#gcve — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #gcve, aggregated by home.social.
-
You can now browse VEX statements in Vulnerability-Lookup!
The new VEX page lets you explore 220k+ vendor VEX records (Red Hat, Microsoft MSRC, more coming), filter by source, search by CVE ID or title, see product statuses at a glance (fixed, known affected, not affected, under investigation) and pivot straight to the related vulnerability.
🔎 https://vulnerability.circl.lu/vex/
🧩 API: https://vulnerability.circl.lu/api/vex/#VEX #VulnerabilityLookup #CVE #GCVE #OpenSource #CyberSecurity
-
You can now browse VEX statements in Vulnerability-Lookup!
The new VEX page lets you explore 220k+ vendor VEX records (Red Hat, Microsoft MSRC, more coming), filter by source, search by CVE ID or title, see product statuses at a glance (fixed, known affected, not affected, under investigation) and pivot straight to the related vulnerability.
🔎 https://vulnerability.circl.lu/vex/
🧩 API: https://vulnerability.circl.lu/api/vex/#VEX #VulnerabilityLookup #CVE #GCVE #OpenSource #CyberSecurity
-
📦 gcve 0.12.1 is out — a small maintenance release with updated dependencies.
gcve is a Python client and CLI for the Global CVE Allocation System (GCVE), a decentralized approach to vulnerability identification where multiple GCVE Numbering Authorities can allocate IDs independently, with a cryptographically signed registry.
🔗 https://gcve.eu
🐍 pipx install gcve
💻 https://github.com/gcve-eu/gcve#GCVE #CVE #VulnerabilityManagement #CyberSecurity #Python #OpenSource
-
📦 gcve 0.12.1 is out — a small maintenance release with updated dependencies.
gcve is a Python client and CLI for the Global CVE Allocation System (GCVE), a decentralized approach to vulnerability identification where multiple GCVE Numbering Authorities can allocate IDs independently, with a cryptographically signed registry.
🔗 https://gcve.eu
🐍 pipx install gcve
💻 https://github.com/gcve-eu/gcve#GCVE #CVE #VulnerabilityManagement #CyberSecurity #Python #OpenSource
-
📦 gcve 0.12.1 is out — a small maintenance release with updated dependencies.
gcve is a Python client and CLI for the Global CVE Allocation System (GCVE), a decentralized approach to vulnerability identification where multiple GCVE Numbering Authorities can allocate IDs independently, with a cryptographically signed registry.
🔗 https://gcve.eu
🐍 pipx install gcve
💻 https://github.com/gcve-eu/gcve#GCVE #CVE #VulnerabilityManagement #CyberSecurity #Python #OpenSource
-
We just released cve-search v6.0.1 - it is a security and maintenance release. All users are strongly encouraged to upgrade.
Thanks to @oh2fih for the remediation fix and release support. Thanks to George Chen for the report about the security vulnerability.
🔗 https://github.com/cve-search/cve-search/releases/tag/v6.0.1
-
We just released cve-search v6.0.1 - it is a security and maintenance release. All users are strongly encouraged to upgrade.
Thanks to @oh2fih for the remediation fix and release support. Thanks to George Chen for the report about the security vulnerability.
🔗 https://github.com/cve-search/cve-search/releases/tag/v6.0.1
-
A new KEV Catalog built from real-world exploitation data !
We are excited to share the result of a fruitful collaboration with @shadowserver: a new Known Exploited Vulnerabilities (KEV) Catalog (BCP-07 compliant) built directly from their global honeypot telemetry.
#ShadowServer #KEV #GCVE #Vulnerability #VulnerabilityManagement #Decentralization #Fragmentation
-
A new KEV Catalog built from real-world exploitation data !
We are excited to share the result of a fruitful collaboration with @shadowserver: a new Known Exploited Vulnerabilities (KEV) Catalog (BCP-07 compliant) built directly from their global honeypot telemetry.
#ShadowServer #KEV #GCVE #Vulnerability #VulnerabilityManagement #Decentralization #Fragmentation
-
Improving the CPE editor for the GCVE initiative: clearer API behavior, better performance, and many other enhancements. This will be released in version 1.1 and the improvements are already in the online version.
🌍️ Online version https://cpe.gcve.eu/
:github: https://github.com/gcve-eu/cpe-editorIf you want to improve the CPE dataset, you can make proposal online.
Thanks to all the users who provided feedback for improvements @righel @cedric @jgamblin
#gcve #cpe #cve #vulnerability #vulnerabilitymanagement #opensource #opendata
-
Improving the CPE editor for the GCVE initiative: clearer API behavior, better performance, and many other enhancements. This will be released in version 1.1 and the improvements are already in the online version.
🌍️ Online version https://cpe.gcve.eu/
:github: https://github.com/gcve-eu/cpe-editorIf you want to improve the CPE dataset, you can make proposal online.
Thanks to all the users who provided feedback for improvements @righel @cedric @jgamblin
#gcve #cpe #cve #vulnerability #vulnerabilitymanagement #opensource #opendata
-
We are improving the KEV Catalogs page of Vulnerability-Lookup.
Just have a look:
👉 https://vulnerability.circl.lu/kev-catalogs
#CyberSecurity #VulnerabilityManagement #Vulnerability #GCVE #CVE #CISA #KEV #ThreatIntel #OpenSource
-
We are improving the KEV Catalogs page of Vulnerability-Lookup.
Just have a look:
👉 https://vulnerability.circl.lu/kev-catalogs
#CyberSecurity #VulnerabilityManagement #Vulnerability #GCVE #CVE #CISA #KEV #ThreatIntel #OpenSource
-
🎉 Vulnerability-Lookup 5.2.0 is out!
This release comes with plenty of improvements and is the result of many expensive AI tokens consumed by Claude Code under the supervision of its human orchestrator.
Curious? Have a look at the release notes:
https://www.vulnerability-lookup.org/2026/06/19/vulnerability-lookup-5-2-0/
#AI #Orchestration #Vulnerability #OpenSource #GCVE #CVE #CVD #GNA
-
🎉 Vulnerability-Lookup 5.2.0 is out!
This release comes with plenty of improvements and is the result of many expensive AI tokens consumed by Claude Code under the supervision of its human orchestrator.
Curious? Have a look at the release notes:
https://www.vulnerability-lookup.org/2026/06/19/vulnerability-lookup-5-2-0/
#AI #Orchestration #Vulnerability #OpenSource #GCVE #CVE #CVD #GNA
-
The idea from @bagder is so interesting that it gave me the idea to extend the "GCVE-BCP-02 - Practical Guide to Vulnerability Handling and Disclosure" with "Temporary Closure of Vulnerability Intake Windows"
#gcve #cve #vulnerabilitymanagement #vulnerability #opensource #cybersecurity
🔗 Proposal https://discourse.ossbase.org/t/temporary-closure-of-vulnerability-intake-windows-potential-annex-extension-for-gcve-bcp-02/1104
🔗 Original BCP-02 https://gcve.eu/bcp/gcve-bcp-02/ -
The idea from @bagder is so interesting that it gave me the idea to extend the "GCVE-BCP-02 - Practical Guide to Vulnerability Handling and Disclosure" with "Temporary Closure of Vulnerability Intake Windows"
#gcve #cve #vulnerabilitymanagement #vulnerability #opensource #cybersecurity
🔗 Proposal https://discourse.ossbase.org/t/temporary-closure-of-vulnerability-intake-windows-potential-annex-extension-for-gcve-bcp-02/1104
🔗 Original BCP-02 https://gcve.eu/bcp/gcve-bcp-02/ -
cpe-editor v1.0.0 released : Establishing the Foundation for Collaborative CPE & PURL Mapping
Release note - https://github.com/gcve-eu/cpe-editor/releases/tag/v1.0.0
Online version - https://cpe.gcve.eu/ -
cpe-editor v1.0.0 released : Establishing the Foundation for Collaborative CPE & PURL Mapping
Release note - https://github.com/gcve-eu/cpe-editor/releases/tag/v1.0.0
Online version - https://cpe.gcve.eu/ -
📢 Vulnerability-Lookup 5.1.0 released!
