The European Union Agency for Cybersecurity (ENISA) has officially launched the European Vulnerability Database (EUVD), a key initiative mandated by the NIS2 Directive.
The operational database, maintained by ENISA, aims to centralize, aggregate, and disseminate reliable cybersecurity vulnerability data relevant to Information and Communication Technology (ICT) products and services.
Why it matters
The core objective of the EUVD is to consolidate publicly available vulnerability information from trusted sources such as Computer Security Incident Response Teams (CSIRTs), vendors, and established databases.
It comes at a time when many are not entirely convinced about the future of the Common Vulnerabilities and Exposures (CVE) program operated by the non-profit Mitre, although CISA intervened in the last minute by extending the contract to 11 months.
Designed to serve a broad range of stakeholders, the EUVD provides actionable information including mitigation guidelines, exploitation status, and detailed descriptions of vulnerabilities. Its development underscores the EU’s commitment to enhancing cybersecurity resilience and transparency across its digital infrastructure.
By leveraging this interconnected approach, the database facilitates more accurate analysis, supports the correlation of vulnerabilities, and improves cybersecurity risk management through the integration of the open-source tool Vulnerability-Lookup.
How the EUVD will work
Accessible to the general public, the EUVD is particularly beneficial for ICT suppliers, national authorities, private companies, and cybersecurity researchers. It enhances situational awareness by offering a broader and more transparent overview of vulnerabilities affecting IT systems and services within the European Union.
Users can interact with three dashboard views provided by the database: critical vulnerabilities, exploited vulnerabilities, and EU-coordinated vulnerabilities. The EU-coordinated section highlights vulnerabilities managed by European CSIRTs and includes contributions from members of the EU CSIRTs network.
Vulnerability data in the EUVD is sourced from open databases and enriched with advisories from national CSIRTs, vendor-issued patch guidelines, and exploitation indicators.
Each record may include details such as the affected products or services, vulnerability severity, potential exploitation methods, and mitigation or patching instructions from relevant authorities.
Commenting on the launch, ENISA Executive Director Juhan Lepassaar stated, “ENISA achieves a milestone with the implementation of the vulnerability database requirement from the NIS 2 Directive. The EU is now equipped with an essential tool designed to substantially improve the management of vulnerabilities and the risks associated with it. The database ensures transparency to all users of the affected ICT products and services and will stand as an efficient source of information to find mitigation measures.”
About Author
