Published on February 5th, 2014 | by NJ Ouchn


vFeed Open Source Aggregated Vulnerability Database v0.4.7 released (support of HP Hotfixes, BID SecurityFocus & New Update method)

vFeed framework is an open source naming scheme concept that provides extra structured detailed third-party references and technical characteristics for a CVE entry through an extensible XML schema.

It also improves the reliability of CVEs by providing a flexible and comprehensive vocabulary for describing the relationship with other security references and standards


Key features

  • Built using open source technologies
  • Fully downloadable SQLite local vulnerability database
  • Structured new XML format to describe vulnerabilities
  • Based on major open standards CVE, CPE, CWE, CVSS..
  • Support correlation with 3rd party security references (CVSS, OSVDB, OVAL…)
  • Extended to support correlation with security assessment and patch vendors (Nessus, Exploit-DB, Redhat, Microsoft..)
  • Simple & ready to use Python module with more than 15 methods


  • Refactored the script as a separate class vFeedUpdate ( The method update() could be invoked to update the vulnerability database vFeed.db.
  • Added the support to HP (Hewlett-Packard) patch ids
  • Added the support to BID – SecurityFocus ids
  • Updated the Ubuntu, Redhat, CERT-VN mappers. Many new IDs have been added to vFeed.db
  • To reflect the newest cross references, the following methods have been added:
    • get_hp to enumerate HP ids. This function returns the patches alonside with links (
    • get_bid to list SecurityFocus Ids (
    • update to download the newest vFeed.db database. python update will do the trick now.
  • vfeed.db the sqlite opensource cross linked vulnerability database fully regenerated to support the new changes
  • Documentation updated accordingly


+ ./ get_hp CVE-2013-2473

[hp_id]: HPSBUX02908
[hp_id]: HPSBUX02907
[hp_id]: HPSBUX02922
[hp_id]: SSRT101305

[stats] 4 HP id(s)

+ ./ get_bid CVE-2014-1837

[bid_id]: 65173

[stats] 1 BID id(s)

+ ./ update

[info] checking for the latest vfeed.db
[progress 100 %] receiving 49 out of 49 Bytes of update.dat
[info] You have the latest vfeed.db vulnerability database
[info] Cleaning compressed database and update file


Tags: , , , , , , , , , , , , , , ,

About the Author

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