The Project

HPI-VDB portal is the result of research work conducted by the IT-Security Engineering Team at the HPI. It is a comprehensive and up-to-date repository which contains a large number of known vulnerabilities of Software. The vulnerability information being gathered from the Internet is evaluated, normalized, and centralized in a high performance database. The textual descriptions about each vulnerability entry are grabbed from public portals of other vulnerability databases, software vendors, etc. A well-structured data model is proposed to host all pieces of information which is related to the specific vulnerability entry. Thanks to the high quality data saved in our database, many services can be provided, including browsing, searching, self-diagnosis, Attack Graph Generation (AG), etc. Additionally, we offer an API for developers to use our database for their development.

Advanced Search

Top 5 Recent most tweeted Vulnerabilities

CVE-ID
Description
Tweets CVSS-Score
Yesterday 7 days V2 V3
CVE-2023-21036 In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A> 9 180

None

None

CVE-2022-3801 A vulnerability, which was classified as critical, was found in IBAX go-ibax. This affects an unknown part of the file /api/v2/open/rowsInfo. The manipulation of the argument order leads to sql injection. It is possible ...> 5 5

None

8.8

CVE-2023-20963 In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...> 3 8

None

7.8

CVE-2023-1631 A vulnerability, which was classified as problematic, was found in JiangMin Antivirus 16.2.2022.418. This affects the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to ...> 3 20

None

None

CVE-2023-1630 A vulnerability, which was classified as problematic, has been found in JiangMin Antivirus 16.2.2022.418. Affected by this issue is the function 0x222000 in the library kvcore.sys of the component IOCTL Handler. The mani...> 3 19

None

None

PublicationsFeatures
  • F. Cheng, S. Roschke, Ch. Meinel, An Integrated Network Scanning Tool for Attack Graph Construction, in Proceedings of the 6th International Conference on Grid and Pervasive Computing (GPC'11), Springer LNCS 6646, Oulu, Finland, May 11-13, 2011.
  • S. Roschke, F. Cheng, Ch. Meinel, Using Vulnerability Information and Attack Graphs for Intrusion Detection , in Proceedings of the 6th International Conference on Information Assurance and Security(IAS'10), IEEE Press, Atlanta, USA, August 23-25, 2010.
  • F. Cheng, S. Roschke, R. Schuppenies, Ch. Meinel, Remodeling Vulnerability Information, in Post-Proceedings (selected revised paper) of the 5th SKLOIS Conference on Information Security and Cryptology (INSCRYPT'09), Springer LNCS 6151. Beijing, China. December 12 - 15, 2009.
  • S. Roschke, F. Cheng, R. Schuppenies, Ch. Meinel, Towards Unifying Vulnerability Information for Attack Graph Construction, in Proceedings of the 12th  Information Security Conference (ISC'09), Springer LNCS 5735, Pisa, Italy, September 7 - 9, 2009.
  • Robert Schuppenies, MSc.: Automatic Extraction of Vulnerability Information for Attack Graphs, HPI Master Thesis, Mar. 2009, 
  • Structured representation of known vulnerabilities
  • API to programs of security analytics and many other purpose
  • Searching functionality using CVE-ID, CWE-ID, CPE-ID, MS-ID, Full text, ...
  • Addon services (login needed): rich exportation, self-diagnosis, Attack Graph
  • Daily update to include the latest published/confirmed vulnerabilities
  • Statistics and visualization