Overview
- The db.gcve.eu platform is live under CIRCL in Luxembourg, aggregating vulnerability data from more than 25 public sources and exposing an open API for tool integration.
- GCVE Numbering Authorities receive unique identifiers and can assign and publish vulnerability IDs immediately without central approval.
- Existing and future CVE entries are mirrored via a reserved authority of zero, allowing mappings such as GCVE-0-2023-40224 for backward compatibility.
- The launch follows last year’s near-shutdown scare for the U.S. CVE program, with experts praising added resilience while cautioning that close alignment with CVE is essential to prevent confusion.
- Organizations, including current CVE numbering authorities, can apply through CIRCL to become GNAs as GCVE slots into the EU’s cybersecurity ecosystem alongside ENISA efforts.