our mission

We aim to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them. We have a global reach, but do it Dutch style: open, honest, collaborative and for free.

Our statistics

Year # of cases # of vulnerable IPs notified
2020 14 58,358
2021 23 77,831
2022 18 91,182


DIVD is a platform for security researchers to report vulnerabilities, supported by volunteers.


Code of Conduct

How and why we scan and report.


News & Events

Just getting started with some presentations here and there



Reports on closed research



Blog on current research by our Computer Security Incident Response Team



Who we collaborate with, our sponsors and references



We are a network of security researchers who mainly work online.






We need your support for our mission.

Current open cases

DIVD-2022-00027 - F5 BIG-IP iControl REST API remote code execution
DIVD-2022-00026 - WSO2 Remote Code Executions - CVE-2022-29464
DIVD-2022-00025 - VMware - CVE-2022-22954
DIVD-2022-00024 - Spring Cloud RCE - CVE-2022-22963
DIVD-2022-00022 - WatchGuard Firebox and XTM appliance ACE vulnerability
DIVD-2022-00021 - Ivanti EPM CSA remote code execution
DIVD-2022-00019 - Insecure Mendix Applications
DIVD-2022-00017 - Global Healthcare Vulnerabilities
DIVD-2022-00015 - Unauthenticated user enumeration on GraphQL API
DIVD-2022-00014 - GreyNoise's Ukraine only list
DIVD-2022-00012 - Global Charity Vulnerabilities
DIVD-2022-00010 - Auth bypass in SAP
DIVD-2022-00008 - XSS Zeroday in Zimbra
DIVD-2022-00007 - Subdomain Takeovers
DIVD-2022-00006 - SAProuter
DIVD-2022-00005 - Exposed BACnet devices
DIVD-2022-00004 - Post-Log4J Open Database C2 and Monero Miner Infections
DIVD-2022-00002 - Grafana
DIVD-2021-00039 - HP iLO
DIVD-2021-00038 - Apache Log4j2
DIVD-2021-00029 - Smartertrack
DIVD-2021-00023 - Atlassian Confluence OGNL injection (RCE)
DIVD-2021-00022 - Exchange ProxyShell and ProxyOracle
DIVD-2021-00021 - Qlik Sense Enterprise domain user enumeration
DIVD-2021-00015 - Telegram OD
DIVD-2021-00014 - Kaseya Unitrends

All cases

Last 10 csirt blog posts

04 April 2022 - Kaseya Full Disclosure
12 March 2022 - SmarterTrack limited disclosure
08 February 2022 - Auth bypass in SAP
07 February 2022 - XSS Zeroday in Zimbra
01 February 2022 - DIVD is a CVE Numbering Authority
14 December 2021 - Update Apache log4j2 remote code execution
10 December 2021 - Apache log4j2 remote code execution
27 November 2021 - NMAP script for GitLab CVE-2021-22205
11 November 2021 - GitLab Unauthenticated RCE Flaw
04 November 2021 - SolarWinds N-able N-central

All posts