In response to the recent funding uncertainty around the US-based Common Vulnerabilities and Exposures (CVE) database, the European Union Agency for Cybersecurity (ENISA) has developed the European Vulnerability Database (EUVD). This new platform, aligned with the NIS2 Directive, aims to serve as a central, reliable source of information on IT product and service vulnerabilities for the EU market.
The EUVD aggregates data from multiple open sources, national CSIRTs, vendor advisories, and coordinated European CSIRT networks, delivering actionable intelligence through three dedicated dashboards: critical vulnerabilities, actively exploited vulnerabilities, and EU-coordinated vulnerabilities. This transparency supports more efficient, autonomous defense strategies for public authorities, private enterprises, researchers, and cybersecurity professionals across Europe.
ENISA’s designation as the official CVE Numbering Authority (CNA) since early 2024 strengthens Europe’s ability to assign unique vulnerability IDs and manage incident documentation independently from US-based authorities. The EUVD complements the upcoming Single Reporting Platform mandated by the EU Cyber Resilience Act, focusing primarily on information sharing rather than formal vulnerability reporting.
By fostering international cooperation—including partnerships with Mitre’s CVE program and CISA’s Known Exploited Vulnerabilities Catalog—the EUVD represents a significant step toward European digital sovereignty, cyber resilience, and enhanced protection of critical digital infrastructure.
For CISOs and security leaders, the EUVD offers an essential tool to stay ahead of emerging threats and align cybersecurity strategies with evolving regulatory requirements.