Announce
GCVE January 2026 - News and Updates
The last days have been a bit wild for the GCVE.eu initiative. What started as steady work suddenly picked up real momentum: The public GCVE.eu database instance - https://db.gcve.eu/ - caught the attention of the media, sparking discussions well beyond our usual circles We published updates to the GCVE KEV Assertion Standard Format (BCP-07), refining how known-exploited information can be asserted and shared GCVE-BCP-02 - Practical Guide to Vulnerability Handling and Disclosure has been updated to improve the recommendations on vendor feed generation Vulnerability-Lookup 2.21.0 was released, bringing improvements aligned with the GCVE ecosystem We received a lot of valuable feedback especially on the specs, the tooling, and the overall direction New GNAs joined the GCVE directory, and new contributors stepped in to help shape both the specifications and the software Seeing this level of engagement, critique, and contribution in such a short time is incredibly motivating. It reinforces why an open, decentralized, and collaborative approach to vulnerability identification and sharing matters.
January 26, 2026
GCVE Announces the Launch of db.gcve.eu: A New Open Public Vulnerability Advisory Database
Luxembourg, 2026/01/07 - The GCVE initiative is proud to announce the public launch of db.gcve.eu, a new open and freely accessible vulnerability advisory database. The platform aggregates and correlates vulnerability information from more than 25 public sources, including GCVE GNA (Numbering Authority) sources and other established vulnerability databases. The goal of db.gcve.eu is to provide the community with a single, unified, and openly accessible reference point for vulnerability intelligence, enabling defenders, researchers, CSIRTs, vendors, and open-source projects to more easily track, correlate, and analyze security advisories across ecosystems.
January 7, 2026
GCVE: Global CVE Allocation System - A Year in Review
GCVE in 8 Months: Building a Decentralized Vulnerability Identification SystemIn less than a year, in practice, just eight months, the GCVE initiative went from concept to a fully operational, decentralized vulnerability identification and publication system. This post summarizes what we built, why it matters, and where we stand today. A New Model for Vulnerability Identification GCVE was created to address a long-standing structural limitation in vulnerability management: centralized allocation and control.
December 23, 2025
GCVE: Global CVE Allocation System - Video and Presentation Published (VSS 2025)
During CIRCL VSS 2025, we introduced the GCVE initiative and outlined the process for becoming a GNA. The presentation covered the initiative’s history, objectives, tools, and the current distributed publication framework. A video recording of the session is now available for viewing. Presentation in PDF: https://gcve.eu/presentation/gcve-eu-vss-2025.pdf Video :television: https://youtu.be/Va3almPab1M
July 22, 2025
Join Us at the FIRSTCON25 Hackathon: Advancing GCVE.eu Initiative
We will be at the first FIRST.org hackathon, organized during the FIRST Annual Conference in Copenhagen. The hackathon, FIRSTCON25, will take place in person at the 37th Annual FIRST Conference on Sunday, 22nd June, in Copenhagen. During the hackathon, various topics and projects (not limited to the following) can be tackled: Improving the software stack to support and distribute the directory. Enhancing existing BCPs. Reviewing and assisting in the creation of new BCPs. Improving the vulnerability-lookup.org software stack used by GCVE.eu users. For more details about the proposed GCVE activities at the FIRST.org hackathon, and to follow live updates, visit the discussion link.
June 19, 2025
GCVE Releases Draft Standard BCP-03 for Decentralized Vulnerability Publication
A Best Current Practice (BCP) in the context of the GCVE.eu project is a community-driven guideline that documents recommended procedures, configurations, or operational principles to support the secure, reliable, and consistent implementation of GCVE-related infrastructure, tools, and services. The GCVE Working Group has released the draft for BCP-03, a new Decentralized Publication Standard. This standard allows Global Naming Authorities (GNAs) to publish vulnerability information directly via HTTP REST APIs or static files, removing reliance on a central system. Clients can discover these publication endpoints through the GCVE directory, enabling them to pull data from their own curated set of trusted sources. To facilitate adoption, a reference implementation is available in the open-source Vulnerability-Lookup project.
June 10, 2025
The first publication of the GCVE-BCP-01 - Signature Verification of the Directory File
A Best Current Practice (BCP) in the context of the GCVE.eu project is a community-driven guideline that documents recommended procedures, configurations, or operational principles to support the secure, reliable, and consistent implementation of GCVE-related infrastructure, tools, and services. GCVE.eu has published its first Best Current Practice document, GCVE-BCP-01, which outlines the recommended method for verifying the integrity and authenticity of the GCVE directory file using OpenSSL and a public key. This BCP ensures that all consumers of the directory validate the file’s signature before use, reinforcing trust and security within the GCVE ecosystem. All implementers and users are strongly encouraged to follow the outlined verification process. The BCP is a draft for public review. Feedback is more than welcome.
April 25, 2025
GCVE - Global CVE Allocation System Announced
Introducing the Global CVE (GCVE) Allocation System (https://gcve.eu), a new decentralized approach to identifying and numbering security vulnerabilities. GCVE empowers independent GCVE Numbering Authorities (GNAs) to assign vulnerability IDs directly, offering greater autonomy and speed compared to traditional centralized methods. This system is designed to complement the existing CVE® program, ensuring seamless compatibility by representing all standard CVEs under the reserved GNA ID 0. The primary benefits of GCVE include enhanced flexibility for participating organizations to define their own processes, improved scalability by removing central bottlenecks, and decentralized allocation managed by the GNAs themselves. We invite organizations involved in vulnerability management to explore this new system and consider becoming a GNA. For more details, visit https://gcve.eu or contact info@gcve.eu.
April 16, 2025