Product-Ready Context from 200+ SourcesVulners Vulnerability Intelligence API gives product teams and corporate security engineers a direct line to high-signal, correlated data—so your features reflect what’s actually risky now, not just static scores. One API returns normalized context (metrics, exploits, KEV, patches, references) your UI and automations can use immediately.
What’s Unique: Source Depth You Won’t Find ElsewhereWe combine broad coverage with hard-to-get signals. Vulners runs first-party PoC collectors on GitHub and Gitee with smart de-duplication/noise filtering, then cross-links those findings with KEV and standard metrics. You’re drawing from 200+ security advisory sources and millions of entries—kept fresh and product-ready.
Representative Source Families (examples)- Vendor Advisories: Red Hat, Oracle, F5, Check Point—pulled and normalized so vendor specifics become consistent downstream.
- Linux Distributions: Ubuntu USN, SUSE/openSUSE, Oracle Linux—distribution-native advisories for server fleets and containers.
- Blogs & Security News: The Hacker News, Schneier on Security, HackRead, Qualys Blog—context and emerging-threat narrative, unified with CVEs.
- Exploit Sources: Exploit-DB, Metasploit, Packet Storm, Seebug, plus GitHub/Gitee PoCs—correlated to CVEs with timelines and references.
- CVE & Catalogs: CVE List, NVD, CISA KEV, and Vulnrichment—authoritative identifiers with enrichment and “exploited-in-the-wild” signals.
- Windows/Microsoft Sources: MSRC, MSKB, Microsoft Security and Defender (MMPC) feeds—Patch Tuesday to threat intel in one place.
Snapshot of scale:
5M+ advisories & articles
218+ vendor/news sources Core Capabilities You Plug In- Intelligence (single-call enrichment): CVSS (with vectors), EPSS, KEV, CWE, patches, exploit refs, and Vulners AI Risk—normalized JSON for tooltips, drill-downs, and “fix-first” queues.
- Assessment (map assets to CVEs): Send product/version or asset lists; get accurate matches fast enough for CI/CD and estate-wide checks.
- Exploits & KEV (what’s actively dangerous): Custom GitHub/Gitee PoC parsing + Exploit-DB/Metasploit/Packet Storm/Seebug and KEV—so you can flag “exploited + present here,” show timelines/PoCs, and reorder backlogs by reality.
- Alerts (push what matters): Subscriptions by product, severity, keywords/tags (RCE, zero-day) via webhook/email.
- Datasets (sync at scale): Archive exports of the graph-linked corpus with add/update timestamps for analytics and reproducibility.
- MCP (optional for agents): Let copilots fetch live CVE context on demand—today’s CVE with today’s facts.