New CNA Publication Service: publish vulnerabilities from your local instance (GCVE) directly to the official CVE Program via MITRE's CVE Services — one record, two identifiers, no duplication, with built-in moderation as part of CVD.
Plus: exploited-CVE ratio statistics, CSAF advisories in full-text search, and UI improvements.
https://www.vulnerability-lookup.org/2026/06/11/vulnerability-lookup-5-1-0/
-
📢 Vulnerability-Lookup 5.1.0 released!
New CNA Publication Service: publish vulnerabilities from your local instance (GCVE) directly to the official CVE Program via MITRE's CVE Services — one record, two identifiers, no duplication, with built-in moderation as part of CVD.
Plus: exploited-CVE ratio statistics, CSAF advisories in full-text search, and UI improvements.
https://www.vulnerability-lookup.org/2026/06/11/vulnerability-lookup-5-1-0/
-
Playing with CSAF 2.1 CSD02 and GCVE extensions.
https://discourse.ossbase.org/t/csaf-and-gcve-bcp-05-extensions/1093
I think more and more that having GCVE extension on all vulnerability standard format makes much more sense nowadays.
-
Playing with CSAF 2.1 CSD02 and GCVE extensions.
https://discourse.ossbase.org/t/csaf-and-gcve-bcp-05-extensions/1093
I think more and more that having GCVE extension on all vulnerability standard format makes much more sense nowadays.
-
I'm now GNA 119 under CIRCL's GCVE system — a decentralized vulnerability
identification authority. I have authority to mint vulnerability
identifiers for cloud findings, including ones where vendor CNAs decline
to issue CVEs.I could start assigning IDs to my own research today. I won't.
Cloud vulnerability validation shouldn't be one person's judgment. Mine
or anyone else's.I'm forming a consensus panel of practitioners for each major cloud
platform — AWS, GCP, Azure, and managed services. GCVE-119 allocations
will go through panel review, not solo decisions.Charter, scope, and membership criteria coming. Community input on
structure welcome before anything is finalized.Background on GCVE and the cloud finding gap:
https://olearysec.com/gcve/ -
I'm now GNA 119 under CIRCL's GCVE system — a decentralized vulnerability
identification authority. I have authority to mint vulnerability
identifiers for cloud findings, including ones where vendor CNAs decline
to issue CVEs.I could start assigning IDs to my own research today. I won't.
Cloud vulnerability validation shouldn't be one person's judgment. Mine
or anyone else's.I'm forming a consensus panel of practitioners for each major cloud
platform — AWS, GCP, Azure, and managed services. GCVE-119 allocations
will go through panel review, not solo decisions.Charter, scope, and membership criteria coming. Community input on
structure welcome before anything is finalized.Background on GCVE and the cloud finding gap:
https://olearysec.com/gcve/ -
RE: https://infosec.exchange/@sambowne/116593682047881738
If I understood #GCVE correctly, this is exactly the sort of case where you want to use this process to assign a #GCVE identifier, @adulau -> what do you think?
-
RE: https://infosec.exchange/@sambowne/116593682047881738
If I understood #GCVE correctly, this is exactly the sort of case where you want to use this process to assign a #GCVE identifier, @adulau -> what do you think?
-
GCVE has published a description of the scope of a GCVE record. It is based on feedback, misunderstandings from articles about the GCVE initiative, and ideas from GNAs actually assigning IDs.
The document is still in draft before in a final publication. Feedback is welcome via the standard Discourse platform.
BCP-09 -> https://gcve.eu/bcp/gcve-bcp-09/
#gcve #cve #vulnerability #opensource #vulnerability #cybersecurity
-
GCVE has published a description of the scope of a GCVE record. It is based on feedback, misunderstandings from articles about the GCVE initiative, and ideas from GNAs actually assigning IDs.
The document is still in draft before in a final publication. Feedback is welcome via the standard Discourse platform.
