CVDB Integrations extends the Central Vulnerability Database (CVDB) by connecting it to additional authoritative vulnerability intelligence sources — starting with the Japanese Vulnerability Notes (JVN) and the European Union Vulnerability Database (EUVD). Prior to these integrations, customers relying on the CVDB had visibility limited to sources already bundled with the base plugin. CVDB Integrations closes this gap by ingesting, normalizing, and deduplicating advisories from regional databases and mapping them to the CVDB data model.
Each integration parses the source-specific advisory format and maps fields to the CVDB schema — including CVE IDs, affected softwares, severity scores, references, and timestamps. Advisories that carry a CVE identifier are linked to the corresponding canonical CVDB record; advisories without a CVE are persisted as non-CVE records with a unique canonical identifier (e.g., JVN-YYYY-XXXXX, EUVD-YYYY-XXXXX). A deduplication and canonicalization layer ensures that the same vulnerability reported by multiple sources is grouped rather than duplicated.
Source attribution and field-level provenance are preserved for every ingested record. Customers can filter vulnerabilities by source in the VR UI, and the API exposes source metadata to support downstream automation. Monitoring and alerting support is included to surface ingestion failures and track daily advisory counts.
- JVN Integration — Ingests advisories from the Japanese Vulnerability Notes (JVN) database on a scheduled basis, parsing source-specific fields and mapping them to the CVDB schema including CVE linkage, affected software, severity, and references.
- EUVD Integration — Ingests advisories from the European Union Vulnerability Database (EUVD), normalizing records into the CVDB data model and enabling customers to consume EU-sourced vulnerability intelligence alongside NVD and other sources.
- Non-CVE Advisory Support — Handles advisories without CVE identifiers by persisting them as non-CVE records with unique canonical IDs (e.g., JVN-YYYY-XXXXX), and automatically maps them to CVE records when assignments become available.
- Deduplication and Canonicalization — Groups advisories reported by multiple sources on the same vulnerability using CVE IDs, vendor-product-version data, and fuzzy text matching, preventing duplicate records in the CVDB.
- Source Attribution and Provenance — Records the originating source, timestamps, and severity mappings for each ingested advisory, providing full traceability of where vulnerability data originated.
- Source-Filtered UI and API — Enables users to filter vulnerability lists by source (JVN, EUVD) in the VR workspace and exposes source metadata through the API for programmatic querying and downstream automation.
Initial release of the CVDB Integrations plugin, delivering out‑of‑the‑box integrations with the Japanese Vulnerability Notes (JVN) and the European Union Vulnerability Database (EUVD). This release expands the Central Vulnerability Database with regional vulnerability intelligence and adds support for scheduled advisory ingestion, field normalization and deduplication, non‑CVE advisory ingestion with canonical ID assignment, source attribution, and source‑filtered views across the VR UI and APIs.
- Central Vulnerability Database (sn_sec_cvd)
- Vulnerability Integration Framework (sn_vul_int_fw)