This study addresses the lack of empirical research on the content characteristics and governance role of the European Union Vulnerability Database (EUVD) in European cybersecurity policy. It presents the first systematic empirical analysis of the EUVD, leveraging its metadata alongside Common Vulnerability Scoring System (CVSS) scores and exploitability prediction metrics to assess the risk profile of listed vulnerabilities and the participation levels of member states’ public institutions. The findings reveal that vulnerabilities in the EUVD exhibit significantly higher severity and exploitability risk compared to those coordinated by most European public entities. While Spain demonstrates active engagement, the majority of member states and the European Union Agency for Cybersecurity (ENISA) contribute minimally. The database shows a pronounced growth trend, offering critical empirical insights into the evolving landscape of coordinated vulnerability disclosure in Europe.

A new European Union Vulnerability Database (EUVD) was introduced via a legislative act in 2022. The paper examines empirically the meta-data content of the new EUVD. According to the results, actively exploited vulnerabilities archived to the EUVD have been rather severe, having had also high exploitation prediction scores. In both respects they have also surpassed vulnerabilities coordinated by European public authorities. Regarding the European authorities, the Spanish public authority has been particularly active. With the exceptions of Finland, Poland, and Slovakia, other authorities have not engaged thus far. Also the involvement of the European Union's own cyber security agency has been limited. These points notwithstanding, European coordination and archiving to the EUVD exhibit a strong growth trend. With these results, the paper makes an empirical contribution to the ongoing work for better understanding European cyber security governance and practice.