db.gcve.eu updated with Vulnerability-Lookup 4.0: Enabling Federated Vulnerability Intelligence
Following the initial announcement of db.gcve.eu, the GCVE project is pleased to announce a major update of the platform. The service is now running the latest version of Vulnerability-Lookup (4.0), introducing federated synchronisation capabilities that significantly expand how vulnerability intelligence can be shared, enriched, and consumed across organisations.
From a Database to a Federated Ecosystem
With the integration of Vulnerability-Lookup 4.0, db.gcve.eu evolves from a standalone vulnerability database into a federated intelligence platform. The new version introduces synchronisation mechanisms allowing multiple independent instances (being GNA or not) to exchange structured information, including:
- Known Exploited Vulnerabilities (KEV)
- Sightings
- Bundles
- Comments
This update represents an important milestone for GCVE’s vision: enabling decentralised and autonomous vulnerability publication while maintaining interoperability between participants.
Supporting GCVE Numbering Authorities (GNA)
The GCVE ecosystem is designed to empower GCVE Numbering Authorities (GNAs) with full autonomy. Organisations acting as GNAs can now:
- Publish vulnerability information independently
- Maintain their own infrastructure and policies
- Synchronise selected datasets with trusted peers
- Contribute to a global vulnerability intelligence network without relying on a central authority
This federated model aligns with GCVE’s core principle: decentralisation with collaboration.
Federation in Practice
The updated db.gcve.eu already synchronises with multiple Vulnerability-Lookup instances. For example, the CIRCL instance contributes a continuously growing log of vulnerability sightings, enriching the shared ecosystem with operational intelligence observed in the wild.
Each participating organisation remains fully in control of what is shared. Instances can selectively expose or consume:
- KEV data
- Sighting information
- Analytical bundles
- Community comments
This approach enables trusted collaboration while respecting organisational boundaries and data-sharing policies.
A System for Everyone — Not Only GNAs
While GCVE provides a framework for vulnerability numbering and publication, the benefits of the federated system extend far beyond GNAs.
Any organisation worldwide can deploy its own Vulnerability-Lookup instance to:
- Maintain an internal vulnerability knowledge base
- Aggregate intelligence from a broader federation
- Enrich local analysis with crowdsourced context
- Share intelligence back with the community when willing to do so
In practice, organisations gain access to a distributed intelligence network while keeping full ownership of their data and infrastructure.
Toward Autonomous Vulnerability Intelligence
The update of db.gcve.eu demonstrates how decentralised vulnerability management can scale through federation rather than centralisation. By combining GCVE’s autonomous numbering model with Vulnerability-Lookup’s synchronisation capabilities, organisations can now participate in a collaborative ecosystem that is:
- Distributed
- Interoperable
- Autonomous
- Community-driven
This is another step toward a resilient, open, and globally distributed vulnerability intelligence infrastructure.
Organisations interested in running their own instance or participating in the federation are encouraged to follow technical documentation and deployment guides.
Contact
For questions, feedback, or collaboration inquiries, please contact: info@gcve.eu or gna@gcve.eu if you want to become a GNA or announcing that you run an instance.