GCVE - Open Data
Reusable vulnerability intelligence
Open data in the GCVE ecosystem
Public, machine-readable vulnerability data sets that help researchers, operators, vendors, and GCVE Numbering Authorities build transparent vulnerability intelligence workflows.
Open dumps for vulnerability lookup, enrichment, correlation, research, and automation.
The GCVE ecosystem encourages the publication of open, reusable, and machine-readable vulnerability data. The resources below are intended for downstream consumers who want to mirror data, build vulnerability intelligence pipelines, enrich records, validate tooling, or perform independent research.
Primary open data resources
Aggregated source dumps
Vulnerability-Lookup JSON dumps
Vulnerability-Lookup publishes JSON dumps for all indexed sources, including GCVE Numbering Authority data sets such as gna-1 and gna-1337. The upstream dump index is regenerated by Vulnerability-Lookup and should be treated as the canonical list for availability.
- Includes vulnerability, CSAF, OSV, CVE, GCVE/GNA, enrichment, comments, sightings, bundle, and exploitation-related sources.
- Useful for offline analysis, mirroring, data fusion, and correlation in GCVE-compatible systems.
- Current upstream dump index reported generation time: 2026-06-01 03:22:02 UTC.
AI-assisted and VL metadata
GCVE enriched dumps
The gcve-enriched-dumps repository provides vulnerability advisories automatically enriched with GCVE AI-assisted annotations and Vulnerability-Lookup metadata while preserving compatibility with the original CVE JSON record structure.
- Publishes enriched CVE JSON records derived from upstream CVE List V5 data.
- Adds GCVE AI annotation metadata under
x_gcve. - Adds complementary Vulnerability-Lookup metadata under
vulnerability-lookup:meta.
Vulnerability-Lookup dump sources
The following source dumps are currently listed by the public Vulnerability-Lookup dump index. Each link points directly to the corresponding source directory under https://vulnerability.circl.lu/dumps/.
- csaf_himapaulhildebrandtgmbh
- csaf_carlogavazziautomation
- csaf_murrelektronikgmbh
- csaf_mettlertoledogmbh
- csaf_aumariestergmbhcokg
- csaf_certvde
- csaf_bendergmbhcokg
- cnw_known_exploited
- csaf_frauschersensortechnikgmbh
- csaf_ifmelectronicgmbh
- csaf_janitzaelectronicsgmbh
- csaf_adstecindustrialitgmbh
- csaf_lenzese
- csaf_mieleciekg
- csaf_sauterag
- csaf_swarcotrafficsystemsgmbh
- csaf_beckhoffautomationgmbhcokg
- csaf_trustsource
- csaf_smasolartechnologyag
- csaf_vartastoragegmbh
- csaf_helmholzgmbhcokg
- csaf_endresshauserag
- csaf_mbconnectlinegmbh
- csaf_welotecgmbh
- csaf_ox
- csaf_pilzgmbhcokg
- csaf_festosecokg
- csaf_weidmuellerinterfacegmbhcokg
- csaf_trumpfsecokg
- csaf_wiesemanntheisgmbh
- csaf_codesysgmbh
- gna-1337
- csaf_pepperlfuchsse
- csaf_abb
- drupal
- csaf_nozominetworks
- csaf_sick
- csaf_wagogmbhcokg
- emb3d
- gna-1
- osv_ocaml
- moksha
- osv_haskell
- csaf_phoenixcontactgmbhcokg
- tailscale
- csaf_se
- capec
- certfr_alerte
- cwec
- csaf_siemens
- csaf_ncscnl
- osv_rustsec
- cleanstart
- jvndb
- pysec
- osv_almalinux
- osv_ossfuzz
- csaf_cisa
- csaf_cisco
- bitnami_vulndb
- csaf_certbund
- csaf_opensuse
- csaf_microsoft
- certfr_avis
- csaf_suse
- variot
- vulnrichment
- fstec
- csaf_redhat
- cnvd
- epss
- github
- gsd
- fkie_nvd
- ossf_malicious_packages
- nvd
- cvelistv5
- comments
- bundles
- sightings
- kev_entries
Consumption guidance
- Use the upstream dump indexes as the source of truth for live availability and refresh cadence.
- Treat enrichment and AI-assisted data as complementary vulnerability intelligence signals rather than authoritative vulnerability scoring.
- Preserve source attribution when redistributing or combining dumps.
- Validate operational decisions against vendor advisories, CNA records, exploit intelligence, and other trusted sources before taking high-impact actions.