Analyzing CVE Database Using Unsupervised Topic Modelling

This paper describes our study of the vulnerability reports in the Common Vulnerability and Exposures (CVE) database by using topic modeling on the description texts of the vulnerabilities. Prevalent vulnerability types were found, and new trends of vulnerabilities were discovered by studying the 121,716 unique CVE entries that are reported from January 1999 to July 2019. The topics found through topic modeling were mapped to OWASP Top 10 vulnerabilities. It was found that the OWASP vulnerabilities A2: 2017-Broken Authentication, A4:2017-XML External Entities (XXE), and A5:2017-Broken Access Control increased, yet the vulnerability A7:2017-Cross-Site Scripting (XSS) had a steep decrease over the period of 20 years.