“A patchwork of paid databases will be all that remains, threatening to leave all but the richest organizations and nations permanently exposed.”
The National Vulnerability Database stopped publishing new entries in February 2024, and the CVE program nearly lost its funding in April 2025. Over 25,000 vulnerabilities now await processing, nearly ten times the previous high. NIST’s budget got cut 12% right around the time CISA pulled its $3.7 million in annual NVD funding. The entire global cybersecurity notification system depends on a web of US agency interests and government funding that can vanish on a political whim, and right now it is vanishing.