CISA tracks vulnerabilities that are knowingly exploited in their KEV catalog. This information is useful for prioritization of vulnerabilities.

This website offers a ranking of many computer security conferences. The ranking is accompanied by a yearly acceptance ratio statistic.

The European Union Vulnerability Database tracks and scores vulnerabilities. It uses the EUVD- prefix for their identifiers, but has references to other identifiers like CVE and GHSA. The entries are enriched with information about the current exploitation, the Exploit Prediction Scoring System (EPSS), and Common Vulnerability Scoring System (CVSS). Lastly, vulnerabilities that are coordinated by EU Computer Security Incident Response Team (CSIRT) are marked.

GitHub's Advisory Database tracks CVEs and all GitHub advisories. Contributions to GitHub advisories are possible.

Global Security Database (GSD) is a project run by the Cloud Security Alliance to collect and track vulnerabilities. Conceptually it is similar to CVEs but with an open collaborative contribution process. Data from other vulnerability databases is imported and managed together.

The website offers a feed showing which CVEs are exploited in the wild. The entries contain a date and link to the original source. It also contains a feed for available exploits.

The Known Exploited Vulnerabilities Catalog is a project by the Cybersecurity & Infrastructure Security Agency (CISA) tracking actively exploited vulnerabilities. The data includes the vulnerability, the affected product, a brief description of the vulnerability, and remediation actions. The data is available in machine-readable format.

The OWASP Cheat Sheet Series was created to provide a concise collection of high-value information on specific application security topics. These cheat sheets were created by various application security professionals who have expertise in specific topics. The website contains cheat sheets on a wide area of topics. The all cheat sheets are available as download.

osv.dev is a vulnerability database or open-source projects. It mainly acts as an aggregator for multiple other databases. For example, data from Google's OSS-Fuzz project and various language-specific vulnerability databases is combined.

The System Security Circus by Davide Balzarotti presents many statistics about the Top-4 security conferences, such as authors and affiliations.

The website lists all known speculation side channel attacks. Each attack contains information about the attacked buffer, the affected vendors, and working state. They are sorted into a hierarchy. Each attack is also linked to proof-of-concepts and the academic papers.

deps.dev is a dependency analyzer for multiple language ecosystems (npm, Go modules, Maven, PyPI, Cargo). It shows basic information, such as the metadata (including license) about each package, dependencies, and reverse dependencies. It enhances this information by adding a diff viewer for the versions. Security advisories affecting a package or dependency are highlighted. The OpenSSF scorecard is also integrated, showing more insights about the project health.

The second feature of the website is an advisory viewer. It shows details about each advisory, including affected versions. It also calculates how much of the ecosystem is affected and patched.