home.social

#gcve — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #gcve, aggregated by home.social.

fetched live
  1. You can now browse VEX statements in Vulnerability-Lookup!

    The new VEX page lets you explore 220k+ vendor VEX records (Red Hat, Microsoft MSRC, more coming), filter by source, search by CVE ID or title, see product statuses at a glance (fixed, known affected, not affected, under investigation) and pivot straight to the related vulnerability.

    🔎 vulnerability.circl.lu/vex/
    🧩 API: vulnerability.circl.lu/api/vex/

    #VEX #VulnerabilityLookup #CVE #GCVE #OpenSource #CyberSecurity

  2. You can now browse VEX statements in Vulnerability-Lookup!

    The new VEX page lets you explore 220k+ vendor VEX records (Red Hat, Microsoft MSRC, more coming), filter by source, search by CVE ID or title, see product statuses at a glance (fixed, known affected, not affected, under investigation) and pivot straight to the related vulnerability.

    🔎 vulnerability.circl.lu/vex/
    🧩 API: vulnerability.circl.lu/api/vex/

    #VEX #VulnerabilityLookup #CVE #GCVE #OpenSource #CyberSecurity

  3. 📦 gcve 0.12.1 is out — a small maintenance release with updated dependencies.

    gcve is a Python client and CLI for the Global CVE Allocation System (GCVE), a decentralized approach to vulnerability identification where multiple GCVE Numbering Authorities can allocate IDs independently, with a cryptographically signed registry.

    🔗 gcve.eu
    🐍 pipx install gcve
    💻 github.com/gcve-eu/gcve

  4. 📦 gcve 0.12.1 is out — a small maintenance release with updated dependencies.

    gcve is a Python client and CLI for the Global CVE Allocation System (GCVE), a decentralized approach to vulnerability identification where multiple GCVE Numbering Authorities can allocate IDs independently, with a cryptographically signed registry.

    🔗 gcve.eu
    🐍 pipx install gcve
    💻 github.com/gcve-eu/gcve

    #GCVE #CVE #VulnerabilityManagement #CyberSecurity #Python #OpenSource

  5. 📦 gcve 0.12.1 is out — a small maintenance release with updated dependencies.

    gcve is a Python client and CLI for the Global CVE Allocation System (GCVE), a decentralized approach to vulnerability identification where multiple GCVE Numbering Authorities can allocate IDs independently, with a cryptographically signed registry.

    🔗 gcve.eu
    🐍 pipx install gcve
    💻 github.com/gcve-eu/gcve

    #GCVE #CVE #VulnerabilityManagement #CyberSecurity #Python #OpenSource

  6. We just released cve-search v6.0.1 - it is a security and maintenance release. All users are strongly encouraged to upgrade.

    Thanks to @oh2fih for the remediation fix and release support. Thanks to George Chen for the report about the security vulnerability.

    #cve #gcve #cybersecurity

    🔗 github.com/cve-search/cve-sear

  7. We just released cve-search v6.0.1 - it is a security and maintenance release. All users are strongly encouraged to upgrade.

    Thanks to @oh2fih for the remediation fix and release support. Thanks to George Chen for the report about the security vulnerability.

    #cve #gcve #cybersecurity

    🔗 github.com/cve-search/cve-sear

  8. A new KEV Catalog built from real-world exploitation data !

    vulnerability.circl.lu/known-e

    We are excited to share the result of a fruitful collaboration with @shadowserver: a new Known Exploited Vulnerabilities (KEV) Catalog (BCP-07 compliant) built directly from their global honeypot telemetry.

    #ShadowServer #KEV #GCVE #Vulnerability #VulnerabilityManagement #Decentralization #Fragmentation

  9. A new KEV Catalog built from real-world exploitation data !

    vulnerability.circl.lu/known-e

    We are excited to share the result of a fruitful collaboration with @shadowserver: a new Known Exploited Vulnerabilities (KEV) Catalog (BCP-07 compliant) built directly from their global honeypot telemetry.

