NVD — NIST
Official U.S. government repository of standards-based vulnerability management data. Includes CVSS v3/v2 scores and detailed technical descriptions.
CVE DatabaseCVSS ScoresCWE Types
nvd.nist.gov
CISA KEV
Catalog of actively exploited vulnerabilities maintained by the U.S. Cybersecurity and Infrastructure Security Agency.
Active ExploitsFederal MandatesPatch Deadlines
cisa.gov/kev
Exploit-DB
Public exploit archive maintained by Offensive Security. Covers the last 30 days of published PoC exploits and attack types.
PoC ExploitsShellcodesAttack Types
exploit-db.com
GitHub / OSV.dev
Open-source vulnerability database aggregating GHSA advisories and ecosystem-specific security reports.
GHSA AdvisoriesOSS PackagesSupply Chain
osv.dev
EPSS — FIRST.org
ML-based scoring system estimating the probability of a vulnerability being exploited in the next 30 days.
Exploitation Prob.ML ScoringRisk Priority
first.org/epss
Zero Day Initiative
Trend Micro's ZDI program publishes zero-day vulnerability advisories through coordinated vendor disclosure.
0-Day AdvisoriesVendor CoordinationPoC Details
zerodayinitiative.com
Google Project Zero
Google's elite security research team publishing critical in-the-wild 0-day discoveries and browser/OS vulnerabilities.
0-Day ResearchIn-the-WildBrowser/OS
googleprojectzero.blogspot.com
CERT/CC
Carnegie Mellon University's technical reports on software vulnerabilities, vendor advisories, and coordinated disclosure.
Vendor AdvisoriesCoordinationTechnical Reports
kb.cert.org/vuls
USOM — TR-CERT
Turkey's National Cyber Incident Response Center (BTK/USOM). Feed is pulled from usom.gov.tr. Advisory detail pages are served via siberguvenlik.gov.tr (the unified national cybersecurity portal).
TR National CERTThreat AdvisoriesBTK / ICTA
