Central Vulnerability Database

  • Release version: Australia
  • Updated March 28, 2026
  • 4 minutes to read

    • The Central Vulnerability Database (CVDB) is a source-agnostic vulnerability data repository that consolidates and enriches vulnerability records from multiple security sources into a single, authoritative view. Use CVDB to eliminate conflicting data across your vulnerability integrations and gain full visibility into which source is authoritative for each field.

    Before CVDB, integrations would directly override fields on vulnerability records or create only placeholder entries. When a higher-quality source reported on the same Common Vulnerabilities and Exposures (CVEs), existing data could be silently overwritten. CVDB replaces this with a configurable, priority-based enrichment framework that preserves source fidelity while surfacing the most authoritative data for each field.

    How Central Vulnerability Database works

    CVDB acts as a centralized hub that integration plugins feed into via the CVDUtil API. Each integration source's raw data is preserved in dedicated source-specific tables. The consolidated CVDB record reflects the highest-priority value for each field, and a field update history tracks exactly which source last updated every field, providing full data provenance (a traceable record of where each field value came from).

    CVDB uses a two-tier priority system to resolve conflicts when multiple sources report on the same vulnerability:

    • Source-level priority: Determines default precedence across all fields. For example, NVD takes precedence over scanner sources by default.
    • Field-level priority: Overrides source-level defaults for specific fields. For example, Vulnerability Intelligence fields such as Mandiant or Recorded Future takes precedence for exploit status, while NVD remains authoritative for CVSS scores.

    Supported sources

    CVDB supports a broad ecosystem of upstream sources spanning authoritative vulnerability databases, enterprise scanners, and threat intelligence feeds:

    • Authoritative databases: NVD, EUVD, JVN, CISA KEV, EPSS
    • Vulnerability scanners: Microsoft Defender Vulnerability Management, Palo Alto Prisma Cloud, Qualys, Wiz
    • Application security tools: Veracode, GitHub, Black Duck

    Vulnerability Response, Container Security, and SBOM Response leverage enriched CVDB data for remediation workflows.

    CVDB includes a priority configuration for ingesting CVEs. The Vulnerabilities Entries table (sn_vul_nvd_entry_LIST) now supports non-CVE vulnerability databases. When CVEs become irrelevant, alternative sources such as EUVD and JVN can be used to populate the sn_vul_nvd_entry table.

    Viewing vulnerability sources

    To view the vulnerability sources:
    1. Navigate to Workspaces > Security Exposure Management.
    2. In the left navigation, select List.
    3. Under Lists, navigate to Libraries > Vulnerabilities.
    In the Libraries - Vulnerabilities List page, a new Sources column is added, which displays all the sources that have enriched a given CVE. Even if NVD produces a CVE without enrichment, other sources such as Microsoft Defender Vulnerability Management, Qualys, and Mandiant can be used to enrich the CVE record.

    Priority-based field configuration

    Fields are no longer overridden directly. The updated model uses priority-based configuration to define which source provides which field value. This configuration is managed through the Source Configurations [sn_sec_cvd_source_config_list.do] table.

    To access Source Configurations, enter sn_sec_cvd_source_config.LIST in the Filter Navigator. Multiple sources that provide CVE information are listed here, each assigned a priority. NVD holds the highest priority, followed by other registered sources.

    Source-specific attribute tables

    A separate table is maintained for each source, containing attributes specific to that source that enrich CVE records. Rather than writing enrichment data directly to the NVD table, source-specific tables are added as references in CVE records. These tables can be found in sys_db_object_list.do. Attributes from different sources can then be selected within the NVD Entries table [sn_vul_nvd_entry_list.do].

    CVDUtil API

    CVDUtil is the central API for ingesting vulnerability data into the NVD entries table. It applies priority-based processing to determine which source fields are written to the record.

    All NVD table ingestion must go through the CVDUtil API. This API enforces priority configurations and ensures that field-level rules are respected during record creation and updates.

    The primary method is createOrUpdateCVD. When called, it performs the following operations:

    • Checks the configured source priorities to determine which source may override specific fields.
    • Runs process enrich with payload to apply enrichment data according to priority rules.
    • Runs process source-specific fields to handle fields that belong exclusively to individual sources. The payload accepts a source field as a separate key.

    When a non-CVE vulnerability source maps to multiple CVEs, pass the related CVE identifiers through the cvdlist parameter. The API will link the CVD record to all specified CVEs. References and exploit records can also be ingested through this API.

    Construct the payload using CVDUtil first, then use it to insert the record. Vulnerability score values can come from different sources. You can configure which source to prioritize for score assignment, determining which score value takes precedence.

    Key capabilities

    Priority-based data enrichment
    A two-tier priority system (source-level and field-level) automatically resolves conflicts when multiple sources report on the same vulnerability, ensuring the most trusted data wins.
    Extensible integration framework
    Includes out-of-the-box support for authoritative databases, vulnerability scanners, and threat intelligence feeds. Additional integrations can be configured with custom source priority via the CVDUtil API.
    Source-specific data preservation
    Raw data from each source is stored in dedicated tables, preserving full fidelity while the consolidated CVD record presents the prioritized view.
    Field update tracking
    An audit trail records which source last updated each field on every CVD record. This enables transparency and troubleshooting of data provenance.
    Non-CVE to CVE mapping
    Automatically handles non-CVE identifiers by mapping them to CVE records when assignments become available. Duplicate entries are deactivated.
    CVDB Overview workspace tab
    A consolidated workspace view displays CVDB record details. This includes CVSS scores, EPSS data, exploit status, references, affected software, and CWE classifications.