The European Union has taken a significant leap forward in its digital security strategy with the official launch of the European Vulnerability Database (EUVD), developed and maintained by the European Union Agency for Cybersecurity (ENISA).
Announced on May 13, 2025, the EUVD is now operational, providing a centralized, reliable, and actionable repository of cybersecurity vulnerabilities that affect Information and Communication Technology (ICT) products and services across the EU.
A New Pillar for European Cyber Resilience
Mandated by the NIS2 Directive, the EUVD is designed to aggregate and interconnect publicly available vulnerability information from a wide array of sources, including national Computer Security Incident Response Teams (CSIRTs), industry threat researchers, ICT vendors, and established databases such as MITRE’s Common Vulnerabilities and Exposures (CVE) Program.
.png
)
This holistic approach enables better analysis, correlation, and management of vulnerabilities, making the EUVD a trusted and transparent resource for both public and private sector stakeholders.
Henna Virkkunen, European Commission Executive Vice-President for Tech Sovereignty, Security and Democracy, hailed the launch as “a major step towards reinforcing Europe’s security and resilience,” emphasizing that the EUVD will raise cybersecurity standards and empower stakeholders to protect digital spaces more efficiently and autonomously.
Key Features and Accessibility
The EUVD offers three distinct dashboard views:
- Critical Vulnerabilities: Highlighting issues with severe implications.
- Exploited Vulnerabilities: Focusing on those currently under active attack.
- EU Coordinated Vulnerabilities: Showcasing cases managed by European CSIRTs.
Each entry provides detailed information, including a description of the vulnerability, affected products or services, severity, exploitation methods, and available mitigation measures or patches.
The database is publicly accessible, serving suppliers, users of network and information systems, national authorities, private companies, and researchers alike.
The launch comes at a pivotal moment, following recent funding uncertainties surrounding the US-based MITRE CVE Program.
Experts view the EUVD as a strategic move to reduce reliance on a single, non-European vulnerability source and to ensure continuity and resilience in global vulnerability management.
While the EUVD is not intended to replace the CVE Program, ENISA has worked closely with MITRE to ensure interoperability and complementarity, including mapping EUVD identifiers to existing CVE IDs.
Supporting the EU’s Cybersecurity Ecosystem
According to the Report, ENISA’s new role as a CVE Numbering Authority (CNA) since January 2024 enables it to register and support the disclosure of vulnerabilities discovered by or reported to EU CSIRTs.
The EUVD also leverages the Common Security Advisory Framework (CSAF), allowing for machine-readable advisories and streamlined vulnerability management.
In 2025, ENISA plans to further develop the EUVD, gathering feedback to enhance its services and ensure it remains a vital tool in the EU’s cybersecurity framework.
The database is expected to support compliance with both the NIS2 Directive and the upcoming Cyber Resilience Act, strengthening the EU’s technological sovereignty and digital safety.
With the launch of the EUVD, Europe now possesses a robust, independent resource to bolster its cybersecurity posture, improve situational awareness, and limit exposure to evolving digital threats.
How SOC Teams Save Time and Effort with ANY.RUN - Live webinar for SOC teams and managers
