The European Union Agency for Cybersecurity (ENISA) has launched the European Vulnerability Database (EUVD), a platform developed in line with the NIS2 Directive. Now fully operational, the EUVD is intended to support improved management of cybersecurity vulnerabilities across Information and Communication Technology (ICT) products and services.
The database aggregates publicly available information from a range of trusted sources, including national CSIRTs, ICT vendors, and international vulnerability repositories, to provide organisations with timely, practical details such as mitigation measures, severity ratings, and exploitation status.
A Centralised Resource for the EU Market
The EUVD enables more structured and transparent sharing of information across sectors. It incorporates data from open-source databases and official advisories, offering users a clearer view of current risks and available responses. The platform includes three dashboard views:
- Critical vulnerabilities
- Known exploited vulnerabilities
- EU-coordinated vulnerabilities, as managed by the EU CSIRTs network
Each entry may include:
- A description of the vulnerability
- Affected systems or software versions
- Severity assessment and potential methods of exploitation
- Mitigation steps and links to relevant advisories or patches
Who Is the EUVD For?
The EUVD is publicly accessible and relevant to a wide range of stakeholders, including:
- ICT suppliers and digital service providers
- Organisations relying on digital systems
- National authorities and cybersecurity teams
- Researchers and security analysts
Its open access model supports more consistent understanding and response to vulnerabilities across the Union, contributing to a more secure digital environment.
Supporting Coordinated Vulnerability Disclosure
The platform also underpins the EU’s approach to Coordinated Vulnerability Disclosure (CVD). Under this model, vulnerabilities are only published once the responsible parties have had adequate time to develop patches or mitigation guidance. This approach limits the risk of premature public exposure. To meet the obligations under the NIS2 Directive, ENISA has worked with national CSIRTs and international organisations such as MITRE. Since January 2024, ENISA has functioned as a CVE Numbering Authority (CNA), allowing it to register vulnerabilities discovered or reported to EU CSIRTs that fall within its remit.
The EUVD emphasises collaboration in managing vulnerabilities in the EU. By connecting ICT suppliers, organisations, and researchers, it enhances collective threat response and digital resilience.
How BDO Malta Can Help
BDO Malta supports organisations in interpreting and implementing regulatory cybersecurity requirements under the NIS2 Directive. Our team can assist in reviewing your current ICT risk management framework, assessing exposure to known vulnerabilities, and aligning internal processes with best practices in coordinated vulnerability disclosure. Whether you are a digital service provider, ICT supplier, or in-scope organisation seeking to strengthen operational resilience, we provide tailored guidance and technical support.
Contact Us
