Japan Vulnerability Notes

Japan Vulnerability Notes (JVN) is Japan's national vulnerability database and security advisory portal for software products used in Japan. It publishes information about security vulnerabilities, vendor responses and mitigation measures, and is jointly operated by the Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) and the Japanese government's Information-technology Promotion Agency.^{[1][2][3][4][5]}

History

JPCERT/CC and IPA have coordinated the handling of software vulnerabilities in Japan since 2004 under the Information Security Early Warning Partnership, a national framework for early disclosure of vulnerabilities.^[6] JVN was developed as a public portal to publish vulnerability countermeasure information collected through this framework for software products used in Japan.^[1][4]

In April 2007, IPA launched the companion database JVN iPedia as a public archive of vulnerability countermeasure information derived from JVN and other sources, and during its first six months the Japanese-language version catalogued about 4,100 vulnerabilities.^[7] By 2012, JVN had adopted the Security Content Automation Protocol (SCAP) to standardise its vulnerability data for automated processing.^[8]

Functions and structure

Under the Information Security Early Warning Partnership, IPA receives privately reported vulnerabilities affecting software used in Japan and JPCERT/CC coordinates with software developers to prepare patches or other countermeasures, which are then published via JVN.^[4] JVN entries include a description of the vulnerability, analysis by JPCERT/CC, vendor notes and recommended solutions, and may also provide chronological status tracking notes on exploit code, incidents and the availability of fixes.^[4][1] JVN offers updates in RSS format and tools that allow organisations to display recent advisories on their own websites.^[4]

JVN and JVN iPedia together function as Japan's national vulnerability database within the global CVE ecosystem.^[5] The CVE Foundation notes that JVN ingests CVE entries, enriches them with local context and JVN-specific identifiers and has participated as a CVE data source since 2008.^[5] According to IPA, JVN iPedia stored 208,034 vulnerability records as of the second quarter of 2024, rising to 242,898 by the second quarter of 2025.^[7][4]