|
| 1 | +--- |
| 2 | +title: "Vulnerability-Lookup 2.10.0 released" |
| 3 | +slug: vulnerability-lookup-2-10-0 |
| 4 | +layout: news |
| 5 | +date: 2025-05-22 |
| 6 | +tags: |
| 7 | + - release |
| 8 | +excludeSearch: true |
| 9 | +--- |
| 10 | + |
| 11 | + |
| 12 | +We’re delighted to announce the release of Vulnerability-Lookup 2.10.0, |
| 13 | +and it’s packed with exciting features! |
| 14 | + |
| 15 | + |
| 16 | +## What's New |
| 17 | + |
| 18 | +### AI-Powered Enrichment using our in-house AI models |
| 19 | + |
| 20 | +Vulnerability-Lookup now enhances vulnerability advisories using our in-house AI models. |
| 21 | + |
| 22 | +We recently worked on a new project, [ML-Gateway](https://github.com/vulnerability-lookup/ML-Gateway), |
| 23 | +a FastAPI service for serving NLP models. It loads one or more pre-trained NLP models during startup |
| 24 | +and expose them through a clean, RESTful API for inference. |
| 25 | +For example, it leverages the transformers library to load the |
| 26 | +[CIRCL/vulnerability-severity-classification-distilbert-base-uncased](https://huggingface.co/CIRCL/vulnerability-severity-classification-distilbert-base-uncased) |
| 27 | +model, which specializes in classifying vulnerability descriptions according to their severity level. |
| 28 | +The server initializes this model once at startup, ensuring minimal latency during inference requests. |
| 29 | + |
| 30 | +The ultimate goal is to enrich vulnerability data descriptions through the application of a suite of NLP models, providing direct benefits to Vulnerability-Lookup and supporting other related projects |
| 31 | +such as [AIL](https://ail-project.org). |
| 32 | + |
| 33 | +It serves as a gateway to model-serving services, enabling us to integrate various AI models in the future without introducing new dependencies or added complexity to Vulnerability-Lookup. |
| 34 | + |
| 35 | +This release marks a significant milestone in our AI strategy. |
| 36 | +We now have the full loop in place: from data gathering and vulnerability correlation to AI dataset generation, |
| 37 | +model training with our own AI trainers, and finally, our new bridge that connects these models directly to Vulnerability-Lookup. |
| 38 | + |
| 39 | +**Example** |
| 40 | + |
| 41 | +Concretely, for the user, the result of the severity classification model appears on the vulnerability description page in Vulnerability-Lookup, just after the CVSS information. |
| 42 | +The goal is to provide a comparison point—and to offer a severity indicator when CVSS data is missing. |
| 43 | +This result is composed of the level of the severity (from Low to Critical) and the confidence level (between 0 and 1). |
| 44 | + |
| 45 | +[](/images/news/2025/05/example-ivanti.png) |
| 46 | + |
| 47 | +https://vulnerability.circl.lu/vuln/CVE-2025-4427 |
| 48 | + |
| 49 | +**Conceptual architecture of the ML-Gateway** |
| 50 | + |
| 51 | +[](/images/news/2025/05/ml-gateway.png) |
| 52 | + |
| 53 | + |
| 54 | +**Models generation workflow** |
| 55 | + |
| 56 | +[](/images/news/2025/05/models-generation.png) |
| 57 | + |
| 58 | + |
| 59 | +More information about [AI datasets and models](https://www.vulnerability-lookup.org/user-manual/ai/). |
| 60 | + |
| 61 | + |
| 62 | +### Monitor Your Local GCVE Registry with Vulnerability-Lookup |
| 63 | + |
| 64 | +Thanks to the integration of the [GCVE client](https://github.com/gcve-eu/gcve), administrators of a Vulnerability-Lookup |
| 65 | +instance can now manage and monitor a local GCVE registry. |
| 66 | + |
| 67 | +GNAs are retrieved from [gcve.eu](https://gcve.eu), and the integrity of the data is |
| 68 | +automatically verified. In a future release, this will allow administrators of a |
