Today we’re releasing Vulnerability-Lookup 4.0.0, and this is a big one.
🔄 Remote Instance Synchronization
This version is paving the way for federated deployments of Vulnerability-Lookup instances. You can now synchronize multiple Vulnerability-Lookup instances and share:
- 💬 Comments
- 📦 Bundles
- 👁️ Sightings
- 🚨 KEV entries (GCVE BCP-07)
This introduces a true federated model for vulnerability intelligence sharing.
Full breakdown available here:
👉 vulnerability-lookup.org/…/vulnerability-lookup-4…
Let’s take a look at all the notable changes.
🔁 Remote Instance Synchronization – What’s Inside
This release introduces a complete sync engine designed for reliability, transparency, and operational control.
A local instance can now pull objects — including bundles, comments, sightings, and KEV entries — from configured remote Vulnerability-Lookup instances via their public APIs.
The synchronization engine includes:
- Remote instance management with per-object-type synchronization controls
- Timestamp-based update detection to keep data consistent
- Asynchronous scheduler with graceful shutdown support
- CLI command and systemd service template for automation
- Administrative controls to trigger synchronization manually
- Visual indicators in the interface to clearly identify synchronized objects
🔌 Feeder Improvements
Expanded data ingestion:
- New RustSec OSV feeder
- New OSS-Fuzz feeder (with YAML support in OSV)
- More generic CSAF and OSV templates
This strengthens Vulnerability-Lookup’s position as a correlation hub across heterogeneous vulnerability sources.
🎨 UI Improvements
- Redesigned global dashboard layout for better visibility and structure.
More details:
👉 vulnerability-lookup.org/…/vulnerability-lookup-4…
If you’re running Vulnerability-Lookup and interested in interconnecting instances across organizations or teams — this release is for you.
🔗 Project: https://www.vulnerability-lookup.org/ 📦 Code: https://github.com/vulnerability-lookup/vulnerability-lookup
Feedback, experiments, and federated setups welcome.
Feel free to create an account on the instance operated by CIRCL (Computer Incident Response Center Luxembourg):
💶🇪🇺 Funding
Vulnerability-Lookup is co-funded by CIRCL (Computer Incident Response Center Luxembourg) and by the European Union via the hashtag hashtag#NGSOTI project. More information on the page from Restena Foundation: www.restena.lu/en/project/ngsoti
#VulnerabilityManagement #CVE #KEV #GCVE #CVD #CyberSecurity #Federation
Vulnerability-Lookup 4.0.0 is out – Federation is here
Submitted 3 days ago by cm0002@toast.ooo to cybersecurity@infosec.pub
https://www.vulnerability-lookup.org/2026/02/16/vulnerability-lookup-4-0-0/
