Include Support for EUVD (European Union Vulnerability Database)

[e0894aca0e8]

Are there any plans for including support for the European Union Vulnerability Database (EUVD) as an additional vulnerability source in DependencyCheck? Even though CISA has extended the CVE contract, many (EU-based) users and enterprises would probably appreciate that.

[aikebah]

If they were to provide machine-consumable resource that would be a very good idea. However at first glance they appear to offer a website-based service for human consumption without a machine-consumable resource/service.

[software-testing-professional]

There is an API at:
https://euvdservices.enisa.europa.eu/api

https://euvdservices.enisa.europa.eu/api/vulnerabilities?assigner=&product=&vendor=&text=&fromDate=&toDate=&fromScore=0&toScore=10&fromEpss=0&toEpss=100&exploited=false&page=0&size=1

And I found some preliminary / unofficial documentation of the API here:
https://github.com/bytew0lf/EUVD-API

Greetings Michael

[aikebah]

Those links exactly proof my point: There is only a propriatety API, which someone has been working on an attempt to reverse-engineer it from the website.

If the API would be targeting consumption by anything but the website there would be either an official API documentation or an official API client on the EUVD website.

[nhumblot]

I reached them through the feedback form to try to get more information if they have anything planned that would allow Dependency-Check to contact the API. I will share information if I get some.

[rfc-st]

Hello, @nhumblot

Thank you for contacting them. After the news about MITRE (https://krebsonsecurity.com/2025/04/funding-expires-for-key-cyber-vulnerability-database/), which has been a very important warning of the weakness of this ecosystem, I think it is important to locate alternative sources to have an updated Database of CVEs.

And if DependencyCheck can have access to them, I think they will be more than welcome.

[kataner83]

This looks official now.
https://euvd.enisa.europa.eu/apidoc