1. Common Vulnerabilities and Exposures (CVE)
CVE (Common Vulnerability and Exposures) is a list of entries, each containing an identification number, a description, and at least one public reference – for publicly known cyber security vulnerabilities. CVE Entries are used in numerous cyber security products and services from around the world, including the U.S. National Vulnerability Database (NVD).
By 13th January 2017, total number of CVE Entries are 95193
2. National Vulnerability Database (NVD)
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
3. US-CERT Vulnerability Notes Database
The Vulnerability Notes Database provides information about software vulnerabilities. Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Most Vulnerability Notes are the result of private coordination and disclosure efforts. For more comprehensive coverage of public vulnerability reports, consider the National Vulnerability Database (NVD).
- Report a Vulnerability – https://vulcoord.cert.org/VulReport/
- Official Website Link – https://www.kb.cert.org/vuls/
4. Seclists Full-Disclosure
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the BugTraq moderation queue.
- Official Website – http://seclists.org/fulldisclosure/
5. BugTraq (BID)
BugTraq is a high volume, full disclosure mailing list for the detailed discussion and announcement of computer security vulnerabilities. BugTraq serves as the cornerstone of the Internet-wide security community. The Security Focus Vulnerability Database provides security professionals with the most up-to-date information on vulnerabilities for all platforms and services.
- Official Website – http://www.securityfocus.com/bid/
The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is a non-profit project that is provided as a public service by Offensive Security.
7. Microsoft Security Bulletins
Announcements of security issues discovered in Microsoft software, published by the Microsoft Security Response Center (MSRC).
- Official Website – https://technet.microsoft.com/en-us/security/bulletins#sec_search
8. Microsoft Security Advisories
Microsoft Security Advisories, a supplement to the Microsoft Security Bulletins, address security changes that may not require a security bulletin but that may still affect customers’ overall security.
Microsoft Security Advisories are a way for Microsoft to communicate security information to customers about issues that may not be classified as vulnerabilities and may not require a security bulletin. Each advisory is accompanied with a unique Microsoft Knowledge Base Article number for reference to provide additional information about the changes.
- Official Website – https://technet.microsoft.com/en-us/security/advisories#APUMA
9. Mozilla Foundation Security Advisories
Here you will find alerts and announcements on security and privacy issues, general tips for surfing the Web and using email more securely, more information about how we maintain and enhance the security of our products, and useful links for Web developers.
- Official Website – https://www.mozilla.org/security/advisories/
10. Packet Storm Security
Packet Storm provides around-the-clock information and tools in order to help mitigate both personal data and fiscal loss on a global scale. The site is meant to provide a unique service to everyone on the Internet – shedding full light on real security issues that may affect them.
It is home to system administrators who need to keep their network up to date, security researchers who discover and report new findings, governments and corporations that need to understand current events, security vendors that want to develop new signatures for their software, and many others. Get involved and help secure the world.
- Official Website – https://packetstormsecurity.com/files/
11. CXSecurity Bugtraq
(WLB2) World Laboratory of Bugtraq is a huge collection of information on data communications safety. Its main objective is to inform about errors in various applications.
The WLB tolerance does not exclude information on errors in a configuration or other entries of this kind of dangerous operations character. One of the basic foundations of “World Laboratory of Bugtraq” is interaction with users. Each safety note, can be reported, and then verified by the CXSecurity.
SecuriTeam is a small group within Beyond Security dedicated to bringing you the latest news and utilities in computer security. SecuriTeam is a central Security web site containing all the newest security information from various mailing lists, hacker channels and our own tools and knowledge.
- Official Website – http://www.securiteam.com/
13. Vulnerability Lab
The official Vulnerability Laboratory helps with the world’s first independent bug bounty hacker community. Leverage their skills and creativity to surface your critical vulnerabilities before criminals can exploit them. The famous Vulnerability Laboratory platform seamlessly tracks all your reports, organizes your team and helps you coordinate an effective response.
Their top researchers have published over hundreds of individual discovered vulnerabilities in popular or famous software, hardware, systems and web-application products.
- Official Website – https://www.vulnerability-lab.com/
- Follow on Twitter – https://twitter.com/vuln_lab
14. TippingPoint Zero Day Initiative
Trend Micro’s Zero Day Initiative (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
TippingPoint’s goal for the Zero Day Initiative is to provide the customers with the world’s best intrusion prevention systems and secure converged networking infrastructure.
- Official Website – http://zerodayinitiative.com/advisories/published/
- Follow on Twitter – https://twitter.com/thezdi
Vulners is the one of the best complete package of Vulnerability database which provides an ease of search. All vulnerabilities have related references, definitions and severity which complete full information of any known bulletins.
- Official Website – https://vulners.com/
16. Inj3ct0r (Onion service)
Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals. Their aim is to collect exploits from submittals and various mailing lists and concentrate them in one, easy-to-navigate database.
- Official Website – https://www.0day.today/
- Available within TOR – http://mvfjfugdwgc5uwho.onion
- Follow Inj3ctor on Twitter – https://twitter.com/inj3ct0r
17. Open Source Vulnerability Database (OSVDB)
OSVDB’s goal is to provide accurate and unbiased information about security vulnerabilities in computerized equipment. The OSVDB blog discusses various topics related to vulnerabilities including disclosure, running a vulnerability database (VDB), and more.
- Official Website – https://osvdb.org/
HPI-VDB portal is the result of research work conducted by IT-Security Engineering Team at HPI. It is a comprehensive and up-to-date repository which contains a large number of known vulnerabilities of Software. The vulnerability information being gathered from Internet is evaluated, normalized, and centralized in the high performance database.
The textual descriptions about each vulnerability entry are grabbed from the public portals of other vulnerability databases, software vendors, etc. A well-structured data model is proposed to host all pieces of information which is related to the specific vulnerability entry.
- Official Website – https://hpi-vdb.de/