HPI-VDB — Database for IT-Attack Analysis
The Project

HPI-VDB portal is the result of research work conducted by the IT-Security Engineering Team at the HPI. It is a comprehensive and up-to-date repository which contains a large number of known vulnerabilities of Software. The vulnerability information being gathered from the Internet is evaluated, normalized, and centralized in a high performance database. The textual descriptions about each vulnerability entry are grabbed from public portals of other vulnerability databases, software vendors, etc. A well-structured data model is proposed to host all pieces of information which is related to the specific vulnerability entry. Thanks to the high quality data saved in our database, many services can be provided, including browsing, searching, self-diagnosis, Attack Graph Generation (AG), etc. Additionally, we offer an API for developers to use our database for their development.

Advanced Search

Top 5 Recent most tweeted Vulnerabilities

CVE-ID
Description
 Tweets CVSS-Score
Yesterday 7 days V2 V3
CVE-2023-36120 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.> 0 0

None

None
CVE-2023-37807 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.> 0 0

None

None
CVE-2023-37805 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.> 0 0

None

None
CVE-2023-37803 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.> 0 0

None

None
CVE-2023-5960 An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local...> 0 0

None

5.5
PublicationsFeatures
  • F. Cheng, S. Roschke, Ch. Meinel, An Integrated Network Scanning Tool for Attack Graph Construction, in Proceedings of the 6th International Conference on Grid and Pervasive Computing (GPC'11), Springer LNCS 6646, Oulu, Finland, May 11-13, 2011.
  • S. Roschke, F. Cheng, Ch. Meinel, Using Vulnerability Information and Attack Graphs for Intrusion Detection , in Proceedings of the 6th International Conference on Information Assurance and Security(IAS'10), IEEE Press, Atlanta, USA, August 23-25, 2010.
  • F. Cheng, S. Roschke, R. Schuppenies, Ch. Meinel, Remodeling Vulnerability Information, in Post-Proceedings (selected revised paper) of the 5th SKLOIS Conference on Information Security and Cryptology (INSCRYPT'09), Springer LNCS 6151. Beijing, China. December 12 - 15, 2009.
  • S. Roschke, F. Cheng, R. Schuppenies, Ch. Meinel, Towards Unifying Vulnerability Information for Attack Graph Construction, in Proceedings of the 12th  Information Security Conference (ISC'09), Springer LNCS 5735, Pisa, Italy, September 7 - 9, 2009.
  • Robert Schuppenies, MSc.: Automatic Extraction of Vulnerability Information for Attack Graphs, HPI Master Thesis, Mar. 2009, 
    		•
  • Structured representation of known vulnerabilities
  • API to programs of security analytics and many other purpose
  • Searching functionality using CVE-ID, CWE-ID, CPE-ID, MS-ID, Full text, ...
  • Addon services (login needed): rich exportation, self-diagnosis, Attack Graph
  • Daily update to include the latest published/confirmed vulnerabilities
  • Statistics and visualization