What is JVN iPedia?


What is JVN iPedia?

JVN iPedia is a database of vulnerability countermeasure information collected on software products, such as operating systems, applications, libraries and embedded systems, used in Japan. It offers a search engine to enable easy access to the information needed.

What is the difference between JVN and JVN iPedia?

They differ in the scope of information collected and when to release the information. JVN aims to offer the vulnerability and countermeasure information to the public as soon as possible and JPCERT/CC coordinates with the vendors when to disclose new vulnerabilities reported to it. For more information on JVN, please refer to 'What is JVN?'

On the other hand, JVN iPedia aims to collect vulnerability and countermeasure information found on a daily basis more accordingly. It collects and publishes vulnerability and countermeasure information on Japanese software products not released on JVN, in addition to what are available on JVN.

How can I make good use of JVN iPedia?

If you know what you are looking for, like when you'd like to check the information on a specific products or how to fix the vulnerability you come to notice at other sources, you can use the search engine to easily access the information you need. If you'd like to collect information on a regular basis, we offer JVNDBRSS.

When did JVN iPedia become available? How much information does it store?

JVN iPedia was made public on April 25, 2007 and English data were added on May 21, 2008. As of that date, it held English information on 325 vulnerabilities found between 1998 and Febrary 2007 and the number has been increasing since then.

How long does it take for vulnerability/countermeasure information to be available on JVN iPedia after those information are made public?

Normally it takes about 2 to 4 weeks. Please note that there may be some delay as to we strive to collect accurate information and/or it could depend on the vendor's response, the priority required or the number of vulnerabilities we need to handle.

What is the scope JVN iPedia covers?

It covers Japanese products and the oversea software popularly used in Japan.

What information sources does JVN iPedia use?

Apart from information to be published on JVN (VN-JP, VN-CERT/CC, VN-CPNI), information is aggregated from domestic vendors and NVD (National Vulnerability Database), which is operated by NIST (National Institute of Standards and Technology).

As for the data collected from JVN, JVN iPedia basically duplicates them but it may add or delete information depending on information available at the time of collection.

What is CVSS?

Please refer What is CVSS? for the detail.


JVNDBRSS is a framework to provide the vulnerability information newly added/updated and those published in a yearly period in the RSS (RDF Site Summary) format. Using an RSS reader, people can get and check the contents of the database easily. JVNDBRSS provides RSS feed in the JVNRSS format. For information on JVNRSS, please refer to 'What is JVNRSS?' and 'JVNRSS - Japan Vulnerability Notes RDF Site Summary'.

About information in JVN iPedia

Q01:Can I put a link to JVN iPedia? I would like to refer to it with a thumbnail.
Ans:Yes. You can place a link to https://jvndb.jvn.jp/en/.
Q02:Can I quote the data in JVN iPedia?
Ans:Yes but we'd like to ask you to let us know. It could help us improve JVN iPedia to be aware of by whom, how and where our JVN iPedia data are used.
* To contact us, please email at jvn@jvn.jp
Q03:Some links in JVN iPedia seem dead.
Ans:Software products, versions, URLs and other information provided in JVN iPedia are "as is", valid as of the date of publish or the last update, and have been possibly changed. Some links in old data were no longer valid even at the time of publishement. Some of thoee links are left as they are with the notice of "dead link" unless we could find and replace with alternate information sources.