VulDB Pricing: API Plans, Free Tier, and Costs (2026)

Pricing overview

VulDB provides access to its vulnerability intelligence platform through a tiered subscription model, primarily focused on API plans for programmatic access to its extensive database. The pricing structure is designed to accommodate individual researchers, small teams, and large enterprises, with varying levels of access, request limits, and feature sets. The core offering revolves around a comprehensive database of vulnerabilities, including zero-day and unpatched issues, which is accessible via a RESTful API returning JSON responses (json.org specification details). Customers select a plan based on their anticipated API request volume and the specific intelligence features required for their security operations, such as detailed vulnerability analyses, exploit information, and threat intelligence feeds. Discounts may be available for longer-term commitments or specific organizational types, though these are typically negotiated directly with VulDB sales on their pricing page.

The free tier offers a foundational level of access, allowing users to explore basic vulnerability information before committing to a paid plan. This allows for preliminary research and understanding of the database's scope and data quality. Paid plans introduce significantly higher API request limits, access to premium data fields, and enhanced support options. Enterprise-level solutions are also available, offering customized integrations, dedicated infrastructure, and specialized intelligence services tailored to specific organizational security requirements. The pricing is denominated in Euros (EUR) and generally billed on a monthly basis, with potential for annual billing options.

Plans and tiers

VulDB's API pricing is structured into several tiers, each building upon the previous one with increased capabilities and higher usage limits. The base paid offering, API Basic, provides a starting point for developers and security professionals who need programmatic access to vulnerability data. As usage requirements grow, users can upgrade to higher tiers, which unlock more API requests per month, advanced data fields, and additional features like private feeds or enhanced support. The plans are primarily differentiated by the monthly API request allowance, which is a critical factor for automated security tools and large-scale data integrations.

The following table outlines the general structure of VulDB's API plans, based on information provided on the VulDB pricing page. Specific details regarding exact request limits and all features are subject to change and should be verified on the official VulDB website.

Each paid plan typically includes comprehensive documentation for API integration, enabling developers to quickly incorporate VulDB's intelligence into their existing security tools and workflows. The API allows for various query parameters, enabling precise filtering by vulnerability type, vendor, product, and date ranges, which helps optimize request usage.

Free tier and limits

VulDB offers a free tier that provides limited public access to its vulnerability database. This tier is designed to allow potential users to explore the breadth and depth of the data available without any financial commitment. Access at this level typically involves using the public website to search for specific vulnerabilities and view basic details. This can include vulnerability IDs, affected products, and a summary description. However, features such as exploit details, deep technical analyses, and programmatic access via the API are generally restricted to paid subscribers.

The primary limitations of the free tier include:

• No API Access: Direct API integration for automated data retrieval is not available on the free tier. All interactions are manual through the web interface.
• Limited Data Details: While basic vulnerability information is provided, advanced fields such as exploit availability, patch status details, vendor responses, and CVSS (Common Vulnerability Scoring System) metrics beyond base scores might be restricted or offered in a summarized format. For a detailed understanding of CVSS, the FIRST.org CVSS documentation provides comprehensive information.
• Usage Restrictions: There may be implicit or explicit limits on the number of searches or views allowed within a specific timeframe to prevent abuse.
• No Priority Support: Free tier users typically rely on community forums or general documentation for support, rather than direct technical assistance.
• Delayed Updates: Some of the latest or most critical threat intelligence updates might be exclusive to paid tiers, with free users receiving information after a delay.

The free tier serves as an effective way for individuals or organizations to assess the relevance and quality of VulDB's data for their specific needs before considering a paid subscription. It allows for testing of search queries and validation of the database's coverage against known vulnerabilities relevant to their environment.

Real-world cost examples

Understanding VulDB's pricing in practical scenarios helps illustrate potential costs for different use cases:

