About VDB
What is this?
VDB is a public vulnerability database for SBOM workflows. It aggregates CVE/OSV/GHSA/EUVD/HF/MCP and more into an OSV-compatible format, while also surfacing new risks created by AI-assisted coding.
Why?
The 2024 CVE funding crisis exposed how fragile the vulnerability ecosystem is when it depends on a single operator. At the same time, AI coding has accelerated dependency risks. VDB tries to address both.
Findings don't stop at "there's a problem" — we hand you the fix
Most scanners stop at "vulnerable". VDB goes further.
Copy-pasteable upgrade commands
Every finding includes the exact upgrade command for your ecosystem — npm, pip, cargo, go, bundler, composer, maven, nuget, and more. No digging through advisories to figure out which version is safe.
$ npm install lodash@4.17.21
Which functions are actually affected
We parse OSV's ecosystem_specific data to surface the vulnerable functions and symbols. If your code never calls them, you can deprioritise. If it does, you know exactly where to look.
lodash.template lodash.templateSettings Each finding in a /sbom/scan response looks like:
{
"id": "GHSA-29mw-wpgm-hmr9",
"purl": "pkg:npm/lodash",
"version": "4.17.20",
"severity_bucket": "high",
"severity_score": 7.4,
"fixed_in": ["4.17.21"],
"remediation": {
"type": "upgrade",
"ecosystem": "npm",
"name": "lodash",
"fixed": "4.17.21",
"command": "npm install lodash@4.17.21",
"manifest": "\"lodash\": \"^4.17.21\"",
"rationale": "Upgrade lodash to 4.17.21 or newer via npm."
},
"affected_functions": [
{ "path": null, "symbol": "template" },
{ "path": null, "symbol": "templateSettings" }
]
}We see the names attackers will target — before they do
Slopsquatting isn't a "package already attacked" problem — it's a "package about to be attacked" problem. When several LLMs all hallucinate the same fake name, the moment someone registers it under that name they'll be installed by every developer who follows the LLM. VDB's slop collector gathers those names before attackers register them.
Predictive signal (slop DB)
We periodically run coding prompts through Claude / GPT / Gemini and collect the package names they recommend. Cross-model agreement raises the target score.
Realtime safety net (registry probe)
Every package checked is also probed live against npm / PyPI / crates / Go. Names not in our DB still get flagged when the registry shows "registered 3 days ago, 0 downloads".
Hook VDB into your AI coding tools — protection on autopilot
Claude, Cursor, Copilot and other AI assistants now write your code. Convenient — but follow their suggestions blindly and you end up installing slopsquatted packages, libraries with known vulns, or over-privileged MCP servers.
Connect VDB to your AI tool once. Just keep saying "build me this". Dangerous dependencies are filtered, suspicious ones get a warning — without you thinking about it.
Claude Desktop · Cursor · Continue
Register the VDB MCP server once. Before recommending a package or another MCP server, your AI consults VDB and surfaces the risk.
GitHub Actions / CI
Scan newly added dependencies on every PR. Block merges when a finding crosses your severity threshold.
Direct API
Running your own AI pipeline? Call bulk package check / SBOM scan / slopsquatting list to apply the same protection.
What VDB protects against — and what it doesn't
VDB isn't a silver bullet. Here's an honest map of what we catch, what slips through, and the trust assumptions you should know about.
What VDB catches
LLM-hallucinated package names (slopsquatting), freshly registered suspect packages (live registry probe), MCP servers with dangerous scopes, and known CVE/GHSA vulnerabilities — all in a single API call with a combined risk verdict.
What VDB doesn't catch
(a) A user modifying our prompt to ignore risk=high — their session, their decision. (b) Brand-new slop we haven't seen yet (detection-oracle limit — the 50-call trial raises the cost of probing for blind spots). (c) Traffic routed to a fake VDB host — check the official domain in your browser bar.
Prompt-injection defence (response text = data)
Attackers can plant payloads like "</instruction>" in OSV/CVE descriptions hoping an LLM treats them as directives. We sanitise every text field at the response boundary: strip control characters, cap at 500 chars, and defang known instruction-handover markers with a zero-width space. The /connect prompt also explicitly tells your agent that VDB response text is data, never instructions. Model-layer defence against prompt injection is unsolved industry-wide, but this defence-in-depth materially reduces practical risk.
Official domain
For VDB to work, the host in the prompt must be ours (or your self-hosted instance). If anyone hands you a "VDB prompt" pointing at an unfamiliar host, treat it as suspicious — official prompts are only published on vdb.ai.kr and from your own local instance.
Roadmap
Hidden from the main nav until collectors are populating data — we'll surface them automatically when there's something to look at.
Model artifacts
Mirror Hugging Face model cards plus modelscan/picklescan results to track backdoor PoCs, license conflicts, and training-data provenance. ATLAS/AVID mappings come next.
Data sources
External feeds VDB ingests.
| source | cadence | link |
|---|---|---|
| osv | 15 min | OSV.dev |
| ghsa | 15 min | GitHub Security Advisories |
| nvd | 1 hour | NVD / CVE |
| euvd | 1 hour | ENISA EUVD |
| npm | 1 hour | npm advisory |
| hf | 6 hour | Hugging Face |
| slop | 6 hour | VDB Slopsquatting detector (자체) |
| mcp | 24 hour | MCP Registry crawler (자체) |