Skip to content

How do I keep track of vulnerabilities?

Requires Pro

In the Operations area, the Vulnerabilities tab holds a list of known vulnerabilities. Use “Add Vulnerability” to record a Name, optionally the CVE ID, the Severity and the Status, and link the vulnerability to an affected asset if needed.

Operations is part of the Operations module and available from the Pro tier.

  1. Open Operations → Vulnerabilities. Choose Operations and the Vulnerabilities tab. The table shows name, CVE ID, severity and status.

    The 'Vulnerabilities' tab in the Operations area.
  2. Record a vulnerability. Click “Add Vulnerability” and fill in the dialog:

    • Name (required) — a short description.
    • CVE ID (optional) — e.g. CVE-2026-1234.
    • Severity (required)Low, Medium, High or Critical.
    • Status (required)Open, Mitigated, Resolved or Accepted.
    • Description (optional) — details, references, mitigations.
    Recording a vulnerability with CVE ID, severity and status.
  3. Maintain it. Once a vulnerability has been addressed, set its Status to Mitigated, Resolved or Accepted via the pencil icon.

  • Optional asset link: affected_asset_id points to an asset. If the asset is deleted, the vulnerability is kept; the link is set to null.
  • Tenant isolation & audit: Entries belong to your tenant; every change is logged.
  • Purely documentary: Notory does not assess vulnerabilities automatically and does not query any CVE database — you maintain severity and status yourself. For active network discovery, see Discovery.