Welcome to Vulners¶
Vulners.com is the most complete and the only fully correlated security intelligence database, which goes through constant updates and links 200+ data sources in a unified machine-readable format. It contains 8 mln+ entries, including CVEs, advisories, exploits, and IoCs — everything you need to stay abreast on the latest security threats.
The following documentation will answer any questions you may have.
Lucene-based queries¶
The Vulners database is based on a search engine with Lucene queries, which you can use in your requests:
- AND
"apache" AND "vulnerabilities"
- OR
"apache" OR "Lucene"
- NOT
NOT type:"robot"
- Boolean Operators
- Grouping
(Lucene OR apache) AND website
- Special characters
+ - && || ! ( ) { } [ ] ^ " ~ * ? : \
- Range Searches
status:[400 TO 499]
Below are some basic examples for clarity.
Examples and search snippets¶
-
Your website unpatched vulnerabilities at the Openbugbounty:
type:openbugbounty AND title:"your-domain-here.com" AND openbugbounty.patchStatus:unpatched
-
Software vulnerabilities, e.g., Firefox:
-
Software vulnerabilities for exact version. Nginx 1.11.0 vulnerabilities:
affectedSoftware.name:nginx AND affectedSoftware.version:"1.11.0"
-
Software vulnerabilities, wildcard version, CVSS score range. Nginx 1.9* and CVSS score between 7 to 10:
affectedSoftware.name:nginx AND affectedSoftware.version:1.9* AND cvss.score:[7 TO 10]
-
Package vulnerabilities in some OS. Installed packages vulnerabilities for any PHP in SUSE:
affectedPackage.packageName:php* AND type:suse order:published
-
Search for php4 vulnerabilities in SUSE and CentOS or php4 exploits, excluding OpenVAS and Nessus plugins:
-
Looking for affected CVE number in collection. OpenWRT vulnerabilities for CVE-2016-0799:
-
Extension vulnerabilities in TYPO3. Vulnerable div2007 extension for TYPO3:
-
AWS сredentials leakage in Android Google Play repository:
-
Nmap NSE scripts updates:
-
Most expensive publicly disclosed Yahoo vulnerabilities:
-
Exploits with "Selinux" in source code sorted by CVSS score:
-
Microsoft vulnerabilities with CVSS score in range 6 to 10 in CVE catalog sorted by date:
(type:cve AND cvss.score:[6 TO 10] AND description:"Microsoft") order:published
-
Search CentOS vulnerabilities with title, starting with "Critical" or "Important" and NETWORK in CVSS vector:
-
Use
*
to find an existing field and-
to find a missing field: