HPI-VDB — Database for IT-Attack Analysis
The Project

HPI-VDB portal is the result of research work conducted by the IT-Security Engineering Team at the HPI. It is a comprehensive and up-to-date repository which contains a large number of known vulnerabilities of Software. The vulnerability information being gathered from the Internet is evaluated, normalized, and centralized in a high performance database. The textual descriptions about each vulnerability entry are grabbed from public portals of other vulnerability databases, software vendors, etc. A well-structured data model is proposed to host all pieces of information which is related to the specific vulnerability entry. Thanks to the high quality data saved in our database, many services can be provided, including browsing, searching, self-diagnosis, Attack Graph Generation (AG), etc. Additionally, we offer an API for developers to use our database for their development.

Advanced Search

Top 5 Recent most tweeted Vulnerabilities

CVE-ID
Description
 Tweets CVSS-Score
Yesterday 7 days V2 V3
CVE-2021-36347 iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulner...> 0 0

9.0

7.2
CVE-2022-27547 HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc.> 0 0

None

7.4
CVE-2021-39746 In PermissionController, there is a possible way to delete some local files due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not ...> 0 0

4.6

7.8
CVE-2023-24571 Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.> 0 0

None

6.7
CVE-2022-1128 Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.> 0 0

None

6.5
PublicationsFeatures
  • F. Cheng, S. Roschke, Ch. Meinel, An Integrated Network Scanning Tool for Attack Graph Construction, in Proceedings of the 6th International Conference on Grid and Pervasive Computing (GPC'11), Springer LNCS 6646, Oulu, Finland, May 11-13, 2011.
  • S. Roschke, F. Cheng, Ch. Meinel, Using Vulnerability Information and Attack Graphs for Intrusion Detection , in Proceedings of the 6th International Conference on Information Assurance and Security(IAS'10), IEEE Press, Atlanta, USA, August 23-25, 2010.
  • F. Cheng, S. Roschke, R. Schuppenies, Ch. Meinel, Remodeling Vulnerability Information, in Post-Proceedings (selected revised paper) of the 5th SKLOIS Conference on Information Security and Cryptology (INSCRYPT'09), Springer LNCS 6151. Beijing, China. December 12 - 15, 2009.
  • S. Roschke, F. Cheng, R. Schuppenies, Ch. Meinel, Towards Unifying Vulnerability Information for Attack Graph Construction, in Proceedings of the 12th  Information Security Conference (ISC'09), Springer LNCS 5735, Pisa, Italy, September 7 - 9, 2009.
  • Robert Schuppenies, MSc.: Automatic Extraction of Vulnerability Information for Attack Graphs, HPI Master Thesis, Mar. 2009, 
    		•
  • Structured representation of known vulnerabilities
  • API to programs of security analytics and many other purpose
  • Searching functionality using CVE-ID, CWE-ID, CPE-ID, MS-ID, Full text, ...
  • Addon services (login needed): rich exportation, self-diagnosis, Attack Graph
  • Daily update to include the latest published/confirmed vulnerabilities
  • Statistics and visualization