CVE Tools
Back to blog

Browse CVEs by vendor, product and sector

The big cleanup that turned messy affected-data into clean, browsable hubs

Raw vulnerability data is a mess. The same vendor shows up spelled five different ways. A single product is scattered across dozens of near-duplicate version strings. Ask a simple question — "show me everything affecting this product" — and the data fights you. So we did the unglamorous work: we cleaned it up across the whole catalogue. Here's what changed, and what you can now do with it.

What was wrong

Every CVE carries a list of affected entries — vendor, product, version. Those come straight from advisories, and advisories don't agree with each other:

  • Vendors spelled many waysMicrosoft, Microsoft Corp., microsoft_corporation are all the same company, but counted as three.
  • Products fragmented by versionWindows 10, Windows 10 21H2, Windows 10 22H2 are forty rows where you wanted one product.
  • No way to slice by what you run — you couldn't reliably ask "all the CVEs touching this product family" or "how exposed is my industry," because the names didn't line up.

What we did

We built a deterministic normalizer that maps every raw (vendor, product) string to a canonical vendor and product — collapsing the version twins into one product family — and tags it with an industry sector. Then we ran it across the entire catalogue. No guesswork at read time: the cleanup is baked into the data, so browsing and filtering are fast and consistent.

From raw advisory data to browsable hubs

  1. Raw affected entries — Vendor / product / version, as advisories wrote them
  2. Normalize — Canonical vendor + product, version twins collapsed
  3. Tag a sector — Map the product to an industry
  4. Hubs, filters and search — /vendors · /products · /sectors · product filter

What you can do now

  • Vendor hubs — head to /vendors to see vulnerabilities grouped by the company behind the product, names finally deduplicated.
  • Product hubs/products collects CVEs by product family, so one page covers a product instead of forty version rows.
  • Sector view/sectors rolls everything up into 15 industry sectors: see how exposure distributes across healthcare, networking, industrial and the rest.
  • Filter by product family — once you're signed in, the CVE list lets you narrow the whole catalogue to a single product family in a click.

Try it

Start from your stack: open a product hub for something you run, or zoom out to your industry sector to see the bigger picture.

Spot a vendor or product we've mislabelled? Tell us — the normalizer improves every time someone flags an edge case.