| 69 | +Vulnerability-Lookup instance to choose which GNA feeds to pull. |
| 70 | + |
| 71 | +[](/images/news/2025/05/gcve-eu-network.png) |
| 72 | + |
| 73 | +[](/images/news/2025/05/vl-dashboard-gcve.png) |
| 74 | + |
| 75 | + |
| 76 | +## Changes |
| 77 | + |
| 78 | +- Send notifications to admins and users when new comments are added to a disclosure. |
| 79 | + ([58b6b60](https://github.com/vulnerability-lookup/vulnerability-lookup/commit/58b6b60ccd45008448fee22358b40d79f82a17ab)) |
| 80 | +- Improved admin notification system for published comments. |
| 81 | + ([2d2b917](https://github.com/vulnerability-lookup/vulnerability-lookup/commit/2d2b9174f218f6bdcecb11a9f6021e8199195250)) |
| 82 | +- Added a new API endpoint to verify the integrity of the local GCVE registry. |
| 83 | + ([a4416c6](https://github.com/vulnerability-lookup/vulnerability-lookup/commit/a4416c6fcf1b3b5fbcda4e8f777e3e32925610bc), |
| 84 | + [27cdb50](https://github.com/vulnerability-lookup/vulnerability-lookup/commit/27cd27cdb503271a0f4b48ee7d93a66b74b322da9217b50), |
| 85 | + [92c3c1b](https://github.com/vulnerability-lookup/vulnerability-lookup/commit/92c3c1b83be7f617f6904cc4d546f654c7554a02)) |
| 86 | +- Introduced a new Flask/Click command to update the local GCVE registry in the background |
| 87 | + using data from gcve.eu. This can also be triggered from the HML dashboard. |
| 88 | + ([0a35027](https://github.com/vulnerability-lookup/vulnerability-lookup/commit/0a35027062f962ec705d33bc19cda03b3441fee3)) |
| 89 | +- Queries the backend to retrieve the vendor/product information for hovered vulnerability |
| 90 | + IDs in the charts and the table of the main public dashboard. |
| 91 | + Related to [#136](https://github.com/vulnerability-lookup/vulnerability-lookup/issues/136) |
| 92 | + ([9f138a7](https://github.com/vulnerability-lookup/vulnerability-lookup/commit/9f138a7a656bd430512c8ee4db96c75c2cf95181)) |
| 93 | +- Enhanced the vulnerability sightings correlation graph. |
| 94 | + Related to [#136](https://github.com/vulnerability-lookup/vulnerability-lookup/issues/136) |
| 95 | + ([ac17667](https://github.com/vulnerability-lookup/vulnerability-lookup/commit/ac17667364603a5c25e770000dd8d663ddf45910)) |
| 96 | +- Various graphical improvements to the admin dashboard. |
| 97 | + ([7c4e549](https://github.com/vulnerability-lookup/vulnerability-lookup/commit/7c4e54929f85a65f1534cff0ee4a8699d1b703f1)) |
| 98 | + |
| 99 | + |
| 100 | +## Fixes |
| 101 | + |
| 102 | +- Allowed `gna_id` to be null for organizations. |
| 103 | + ([569bfa2](https://github.com/vulnerability-lookup/vulnerability-lookup/commit/569bfa245f2e6d9b6f05376c5273c2ca921e102f)) |
| 104 | +- Fixed typos in HTML templates. |
| 105 | + ([e301a7f](https://github.com/vulnerability-lookup/vulnerability-lookup/commit/e301a7f14d6ad3497e742aa02c8e625be6b32279)) |
| 106 | + |
| 107 | + |
| 108 | +## Changelog |
| 109 | + |
| 110 | +📂 To see the full rundown of the changes, users can visit the changelog on GitHub: |
| 111 | +https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v2.10.0 |
| 112 | + |
| 113 | + |
| 114 | +🙏 A big thank you to all our contributors — with a special welcome to [Léa](https://www.linkedin.com/in/léa-ulusan-379a3a239/), our newest contributor! |
| 115 | + |
| 116 | + |
| 117 | + |
| 118 | +## Feedback and Support |
| 119 | + |
| 120 | +If you encounter issues or have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us! |
| 121 | +https://github.com/vulnerability-lookup/vulnerability-lookup/issues/ |
| 122 | + |
| 123 | + |
| 124 | +## Follow us on Fediverse/Mastodon |
| 125 | + |
| 126 | +You can follow us on Mastodon and get real time informationa about security advisories: |
| 127 | +https://social.circl.lu/@vulnerability_lookup/ |
0 commit comments