Data License
VulnIntel collects, normalizes, and provides multiple public security data sources in an integrated form. The Service only processes the original data and does not replace the original authors or operating organizations. Ultimate responsibility for the accuracy and currency of each dataset rests with its original source organization.
Data licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) license complies with the attribution requirements of that license.
- NVD (National Vulnerability Database) — Operator: NIST (U.S. National Institute of Standards and Technology) / License: Public domain (U.S. federal government work, 17 U.S.C. § 105)
- CISA KEV (Known Exploited Vulnerabilities) — Operator: CISA (U.S. Cybersecurity and Infrastructure Security Agency) / License: Public domain (U.S. federal government work)
- OSV (Open Source Vulnerabilities) — Operator: Google Open Source Security Team / License: CC BY 4.0
- GitHub Advisory Database — Operator: GitHub, Inc. / License: CC BY 4.0
- KISA Security Notices (Boho.or.kr) — Operator: Korea Internet & Security Agency (KISA) / License: Public work (Act on Promotion of the Provision and Use of Public Data)
- Exploit-DB — Operator: Offensive Security / Collection scope: Collection is limited to exploit metadata (CVE linkage information); exploit code itself is not collected.
- EPSS (Exploit Prediction Scoring System) — Operator: FIRST.org / License: Freely distributed data published by FIRST.org. No separate CC license is stated; FIRST.org's terms of use apply.
The information provided by this Service is the result of normalizing and processing the original data from the sources above, and does not replace or infringe the rights of each original author or operating organization. For inquiries about the original data, please contact the respective operating organization directly.