A free, publicly accessible database for IT security vulnerabilities called db.gcve.eu was launched to reduce dependence on US databases and strengthen Europe’s digital sovereignty, the project website of GCVE said.
KEY FACTS
- Database A free public vulnerability directory at db.gcve.eu
- Integration More than 25 public data sources are currently integrated
- Identifier model Uses a decentralized GNA numbering model instead of centralized CVE IDs
- Access Provides an open API for integration into compliance and risk tools
The platform aggregates information from various public resources including sources used by the GNA Numbering Authority model. The decentralized approach allows autonomous assignment and publication of vulnerability identifiers without waiting for central approval.
Data from over 25 different sources is normalized, structured and made searchable. The catalog replaces centralized assignment of CVE identifiers with the GNA model for numbering and publication.
The open API is intended for integration into compliance systems and risk management tools. The platform is described as supporting security officers, researchers, computer security incident response teams, software providers and open source developers tracking vulnerability reports across ecosystems.
The initiative formed after industry concern about a possible discontinuation of the Common Vulnerabilities and Exposures program in 2025. The launch timing, long term governance and adoption by major vendors were not specified.
WHY IT MATTERS
The decentralized identifier model and open API could shorten the time to publish identifiers and make vulnerability intelligence easier to integrate into existing compliance and risk management tools.