    #ShadowServer #KEV #GCVE #Vulnerability #VulnerabilityManagement #Decentralization #Fragmentation

  10. Improving the CPE editor for the GCVE initiative: clearer API behavior, better performance, and many other enhancements. This will be released in version 1.1 and the improvements are already in the online version.

    🌍️ Online version cpe.gcve.eu/
    :github: github.com/gcve-eu/cpe-editor

    If you want to improve the CPE dataset, you can make proposal online.

    Thanks to all the users who provided feedback for improvements @righel @cedric @jgamblin

    @gcve

    #gcve #cpe #cve #vulnerability #vulnerabilitymanagement #opensource #opendata

  11. Improving the CPE editor for the GCVE initiative: clearer API behavior, better performance, and many other enhancements. This will be released in version 1.1 and the improvements are already in the online version.

    🌍️ Online version cpe.gcve.eu/
    :github: github.com/gcve-eu/cpe-editor

    If you want to improve the CPE dataset, you can make proposal online.

    Thanks to all the users who provided feedback for improvements @righel @cedric @jgamblin

    @gcve

    #gcve #cpe #cve #vulnerability #vulnerabilitymanagement #opensource #opendata

  12. 🎉 Vulnerability-Lookup 5.2.0 is out!

    This release comes with plenty of improvements and is the result of many expensive AI tokens consumed by Claude Code under the supervision of its human orchestrator.

    Curious? Have a look at the release notes:

    vulnerability-lookup.org/2026/

    #AI #Orchestration #Vulnerability #OpenSource #GCVE #CVE #CVD #GNA

  13. 🎉 Vulnerability-Lookup 5.2.0 is out!

    This release comes with plenty of improvements and is the result of many expensive AI tokens consumed by Claude Code under the supervision of its human orchestrator.

    Curious? Have a look at the release notes:

    vulnerability-lookup.org/2026/

    #AI #Orchestration #Vulnerability #OpenSource #GCVE #CVE #CVD #GNA

  14. The idea from @bagder is so interesting that it gave me the idea to extend the "GCVE-BCP-02 - Practical Guide to Vulnerability Handling and Disclosure" with "Temporary Closure of Vulnerability Intake Windows"

    #gcve #cve #vulnerabilitymanagement #vulnerability #opensource #cybersecurity

    🔗 Proposal discourse.ossbase.org/t/tempor
    🔗 Original BCP-02 gcve.eu/bcp/gcve-bcp-02/

  15. The idea from @bagder is so interesting that it gave me the idea to extend the "GCVE-BCP-02 - Practical Guide to Vulnerability Handling and Disclosure" with "Temporary Closure of Vulnerability Intake Windows"

    #gcve #cve #vulnerabilitymanagement #vulnerability #opensource #cybersecurity

    🔗 Proposal discourse.ossbase.org/t/tempor
    🔗 Original BCP-02 gcve.eu/bcp/gcve-bcp-02/

  16. 📢 Vulnerability-Lookup 5.1.0 released!

    New CNA Publication Service: publish vulnerabilities from your local instance (GCVE) directly to the official CVE Program via MITRE's CVE Services — one record, two identifiers, no duplication, with built-in moderation as part of CVD.

    Plus: exploited-CVE ratio statistics, CSAF advisories in full-text search, and UI improvements.

    vulnerability-lookup.org/2026/

    #CyberSecurity #OpenSource #CVD #GCVE #CNA #CVE

  17. 📢 Vulnerability-Lookup 5.1.0 released!

    New CNA Publication Service: publish vulnerabilities from your local instance (GCVE) directly to the official CVE Program via MITRE's CVE Services — one record, two identifiers, no duplication, with built-in moderation as part of CVD.

