HPI-VDB is the result of research work being conducted by IT-Security Engineering Team at Prof. Christoph Meinel's chair "Internet Technologies and Systems" at HPI. It is a comprehensive and up-to-date repository which contains a large number of known vulnerabilities of Software. The vulnerability information being gathered from Internet is evaluated, normalized, and centralized in the high perforance database. The textual descriptions about each vulnverability entry are grabbed from the public portals of other vulnerability databases, software vendors, as well as many relevant public webpages, etc. A well-structured data model is used to host all pieces of information which is related to the specific vulnerability entry. Thanks to the high quality data serialized in the high performance In-Memory database, many fancy services can be provided, including browsing, searching, self-diagnosis, Attack Graph (AG), etc. Additionally, we offer many types of API for IT developers to leverage our database for their development. 


  • Structured representation of known vulnerabilities
  • API to programs for purpose of security analytics and others
  • Rich searching functionality using CVE-ID, CWE-ID, CPE-ID, Full text, ...
  • Addon services (login needed): exportation, self-diagnosis, Attack Graph, ...
  • Daily update to include the latest published/confirmed vulnerabilities
  • As of on Oct. 10, 2015, there are 71,920 vulnerabilities concerning about 178,480 software
  • Basic statistics, visualization, and analytics, are possible


  • F. Cheng, S. Roschke, Ch. Meinel, An Integrated Network Scanning Tool for Attack Graph Construction, in Proceedings of the 6th International Conference on Grid and Pervasive Computing (GPC'11), Springer LNCS 6646, Oulu, Finland, May 11-13, 2011.
  • S. Roschke, F. Cheng, Ch. Meinel, Using Vulnerability Information and Attack Graphs for Intrusion Detection , in Proceedings of the 6th International Conference on Information Assurance and Security(IAS'10), IEEE Press, Atlanta, USA, August 23-25, 2010.
  • F. Cheng, S. Roschke, R. Schuppenies, Ch. Meinel, Remodeling Vulnerability Information, in Post-Proceedings (selected revised paper) of the 5th SKLOIS Conference on Information Security and Cryptology (INSCRYPT'09), Springer LNCS 6151. Beijing, China. December 12 - 15, 2009.
  • S. Roschke, F. Cheng, R. Schuppenies, Ch. Meinel, Towards Unifying Vulnerability Information for Attack Graph Construction, in Proceedings of the 12th  Information Security Conference (ISC'09), Springer LNCS 5735, Pisa, Italy, September 7 - 9, 2009.
  • Robert Schuppenies, MSc.: Automatic Extraction of Vulnerability Information for Attack Graphs, HPI Master Thesis,Mar. 2009, 


IT-Security Engineering Team
Prof.-Dr.-Helmert-Str. 2-3
D-14482 Potsdam
Tel.: +49 (0) 331 / 5509-222
Fax.: +49 (0) 331 / 5509-325
Email: hpi-vdb(at)


The HPI-VDB portal as well as the relevant research work are non-profit. The data and services offered by are all free of charge and can only be used for personal and non-commercial use. We are thankful to:

  • our former team members: Robert Schuppenies and Sebastian Roschke (both now with Google Inc., in Mountain View, USA), for their exploratory work in this project;
  • HPI Master student team: Marian Gawron, Anton Gulenko, Patrick Schulze, Gary Yao, for the development of the first prototype of HPI-VDB;
  • SAP SE and HPI FutureSoC Lab for offering us the required Hardware and Software, especially, the modern HPI HANA database;
  • many other public VDBs and software vendors, e.g., NVD, OSVDB, Secunia, CERT, OVAL, SecurityFocus, Microsoft Security Bulletins, Google Security Notes, SAP Security Notes, etc.