Frequently Asked Questions



  • What is the HPI-VDB?
    The "HPI-VDB - Database for Vulnerability Analysis" is a Vulnerability Database. This database was created at the chair of Prof. Dr. Christoph Meinel. It contains a number of security leaks of software, which could be exploited by hackers and other criminals to launch attacks at software- or IT-Systems

  • Where does the information of HPI-VDB come from ?
    The sources of HPI-VDB are other public available Websites with security relevant information about vulnerabilities, such as, OSVDB, Secunia, CERT, OVAL, SecurityFocus, Microsoft Security Bulletins, Google Security Notes, SAP Security Notes, and others

  • How can I benefit from the offered features of HPI-VDB?
    The search could be used to directly get information about known software products, such as, 'Windows','Adobe','Wordpress',...
    The search is able to process textual input, CPE-IDs, CVE-IDs, CVSS-Scores, or CWE-IDs.

  • Why there is more vulnerable software then vulnerabilities itself?
    A vulnerability is very likely existent in multiple versions of a program, e.g. in all versions before the vulnerability was fixed. In addition to that some vulnerabilities influence multiple products if they affect libraries. So it is likely that one vulnerability could be found in multiple software products.

  • Why should I register to HPI-VDB?
    A registered User is able to export the information about single vulnerabilities as XML. It is also possible to export results of a search, which could be performed with multiple filters at a time.
    There will be more features available in the future, such as, API, Self-Diagnosis (user provides information about his/her system and receives a list of vulnerabilities), Program Stack, Attack-Graph. These features are under development and will be published for registered users then.

  • Why can I only export 20 results of a search?
    Since the drastical increase of usage comes with long waiting times of export we limited the number of results which could be exported. Nevertheless if there is a demand of larger exports you could contact us to get API access.

  • Who can help me with problems?
    In this case you can contact us via email hpi-vdb-webadmin(at)hpi.uni-potsdam.de. We will fix the problem as soon as possible.

  • How can I reset my password?
    If you want to reset your password you can go to this link to reset the password. You need to know the email, which was used to register to HPI-VDB. You will receive an email with a Link, which directs at a page to create a new password

  • How can I access the API?
    The API is accessible for every registered user. The endpoints are specified at the following link. It is possible to choose either XML or JSON format as a parameter to the API (e.g. ?format=XML). Here you can see reducedVulnerabilities with a limit of 1000 queries per day and the complete vulnerability information with a limit of 5 queries per day.
    To access the API one has to specify the api_key and the username which could be found in the user details as URL parameters. This could be done in the following format: api_key=APIKEY&username=USERNAME

  • Which options can I specify in the API?
    It is possible to choose either XML or JSON format as a parameter to the API (e.g. ?format=XML). Additional you can choose from various filter parameters, such as:
    • offset=10
    • limit=10
    • cpe_id__name=cpe:/a:ni:labview:-
    • cwe_id=290
    • cvss_scores filter with gte or lte or =. (cvss_score__gte=5)
    • availability=PARTIAL
    • confidentiality=COMPLETE
    • integrity= (query without Keyword is regarded as integrity=None)
    The combination of multiple parameters has to be done with '&'. One more complex example would be:
    https://hpi-vdb.de/vulndb/api/vulnapi/reducedVulnerabilities/?format=xml&api_key=rAndOMapIkey!JIInaUnd&username=SomeUser&limit=30&cvss_score__lte=5 &integrity=&confidentiality=PARTIAL&cpe_id__name__contains=coldfusion