CISA tracks vulnerabilities that are knowingly exploited in their KEV catalog. This information is useful for prioritization of vulnerabilities.

The European Union Vulnerability Database tracks and scores vulnerabilities. It uses the EUVD- prefix for their identifiers, but has references to other identifiers like CVE and GHSA. The entries are enriched with information about the current exploitation, the Exploit Prediction Scoring System (EPSS), and Common Vulnerability Scoring System (CVSS). Lastly, vulnerabilities that are coordinated by EU Computer Security Incident Response Team (CSIRT) are marked.

GitHub's Advisory Database tracks CVEs and all GitHub advisories. Contributions to GitHub advisories are possible.

Global Security Database (GSD) is a project run by the Cloud Security Alliance to collect and track vulnerabilities. Conceptually it is similar to CVEs but with an open collaborative contribution process. Data from other vulnerability databases is imported and managed together.

The website offers a feed showing which CVEs are exploited in the wild. The entries contain a date and link to the original source. It also contains a feed for available exploits.

The Known Exploited Vulnerabilities Catalog is a project by the Cybersecurity & Infrastructure Security Agency (CISA) tracking actively exploited vulnerabilities. The data includes the vulnerability, the affected product, a brief description of the vulnerability, and remediation actions. The data is available in machine-readable format.

osv.dev is a vulnerability database or open-source projects. It mainly acts as an aggregator for multiple other databases. For example, data from Google's OSS-Fuzz project and various language-specific vulnerability databases is combined.

The GitHub repository collects CVEs and proof-of-concept (PoC) exploits for them. It is a good resource to play around with sample exploits.