Miggo has unveiled VulnDB, a free, predictive vulnerability database designed to overhaul how organisations assess and prioritise software risks. By combining runtime context, exploit simulations and function-level tracing, VulnDB shifts the paradigm from reactive vulnerability tracking to proactive threat prediction, promising to drastically reduce noise from Common Vulnerabilities and Exposures and highlight only those flaws that truly matter in a live environment.
At launch, VulnDB distinguishes itself by pinpointing the exact functions that introduce risk and determining whether they are exploitable within an application’s runtime. This level of precision enables security teams to focus remediation efforts on actionable threats, rather than sifting through thousands of potential vulnerabilities with uncertain impact. Miggo claims the system begins analysis within seconds of a CVE’s publication—tracing, simulating exploits, and providing real‑time insights without human intervention.
The platform’s open-access offering grants all users technical root‑cause analysis, exploitation conditions, and function‑level mapping—electricity for developers seeking to stay ahead of attackers. Enterprise customers gain an additional layer of protection through dynamic Web Application Firewall rules that adapt based on emerging exploit patterns.
Miggo’s predictive approach addresses a significant problem in contemporary cybersecurity: the overwhelming volume of CVEs—tens of thousands annually—that often remain theoretical until they intersect with specific applications. By integrating runtime observability and exploit simulation, VulnDB avoids false positives and delivers prioritisation in line with real-world risk.
The company’s roots lie in its Application Detection and Response platform, launched last year with US$7.5 million in seed funding from YL Ventures and other top-tier investors. ADR provides visibility into live application behaviour, maps distributed application components, detects deviations and enacts mitigation, enabling precise runtime threat containment. VulnDB extends this capability by delivering predictive intelligence to a broader user base.
CEO Daniel Shechter highlights that applications remain a primary attack vector, driven by both architectural complexity and attacker focus on runtime behaviour. CTO Itai Goldman emphasises that “everyone’s drowning in CVEs, but no one’s telling you which ones can actually be exploited through your app”. Their message resonates as security teams confront a growing technical debt and shrinking remediation bandwidth.
Experts in the security community note that the addition of exploit simulation—a process where potential attacks are modelled in a sandbox—provides tangible value. It shifts vulnerability management from inventory-driven triage to contextual decision-making based on whether a flaw is reachable, exploitable and present in live infrastructure.
Miggo’s timing aligns with intensifying pressure on organisations to shrink the window between discovery and exploitation. High-profile breaches such as MOVEit, SharePoint and Ivanti have exposed how attackers can weaponise vulnerabilities before manual patching practices can catch up. In such a high‑velocity threat landscape, VulnDB’s speedy automation and runtime anchoring offer clear advantages.
Miggo also addresses concerns over transparency and data equity by making its intelligence publicly accessible. This open baseline encourages broader adoption, while its enterprise tier amplifies value with live defences and tailored context. Head of Research Liad Eliyahu explains the strategy: “Security isn’t about knowing everything. It’s about knowing what matters”.
Academic studies on vulnerability prediction, such as the TROVON model, underline the ongoing struggle to differentiate high-risk components from noisy datasets. Miggo bypasses much of this complexity by utilising runtime evidence rather than historical inference, offering a practical complement to academic approaches.
Early adopters report that VulnDB has streamlined vulnerability workflows, replacing CVE overwhelm with targeted insights. With free access available now on Miggo’s website, developers and security teams are encouraged to trial predictive intelligence and integrate it with existing CI/CD pipelines.