BCP-09 -> https://gcve.eu/bcp/gcve-bcp-09/
#gcve #cve #vulnerability #opensource #vulnerability #cybersecurity
-
@Le_suisse @ariadne @gregkh @wdormann @Viss @andrewnez @Di4na
Yes! The #GCVE folks are really on the ball about all this
I would be willing to bet a milkshake they will be one of the more authoritative sources in the future
-
@Le_suisse @ariadne @gregkh @wdormann @Viss @andrewnez @Di4na
Yes! The #GCVE folks are really on the ball about all this
I would be willing to bet a milkshake they will be one of the more authoritative sources in the future
-
RE: https://social.circl.lu/@gcve/116472772889791098
After the recent hackathon and the feedback from different contributors, we published a first draft version of GCVE-BCP-10 to refresh the Common Platform Enumeration model.
https://infosec.exchange/@gcve@social.circl.lu/116472772989905449
-
RE: https://social.circl.lu/@gcve/116472772889791098
After the recent hackathon and the feedback from different contributors, we published a first draft version of GCVE-BCP-10 to refresh the Common Platform Enumeration model.
https://infosec.exchange/@gcve@social.circl.lu/116472772989905449
-
Does anyone know how to report errors to https://db.gcve.eu/? Just their
info@mail? I looked up CVE-2026-6042 and CVE-2026-40200 there because I was annoyed that the NVD database (which #Buildroot uses for automated vulnerability checks) still didn't have them correctly labeled with the CPE (so automated tools can't identify the package is vulnerable).
Result: CVE-2026-40200 is correctly labeled (good!), while CVE-2026-6042 is not (different vendor/product). Mistakes happen, an organization that's trying to run as serious vulnerability DB really needs to provide an obvious "report errors here" mail address (or other means, but really… mail). :neocat_glare: #CVE #GCVE -
Does anyone know how to report errors to https://db.gcve.eu/? Just their
info@mail? I looked up CVE-2026-6042 and CVE-2026-40200 there because I was annoyed that the NVD database (which #Buildroot uses for automated vulnerability checks) still didn't have them correctly labeled with the CPE (so automated tools can't identify the package is vulnerable).
Result: CVE-2026-40200 is correctly labeled (good!), while CVE-2026-6042 is not (different vendor/product). Mistakes happen, an organization that's trying to run as serious vulnerability DB really needs to provide an obvious "report errors here" mail address (or other means, but really… mail). :neocat_glare: #CVE #GCVE -
Heureux de lire un article qui comprend bien les enjeux de la gestion des vulnérabilités et qui reflète bien notre démarche avec le projet GCVE.
"Le Global CVE Allocation System, soutenu par l’UE, a été lancé début janvier. Cet événement fait suite aux problématiques de financement du programme CVE, opéré par MITRE Corporation et soutenu par le gouvernement américain. L’initiative illustre la manière dont l’UE affirme son influence normative tout en atténuant sa dépendance aux infrastructures non européennes. Cette dimension prend toute son importance à l’heure du retour de la compétition entre grandes puissances."
#gcve #cve #europe #vulnerabilitymanagement #opensource #opendata
-
Heureux de lire un article qui comprend bien les enjeux de la gestion des vulnérabilités et qui reflète bien notre démarche avec le projet GCVE.
"Le Global CVE Allocation System, soutenu par l’UE, a été lancé début janvier. Cet événement fait suite aux problématiques de financement du programme CVE, opéré par MITRE Corporation et soutenu par le gouvernement américain. L’initiative illustre la manière dont l’UE affirme son influence normative tout en atténuant sa dépendance aux infrastructures non européennes. Cette dimension prend toute son importance à l’heure du retour de la compétition entre grandes puissances."
#gcve #cve #europe #vulnerabilitymanagement #opensource #opendata
-
Working on a prototype for collaborative CPE editing, including relationship handling. It is starting to come together, and I see a lot of potential in extending the CPE format to make it more useful.
Maybe join me at hackathon.lu if you want to be part of this.