Developed under the NIS2 Directive, the EUVD is now operational and aims to provide a centralized, reliable, and actionable repository of information on cybersecurity vulnerabilities affecting Information and Communication Technology (ICT) products and services.
The EUVD aggregates data from a wide array of sources, including Computer Security Incident Response Teams (CSIRTs), ICT vendors, and established vulnerability databases such as MITRE’s Common Vulnerabilities and Exposures (CVE) program.
The platform is designed to ensure high interconnection and integration of publicly available information, supporting deeper analysis and improved correlation of vulnerabilities.
By leveraging open-source tools like Vulnerability-Lookup, the EUVD enables more effective cybersecurity risk management and situational awareness, ultimately reducing exposure to threats.
Henna Virkkunen, European Commission Executive Vice-President for Tech Sovereignty, Security and Democracy, emphasized the strategic importance of the initiative:
The EUVD is accessible to the public, including IT suppliers, service entities, national authorities, private companies, and researchers.
The database offers three dashboard views:
Each entry includes a description, affected products or services, severity, exploitation methods, and available mitigation measures or patches.
The use of the Common Security Advisory Framework (CSAF) ensures compatibility with automated vulnerability management systems.
ENISA’s role extends beyond maintaining the database. Since January 2024, ENISA has operated as a CVE Numbering Authority (CNA), allowing it to assign CVE identifiers to vulnerabilities discovered by or reported to EU CSIRTs.
This integration supports coordinated vulnerability disclosure and aligns with international standards, ensuring the EUVD complements, rather than replaces, global efforts like MITRE’s CVE Program.
Juhan Lepassaar, Executive Director at ENISA, highlighted the achievement:
ENISA has announced that 2025 will focus on further developing the EUVD, incorporating feedback from stakeholders to enhance its services and adapt to the evolving cybersecurity landscape.
The agency’s proactive approach aims to ensure the database remains a trusted, transparent, and comprehensive source of vulnerability intelligence for Europe and beyond.
While the EUVD arrives amid uncertainty surrounding the future funding of the MITRE CVE Program, experts stress that the EUVD is intended to complement, not supplant, existing global databases.
Its launch is seen as a prudent move to reduce reliance on a single system and to provide redundancy and regional customization for European stakeholders.
The debut of the EUVD represents a significant advancement in Europe’s cybersecurity infrastructure, promising enhanced situational awareness, improved risk management, and greater digital autonomy for the continent.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
The post ENISA Introduces European Vulnerability Database to Boost Digital Security appeared first on Cyber Security News.
On Friday afternoon, Donald Trump posted on Truth Social, accusing Anthropic, the AI company behind…
For years, taking down a botnet meant finding its command-and-control (C2) server, seizing the domain,…
A Go-based command-and-control (C2) framework originally marketed within Chinese-speaking offensive security communities has been quietly…
A newly discovered malware campaign has been quietly targeting educational institutions and healthcare organizations across…
New filings announced last week aim to stop the Trump administration from further restricting federal…
Bluepoint, the studio behind the successful Shadow of the Colossus and Demon's Souls remakes, reportedly…
This website uses cookies.