    Plus: exploited-CVE ratio statistics, CSAF advisories in full-text search, and UI improvements.

    vulnerability-lookup.org/2026/

    #CyberSecurity #OpenSource #CVD #GCVE #CNA #CVE

  18. Playing with CSAF 2.1 CSD02 and GCVE extensions.

    discourse.ossbase.org/t/csaf-a

    I think more and more that having GCVE extension on all vulnerability standard format makes much more sense nowadays.

    #gcve #cve #csaf

    @gcve

  19. Playing with CSAF 2.1 CSD02 and GCVE extensions.

    discourse.ossbase.org/t/csaf-a

    I think more and more that having GCVE extension on all vulnerability standard format makes much more sense nowadays.

    #gcve #cve #csaf

    @gcve

  20. I'm now GNA 119 under CIRCL's GCVE system — a decentralized vulnerability
    identification authority. I have authority to mint vulnerability
    identifiers for cloud findings, including ones where vendor CNAs decline
    to issue CVEs.

    I could start assigning IDs to my own research today. I won't.

    Cloud vulnerability validation shouldn't be one person's judgment. Mine
    or anyone else's.

    I'm forming a consensus panel of practitioners for each major cloud
    platform — AWS, GCP, Azure, and managed services. GCVE-119 allocations
    will go through panel review, not solo decisions.

    Charter, scope, and membership criteria coming. Community input on
    structure welcome before anything is finalized.

    Background on GCVE and the cloud finding gap:
    olearysec.com/gcve/

    #infosec #vulnerability #GCVE #cloudsecurity #security

  21. I'm now GNA 119 under CIRCL's GCVE system — a decentralized vulnerability
    identification authority. I have authority to mint vulnerability
    identifiers for cloud findings, including ones where vendor CNAs decline
    to issue CVEs.

    I could start assigning IDs to my own research today. I won't.

    Cloud vulnerability validation shouldn't be one person's judgment. Mine
    or anyone else's.

    I'm forming a consensus panel of practitioners for each major cloud
    platform — AWS, GCP, Azure, and managed services. GCVE-119 allocations
    will go through panel review, not solo decisions.

    Charter, scope, and membership criteria coming. Community input on
    structure welcome before anything is finalized.

    Background on GCVE and the cloud finding gap:
    olearysec.com/gcve/

    #infosec #vulnerability #GCVE #cloudsecurity #security

  22. RE: infosec.exchange/@sambowne/116

    If I understood #GCVE correctly, this is exactly the sort of case where you want to use this process to assign a #GCVE identifier, @adulau -> what do you think?

  23. RE: infosec.exchange/@sambowne/116

    If I understood #GCVE correctly, this is exactly the sort of case where you want to use this process to assign a #GCVE identifier, @adulau -> what do you think?

  24. GCVE has published a description of the scope of a GCVE record. It is based on feedback, misunderstandings from articles about the GCVE initiative, and ideas from GNAs actually assigning IDs.

    The document is still in draft before in a final publication. Feedback is welcome via the standard Discourse platform.

    BCP-09 -> gcve.eu/bcp/gcve-bcp-09/

    #gcve #cve #vulnerability #opensource #vulnerability #cybersecurity

    social.circl.lu/@gcve/11658895

  25. GCVE has published a description of the scope of a GCVE record. It is based on feedback, misunderstandings from articles about the GCVE initiative, and ideas from GNAs actually assigning IDs.

    The document is still in draft before in a final publication. Feedback is welcome via the standard Discourse platform.

    BCP-09 -> gcve.eu/bcp/gcve-bcp-09/

    #gcve #cve #vulnerability #opensource #vulnerability #cybersecurity

    social.circl.lu/@gcve/11658895

  26. @Le_suisse @ariadne @gregkh @wdormann @Viss @andrewnez @Di4na

    Yes! The #GCVE folks are really on the ball about all this

    I would be willing to bet a milkshake they will be one of the more authoritative sources in the future

  27. @Le_suisse @ariadne @gregkh @wdormann @Viss @andrewnez @Di4na

    Yes! The #GCVE folks are really on the ball about all this

    I would be willing to bet a milkshake they will be one of the more authoritative sources in the future

  28. RE: social.circl.lu/@gcve/11647277

    After the recent hackathon and the feedback from different contributors, we published a first draft version of GCVE-BCP-10 to refresh the Common Platform Enumeration model.

    #gcve #cpe #cybersecurity

    infosec.exchange/@gcve@social.

  29. RE: social.circl.lu/@gcve/11647277

    After the recent hackathon and the feedback from different contributors, we published a first draft version of GCVE-BCP-10 to refresh the Common Platform Enumeration model.

    #gcve #cpe #cybersecurity

    infosec.exchange/@gcve@social.

  30. Does anyone know how to report errors to https://db.gcve.eu/? Just their info@ mail? I looked up CVE-2026-6042 and CVE-2026-40200 there because I was annoyed that the NVD database (which #Buildroot uses for automated vulnerability checks) still didn't have them correctly labeled with the CPE (so automated tools can't identify the package is vulnerable).

    Result:
    CVE-2026-40200 is correctly labeled (good!), while CVE-2026-6042 is not (different vendor/product). Mistakes happen, an organization that's trying to run as serious vulnerability DB really needs to provide an obvious "report errors here" mail address (or other means, but really… mail). ​:neocat_glare:​ #CVE #GCVE

  31. Does anyone know how to report errors to https://db.gcve.eu/? Just their info@ mail? I looked up CVE-2026-6042 and CVE-2026-40200 there because I was annoyed that the NVD database (which #Buildroot uses for automated vulnerability checks) still didn't have them correctly labeled with the CPE (so automated tools can't identify the package is vulnerable).

    Result:
    CVE-2026-40200 is correctly labeled (good!), while CVE-2026-6042 is not (different vendor/product). Mistakes happen, an organization that's trying to run as serious vulnerability DB really needs to provide an obvious "report errors here" mail address (or other means, but really… mail). ​:neocat_glare:​ #CVE #GCVE

  32. Heureux de lire un article qui comprend bien les enjeux de la gestion des vulnérabilités et qui reflète bien notre démarche avec le projet GCVE.

    "Le Global CVE Allocation System, soutenu par l’UE, a été lancé début janvier. Cet événement fait suite aux problématiques de financement du programme CVE, opéré par MITRE Corporation et soutenu par le gouvernement américain. L’initiative illustre la manière dont l’UE affirme son influence normative tout en atténuant sa dépendance aux infrastructures non européennes. Cette dimension prend toute son importance à l’heure du retour de la compétition entre grandes puissances."

    #gcve #cve #europe #vulnerabilitymanagement #opensource #opendata

    🔗 irsem.fr/publications/fragment

    @gcve
    @circl

  33. Heureux de lire un article qui comprend bien les enjeux de la gestion des vulnérabilités et qui reflète bien notre démarche avec le projet GCVE.

    "Le Global CVE Allocation System, soutenu par l’UE, a été lancé début janvier. Cet événement fait suite aux problématiques de financement du programme CVE, opéré par MITRE Corporation et soutenu par le gouvernement américain. L’initiative illustre la manière dont l’UE affirme son influence normative tout en atténuant sa dépendance aux infrastructures non européennes. Cette dimension prend toute son importance à l’heure du retour de la compétition entre grandes puissances."

    #gcve #cve #europe #vulnerabilitymanagement #opensource #opendata

    🔗 irsem.fr/publications/fragment

    @gcve
    @circl

  34. Working on a prototype for collaborative CPE editing, including relationship handling. It is starting to come together, and I see a lot of potential in extending the CPE format to make it more useful.

    Maybe join me at hackathon.lu if you want to be part of this.

    #gcve #cve #cybersecurity #vulnerabilitymanagement