Central Vulnerability Database release notes

  • Release version: Store
  • Updated June 11, 2026
  • 1 minute to read

    • Version history for the ServiceNow® Central Vulnerability Database application on the ServiceNow Store.

    Important:
    For details on system requirements and family compatibility, view the application listing on the ServiceNow Store website.

    Version history

    Version 1.0.1 - April 2026
    • Central Vulnerability Database (CVDB) is a source-agnostic vulnerability data repository that consolidates and enriches vulnerability records from multiple security sources into a single, authoritative view. Prior to CVDB, integrations would directly override fields on vulnerability records or create only placeholder entries — when a higher-quality source reported on the same CVE, existing data could be silently overwritten. CVDB replaces this with a configurable, priority-based enrichment framework.
    • CVDB uses a two-tiered priority system to resolve multi-source conflicts:
      • Source-level priority determines default precedence across all fields (e.g., NVD > scanners) Field-level priority overrides source defaults for specific fields (e.g., CISA KEV takes precedence for exploit status, while NVD remains authoritative for CVSS scores)
    • Each integration source’s raw data is preserved in dedicated source-specific tables, while the consolidated CVDB record reflects the highest-priority value for each field. A field update history tracks exactly which source last updated every field, providing full data provenance.
    • CVDB serves as the centralized hub that integration plugins feed into via the CVDUtil API. Supported upstream sources include NVD, EUVD, JVN, CISA KEV, EPSS, Microsoft Defender TVM, Prisma Cloud, Qualys, Veracode, GitHub, Black Duck, and Wiz. Downstream consumers — Vulnerability Response, Container Security, and SBOM Response — leverage enriched CVDB data for remediation workflows.