VulnRadar - CVE & Advisory Linkage#
Verifying that a file is the genuine vendor release is necessary - but a genuine release can still be a version with known vulnerabilities. VulnRadar links each tracked product version to published CVE and advisory records, so you know not just is this the real binary but is this a safe version to run.
VulnRadar is metadata only: it surfaces CVE identifiers, severity, titles, dates, and links to the authoritative advisory - never exploit code, proof-of-concept, or weaponizable detail.
Status: in development.
How it works#
For a tracked product and version, VulnRadar maps to the matching entries in public vulnerability data (CVE / advisory records) and records the metadata against that version. Each linked advisory carries:
| Field | Meaning |
|---|---|
cve_id | The advisory identifier (e.g. CVE-2026-1234) |
severity | Qualitative severity (and CVSS score where available) |
title | The advisory’s one-line summary |
published | When the advisory was published |
url | Link to the authoritative advisory record |
Where it appears#
VulnRadar is a Teams-tier capability:
GET /api/v1/intel/cves?executable=<name>&version=<version>{
"product": "Example App",
"version": "1.2.3",
"advisories": [
{ "cve_id": "CVE-2026-1234", "severity": "high", "title": "Heap overflow in parser", "published": "2026-03-01", "url": "https://…" }
]
}A version with linked advisories also carries an at-a-glance indicator on the dashboard.
How to use it#
- Gate deployments. Don’t roll out a verified-genuine binary that happens to be a version with a known high-severity CVE.
- Prioritise patching. Cross-reference the versions in your estate against their linked advisories to triage what to update first.
- Enrich your inventory. Attach advisory metadata to the exact, verified build you actually run.
VulnRadar tells you whether a version is known-vulnerable; BinTrust and SigDiff tell you whether the bytes are genuine and who signed them. Run a build only when all three agree.