1. Small Development Team Integrating Patch Management:
   A small development team with 5-10 engineers needs to integrate real-time vulnerability intelligence into their automated patch management system. They anticipate making approximately 15,000 API requests per month to check for new vulnerabilities affecting their tech stack and to retrieve detailed exploit information for prioritization. The API Developer plan at 499 EUR/month would likely be the most suitable option, providing the necessary request volume and access to critical vulnerability attributes. This allows their system to query VulDB daily for updates across their software inventory, ensuring timely patching decisions based on the latest threat landscape.
2. Security Research Firm for Deep Analysis:
   A security research firm specializes in zero-day vulnerability analysis and requires extensive access to historical data, exploit trends, and private intelligence feeds. Their analysts frequently perform deep dives into specific vulnerabilities, requiring hundreds of thousands of API requests annually for data correlation and analysis. They also require prompt access to newly discovered vulnerabilities. For this level of usage, the API Professional plan at 999 EUR/month would serve as a baseline, offering a higher request limit (e.g., 50,000 requests/month) and access to private feeds. If their annual usage consistently exceeds this, they would likely transition to an Enterprise Solution (Custom pricing) to secure dedicated resources and potentially a higher custom request volume, ensuring their research is not hampered by rate limits.
3. Managed Security Service Provider (MSSP) with Multiple Clients:
   An MSSP monitors the security posture for dozens of clients, each with unique software inventories. Their vulnerability management platform needs to query VulDB for hundreds of thousands of vulnerability checks monthly, across a diverse set of client environments. They require highly reliable API access, comprehensive data, and possibly customized data feeds for specific client sectors. In this scenario, an Enterprise Solution (Custom pricing) would be necessary. This would involve direct negotiation with VulDB to establish a custom plan that scales with their client base, offers tailored data streams, and includes dedicated technical support to ensure seamless integration and operational stability across their multi-tenant platform.
4. Individual Researcher for Ad-hoc Lookups:
   An independent security researcher occasionally needs to verify details about a specific vulnerability or explore recent trends. Their usage is infrequent and typically involves manual searches rather than automated queries. For this use case, the Free Tier would be sufficient. They can use the public website to perform ad-hoc lookups and gain basic insights without incurring any costs. If they required programmatic access for a specific project, they might consider the API Basic plan for a single month to complete their task, then downgrade or cancel.

These examples highlight how VulDB's tiered pricing model allows users to select a plan that aligns with their operational scale and specific intelligence needs, with options ranging from free web access to custom enterprise agreements.

How the pricing compares

When evaluating VulDB's pricing, it is useful to compare it against alternative vulnerability intelligence sources, considering both commercial and open-source options. VulDB differentiates itself by focusing on a broad and rapidly updated database, including zero-day and unpatched vulnerabilities, often with detailed exploit information.

• NVD (National Vulnerability Database): The NVD from NIST is a public, government-sponsored database that is free to use. It aggregates CVE (Common Vulnerabilities and Exposures) entries, provides CVSS scores, and offers basic impact and solution information. NVD is an excellent baseline for vulnerability data, but its updates can sometimes lag commercial services, and it typically does not include the same depth of exploit intelligence, zero-day coverage, or custom threat feeds that VulDB provides. Organizations relying solely on NVD might miss out on early warnings for critical threats, making NVD a good complementary resource rather than a direct, feature-comparable alternative for advanced needs.
• Snyk: Snyk primarily focuses on developer-first security, offering tools to find and fix vulnerabilities in open-source dependencies, containers, and infrastructure as code. Snyk's pricing is often based on the number of developers or projects scanned, and it includes features like continuous monitoring and automated remediation suggestions. While Snyk identifies vulnerabilities, its core strength is in integrating security earlier into the development lifecycle. VulDB, by contrast, focuses more broadly on comprehensive threat intelligence, including zero-day coverage and exploit details, which might appeal more to SOC teams and threat researchers. A direct comparison of pricing models is challenging due to their different primary value propositions, but Snyk often offers a free tier for individual developers and then scales up with team and enterprise plans based on usage metrics like monthly tests or commit volume.
• Recorded Future: Recorded Future provides a comprehensive threat intelligence platform that includes vulnerability intelligence as one component of a broader offering. Their pricing is generally at the enterprise level, reflecting the extensive range of intelligence sources (OSINT, dark web, technical indicators) and advanced analytical capabilities they provide. Recorded Future's solutions are typically custom-quoted and priced significantly higher than VulDB's entry-level plans, targeting large enterprises and government agencies that require an all-encompassing threat intelligence solution. VulDB offers a more specialized focus on vulnerability data and associated exploits, making it a potentially more cost-effective option for organizations whose primary need is deep vulnerability intelligence rather than a full spectrum threat intelligence platform.

VulDB's API plans, starting at 199 EUR/month, position it as a mid-range commercial option. It provides more comprehensive and timely intelligence than free public databases like NVD, without reaching the high-end pricing of broad threat intelligence platforms such as Recorded Future. Its value proposition lies in its specialized focus on a highly curated and frequently updated vulnerability database, making it a targeted solution for organizations requiring up-to-date and actionable vulnerability intelligence.