The European Union has officially launched its vulnerability database. Development started after the NIS2 Directive in December 2022. The database launched in beta mode in mid-April. This occurred amid uncertainty over MITRE’s CVE Program. MITRE received a late 11-month extension for CVE. The European Union Vulnerability Database (EUVD) may function similarly to the U.S. NVD. ENISA’s Juhan Lepassaar called EUVD an essential tool. It will improve vulnerability and risk management. It also ensures transparency for users.
The EUVD will offer aggregated and actionable information. This includes mitigation measures and exploitation status for vulnerabilities. It covers ICT products and services. The EUVD aims to interconnect data from many sources. These include CSIRTs, vendors, and other databases. It will use Vulnerability-Lookup software for correlation. The EUVD provides views for critical and exploited vulnerabilities. CISA’s KEV Catalogue data will be automatically included. Reporting exploited vulnerabilities becomes mandatory in September 2026. This data will likely be added to EUVD.
This EUVD launch comes amid CVE Program uncertainty. ENISA has contacted MITRE about the CVE program’s future. ENISA is working with EU Member States and the Commission. They aim to ensure resilience of vulnerability systems. ENISA is also a CVE Numbering Authority (CNA). CNAs assign CVE IDs and add records. They help manage over 40,000 new vulnerabilities yearly. The EUVD is not the only new program. Others are launching due to CVE’s uncertain future.
The CVE Foundation launched on April 16, 2025. This was when MITRE’s contract was near expiration. The foundation wants CVE to be a nonprofit model. This would move it from single government control. This model allows global participation and transparency. The group had positive talks with CISA on April 24th. CISA’s Matt Hartman said there was no CVE funding issue. It was a contract administration issue that was resolved. CISA is committed to the CVE program. They are open to reevaluating its strategy.
Reference:
