeling Vulnerability Information, in Post-Proceedings (selected revised paper) of the 5th SKLOIS Conference on Information Security and Cryptology (INSCRYPT'09), Springer LNCS 6151. Beijing, China. December 12 - 15, 2009.

S. Roschke, F. Cheng, R. Schuppenies, Ch. Meinel, Towards Unifying Vulnerability Information for Attack Graph Construction, in Proceedings of the 12th Information Security Conference (ISC'09), Springer LNCS 5735, Pisa, Italy, September 7 - 9, 2009.

Robert Schuppenies, MSc.: Automatic Extraction of Vulnerability Information for Attack Graphs, HPI Master Thesis, Mar. 2009,

Structured representation of known vulnerabilities

API to programs of security analytics and many other purpose

Searching functionality using CVE-ID, CWE-ID, CPE-ID, MS-ID, Full text, ...

Addon services (login needed): rich exportation, self-diagnosis, Attack Graph

Daily update to include the latest published/confirmed vulnerabilities

Statistics and visualization

HPI-VDB — Database for IT-Attack Analysis