In support of the Network and Information Security Directive, which aims at establishing a common level of cybersecurity across the EU, the European Union Agency for Cybersecurity (ENISA) has developed and launched the European Vulnerability Database. This tool is designed to improve the EU’s ability to detect, assess and coordinate responses to cybersecurity vulnerabilities.
This is the result of a broader collaborative effort between ENISA, EU Member States and international organizations including MITRE’s CVE Programme. Since January 2024, ENISA has also served as a CVE Numbering Authority, enabling it to assign CVE identifiers to vulnerabilities discovered or reported by EU CSIRTs. These actions contribute to building a more transparent and consistent vulnerability ecosystem in Europe, in alignment with Member States’ Coordinated Vulnerability Disclosure policies.
“The EU Vulnerability Database is a major step towards reinforcing Europe's security and resilience. By bringing together vulnerability information relevant to the EU market, we are raising cybersecurity standards, enabling both private and public sector stakeholders to better protect our shared digital spaces with greater efficiency and autonomy,” said Henna Virkkunen, European Commission Executive Vice-President for Tech Sovereignty, Security and Democracy.
Designed as a trusted and transparent resource, the European Vulnerability Database provides key information on vulnerabilities affecting Information and Communication Technology products and services. It has been designed based on a holistic approach, interconnecting multiple databases and sources, thus facilitating analyses and correlation of vulnerabilities. This aligns and support the Vulnerability-Lookup, the open-source software that streamlines the management of Coordinated Vulnerability Disclosure.
The European Vulnerability Database is intended to support the public, as well as suppliers of network and information systems, private companies, resources and national authorities such as the EU CSIRTs network. ENISA’s Executive Director, Juhan Lepassaar defined it as “an efficient source of information to find mitigation measures and an essential tool for the EU”.
How does it work?
The European Vulnerability Database displays the information in three dashboards, each offering a different focus: critical vulnerabilities, exploited vulnerabilities and EU coordinated ones.
The data present in the European Vulnerability Database is gathered from open-source databases and is enriched by information provided by national CSIRTs and other guidelines. Usually, this information includes a description of vulnerability, the affected products or services and how this could be mitigated.
Throughout 2025 ENISA will focus on further developing the European Vulnerability Database based on users and stakeholder feedback.