We are excited to announce the upcoming release of OpenCVE Version 2, scheduled for end of July.

After several years of success with OpenCVE v1, this major update brings significant technical improvements and new features to provide you with an even more enriched and secure experience.

Let’s see together what will change!

Technical Changes

OpenCVE v2 is based on user feedbacks regarding how they use the v1. After many interviews, our users are looking for:

• a collaborative tool
• more functionalities
• an easy way to monitor OpenCVE
• the support of multiple CVEs providers and scoring systems

Developing these new features with the old stack was complicated, this is why we decided to change the technologies behind our tool:

1. Web Framework: Transition from Flask to Django for better performance and maintainability.
2. Scheduling: Adoption of Airflow to replace Celery, allowing more efficient task management.

This refactoring took us a while but now we’re confident about the future as these frameworks will allow us to deliver new features faster.

New Features

Aggregation of Multiple Sources

OpenCVE v1 relied solely on the NVD database. The new version now integrates multiple databases:

• the cvelistv5 repository of the Mitre
• the vulnerabilities database of the NVD
• the CVE database of Redhat
• the Vulnrichment repository of CISA

This aggregation is crucial, especially since the NVD stopped adding new information in February 2024, leaving users dependent on multiple sources for up-to-date and comprehensive information.

OpenCVE v2 now aggregates information across multiple providers, all in one place for you.

Advanced Notification System

In addition to email alerts, OpenCVE v2 offers webhook notifications making it easier to integrate with your ITSM tools and more.

Organizations and Projects Management

You can now organize and optimize your subscriptions between organizations and projects, allowing for more granular and efficient management of your alerts.

New Vulnerability Severity Scores

Beyond the CVSS score, we’ll integrate EPSS, KEV and SSVC scores for a more precise evaluation of vulnerabilities.

Why did we postpone the release?

We know you were expecting OpenCVE v2 to be released initially in April.

However, the halt in updates from the NVD database forced us to revise our timeline to ensure a complete and reliable service. Aggregating multiple sources was essential to bridge this gap and provide you with continuous and accurate information.

We appreciate your patience and are confident that these enhancements will make OpenCVE an even more essential tool in your cybersecurity arsenal. Stay tuned for the official communication and migration instructions to Version 2, we are impatient to publish the release.

Thank you for your trust and see you soon for upcoming v2 release!