ComparisonVulnerability intelligence service

VulnCheck vs CVD Portal

Vulnerability intelligence, exploit data, and KEV-style enrichment. How does VulnCheck compare to CVD Portal for an EU manufacturer subject to the Cyber Resilience Act?

Headquarters
Lexington, Massachusetts, United States
Category
Vulnerability intelligence service
Pricing model
API subscription pricing on request, with a community tier available for limited use.

How they compare on CRA-critical features

Five capabilities that matter most for EU manufacturers under Articles 13 and 14 of Regulation (EU) 2024/2847.

Feature
VulnCheck
CVD Portal
Whitelabel CVD intake portal (Article 13 SPOC)
Included on Free tier
Article 14 reporting workflow (24h / 72h / final)
Not advertised
Built in. Guided manual on Free and Pro, automated submission to ENISA Single Reporting Platform on Enterprise
EU data residency by default
Varies; often requires enterprise contract
Default for every customer
CSAF 2.0 advisory generator
Not advertised
Included from Pro
Published free tier suitable for SMEs
Varies
€0/month, no card required

Where VulnCheck is strong

  • +High-quality vulnerability intelligence and exploit enrichment data.
  • +Useful inputs into prioritisation: known exploited vulnerabilities, exploit availability, and threat actor activity.
  • +API access for security teams that want to enrich their own pipelines.

Where it is not a CRA fit

  • !VulnCheck is a vulnerability intelligence provider, not a CVD or disclosure platform. The product is a data feed plus enrichment API, not an intake portal.
  • !No CVD policy publication, no whitelabel intake, no Article 13 single point of contact tooling.
  • !No Article 14 reporting workflow.
  • !No CSAF 2.0 advisory generation as part of the publicly listed feature set.

The CRA gap

VulnCheck enriches a manufacturer's view of the external threat landscape. It does not provide intake for external researchers reporting on the manufacturer's own products and it does not address the Article 14 reporting cascade to ENISA and the relevant national CSIRT.

Why teams pick CVD Portal for CRA

Five reasons EU manufacturers choose CVD Portal over VulnCheck.

  1. 1

    Intake portal for external reports about the manufacturer's own products.

  2. 2

    Article 13 publication and SPOC tooling under the manufacturer's brand.

  3. 3

    Article 14 reporting cascade with 24h, 72h, and final-report timers.

  4. 4

    CSAF 2.0 advisory generation aligned with the CRA advisory model.

  5. 5

    EU data residency by default.

Frequently asked

Is VulnCheck a CVD portal?
No. VulnCheck is a vulnerability intelligence service. It provides data about known exploited vulnerabilities, exploit availability, and related signals. It is not an intake platform for external vulnerability reports about a manufacturer's product.
Does the CRA require vulnerability intelligence?
The CRA expects manufacturers to be aware of vulnerabilities in the components and dependencies of their products. Vulnerability intelligence services are one way to satisfy that expectation. CVD Portal does not replace a vulnerability intelligence subscription.
Can CVD Portal use VulnCheck-style data?
CVD Portal mirrors CIRCL's CVE and KEV data into the dashboard for prioritisation. Customers that want richer commercial enrichment typically subscribe to a vulnerability intelligence provider separately.
Why are these two compared at all then?
Manufacturers researching CRA tooling often run a wide search. VulnCheck and CVD Portal both appear in that search but cover different parts of the obligation set. The page exists to draw that line cleanly.
What does CVD Portal cost?
Free at €0/month for the Article 13 baseline, Pro in the low tens of euros per month for multi-product organisations, Enterprise priced on request and includes the automated ENISA reporting workflow.

Switch to a CRA-native disclosure portal in under an hour

Article 13 baseline at €0/month. Article 14 reporting workflow included. EU data residency by default. No card required to start.

Start your free portalSee pricing

Other CVD Portal comparisons

CVD Portal vs HackerOneCVD Portal vs BugcrowdCVD Portal vs IntigritiCVD Portal vs YesWeHackCVD Portal vs Open Bug BountyCVD Portal vs disclose.io