{{Short description|Japanese national vulnerability database}}
{{Infobox website | name = Japan Vulnerability Notes | type = Vulnerability countermeasure information portal | language = {{plainlist| *Japanese *English }} | owner = Japan Computer Emergency Response Team Coordination Center and Information-technology Promotion Agency (IPA) | area_served = Japan | url = {{URL|jvn.jp}} | commercial = No | current_status = Online }}
'''Japan Vulnerability Notes''' ('''JVN''') is Japan's national vulnerability database and security advisory portal for software products used in Japan. It publishes information about security vulnerabilities, vendor responses and mitigation measures, and is jointly operated by the Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) and the Japanese government's Information-technology Promotion Agency.<ref name=JVNWhatIs>{{cite web |title=What is JVN? |url=https://jvn.jp/en/nav/jvn.html |website=Japan Vulnerability Notes |publisher=JPCERT Coordination Center; Information-technology Promotion Agency |date=21 May 2008 |access-date=11 November 2025}}</ref><ref>{{Cite web|url=https://www.itproportal.com/features/not-all-national-vulnerability-databases-are-created-equal/|title=Not all National Vulnerability Databases are created equal|first=Rami|last=Sass|date=2019-01-16|website=IT Pro Portal|language=en|access-date=2019-06-03}}</ref><ref>{{Cite web|url=https://cve.mitre.org/compatible/questionnaires/104.html|title=CVE - Requirements and Recommendations for CVE Compatibility - Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) and Information-technology Promotion Agency, Japan (IPA) - Japan Vulnerability Notes (JVN)|website=cve.mitre.org|access-date=2019-06-11}}</ref><ref name=IPAAbout>{{cite web |title=Vulnerabilities: Japan Vulnerability Notes (JVN) |url=https://www.ipa.go.jp/en/security/vulnerabilities/jvn/about.html |website=Information-technology Promotion Agency |access-date=11 November 2025}}</ref><ref name=CVEFoundation>{{cite web |title=Vulnerability Management Resources |url=https://www.thecvefoundation.org/resources |website=CVE Foundation |date=2025 |access-date=11 November 2025}}</ref>
==History== JPCERT/CC and IPA have coordinated the handling of software vulnerabilities in Japan since 2004 under the Information Security Early Warning Partnership, a national framework for early disclosure of vulnerabilities.<ref name=GSSD>{{cite web |title=Japan Vulnerability Notes |url=https://gssd.mit.edu/search-gssd/site/japan-vulnerability-notes-60630-mon-12-08-2014-1525 |website=Global System for Sustainable Development |publisher=Massachusetts Institute of Technology |date=8 December 2014 |access-date=11 November 2025}}</ref> JVN was developed as a public portal to publish vulnerability countermeasure information collected through this framework for software products used in Japan.<ref name=JVNWhatIs/><ref name=IPAAbout/>
In April 2007, IPA launched the companion database JVN iPedia as a public archive of vulnerability countermeasure information derived from JVN and other sources, and during its first six months the Japanese-language version catalogued about 4,100 vulnerabilities.<ref name=JVNiPedia2024Q2>{{cite web |title=Vulnerability Countermeasure Information Database JVN iPedia Registration Status [2024 2nd Quarter (Apr. – Jun.)] |url=https://www.ipa.go.jp/en/security/vulnerabilities/jvn/ipedia2024q2_en.html |website=Information-technology Promotion Agency |date=21 August 2024 |access-date=11 November 2025}}</ref> By 2012, JVN had adopted the Security Content Automation Protocol (SCAP) to standardise its vulnerability data for automated processing.<ref name=SCAPJVN>{{cite web |last=Terada |first=Masato |title=Structure and numbering of JVN, and Security content automation framework |url=https://www.first.org/resources/papers/kyoto2012/terada-masato-slides2.pdf |website=FIRST Technical Colloquium Kyoto 2012 |publisher=Information-technology Promotion Agency |date=14 November 2012 |access-date=11 November 2025}}</ref>
==Functions and structure== Under the Information Security Early Warning Partnership, IPA receives privately reported vulnerabilities affecting software used in Japan and JPCERT/CC coordinates with software developers to prepare patches or other countermeasures, which are then published via JVN.<ref name=IPAAbout/> JVN entries include a description of the vulnerability, analysis by JPCERT/CC, vendor notes and recommended solutions, and may also provide chronological ''status tracking'' notes on exploit code, incidents and the availability of fixes.<ref name=IPAAbout/><ref name=JVNWhatIs/> JVN offers updates in RSS format and tools that allow organisations to display recent advisories on their own websites.<ref name=IPAAbout/>
The Forum of Incident Response and Security Teams (FIRST) describes JVN as a vulnerability-handling coordination database that provides vulnerability countermeasure information and Japanese vendor status for vulnerabilities reported through the Information Security Early Warning Partnership, using identifiers of the form JVN#NNNNNNNN and JVNVU#NNNNNNNN.<ref name=FIRSTVDB>{{cite web |title=Vulnerability Database Catalog |url=https://www.first.org/global/sigs/vrdx/vdb-catalog |website=Forum of Incident Response and Security Teams |date=17 March 2016 |access-date=17 November 2025}}</ref> The associated database JVN iPedia, maintained by IPA, stores summary and countermeasure information for vulnerabilities published on JVN and other sources and assigns identifiers of the form JVNDB-YYYY-NNNNNN.<ref name=IPAAbout/><ref name=FIRSTVDB/> JVN iPedia supports keyword and product search, CVSS severity scores and CPE product identifiers, and can be queried using CVE identifiers.<ref name=CVECompat>{{cite web |title=CVE – Requirements and Recommendations for CVE Compatibility – Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) and Information-technology Promotion Agency, Japan (IPA) – Japan Vulnerability Notes (JVN) |url=https://www.cve.org/Resources/Media/Archives/OldWebsite/compatible/questionnaires/104.html |website=CVE |access-date=17 November 2025}}</ref><ref name=JVNiPediaHelp>{{cite web |title=How to Use JVN iPedia |url=https://jvndb.jvn.jp/en/nav/jvndbhelp.html |website=JVN iPedia |publisher=Information-technology Promotion Agency |date=1 December 2015 |access-date=17 November 2025}}</ref>
JVN and JVN iPedia together function as Japan's national vulnerability database within the global CVE ecosystem.<ref name=CVEFoundation/> The CVE Foundation notes that JVN ingests CVE entries, enriches them with local context and JVN-specific identifiers and has participated as a CVE data source since 2008.<ref name=CVEFoundation/> According to IPA, JVN iPedia stored 208,034 vulnerability records as of the second quarter of 2024, rising to 242,898 by the second quarter of 2025.<ref name=JVNiPedia2024Q2/><ref name=IPAAbout/>
== References == {{reflist}}
== External links == * [https://jvn.jp/en Official website]
Category:Security vulnerability databases
{{japan-gov-stub}} {{computer-security-stub}}