Central government logo, link to homepage
National Cyber Security CentreMinistry of Justice and Security

Security Advisories

Products and services
Detection & notification
In a rapidly evolving digital landscape, up-to-date information on vulnerabilities is crucial. The NCSC publishes Security Advisories to warn organisations about current threats in specific software or services. This page explains how our Security Advisories are structured, how we distribute them, and how to integrate them effectively into your vulnerability management process.

What is a Security Advisory?

An NCSC Security Advisory provides context on one or more recently discovered vulnerabilities. It aims to give you quick insight into three core questions:

  • What’s the issue? A description of the vulnerabilities and the affected software.
  • What is the impact? The potential consequences for the confidentiality, integrity, or availability of your systems.
  • What should you do? The available courses of action, such as patches, workarounds (mitigations), or tips for monitoring and detection.

Who are these Security Advisories for?

Our Security Advisories are primarily aimed at security professionals responsible for their organisation’s cyber resilience, including:

  • Chief Information Security Officers (CISOs)
  • Security Officers and Analysts
  • System Administrators and IT Managers

Classification: Normal and Urgent

To help you prioritise, we use two levels for our advisories. We have moved away from communicating probability and impact calculations and instead use clear labels:

  • Urgent: Vulnerabilities with a high likelihood of exploitation and severe potential impact. An urgent advisory requires immediate action to prevent incidents.
  • Normal: Vulnerabilities with a moderate likelihood of exploitation while still carrying high potential impact. These advisories require attention and planning within your regular patch cycle.

How do I access the Security Advisories?

We provide our data in multiple formats so it can be processed by both people and automated systems.

Public information

For general use, advisories are available at advisories.ncsc.nl.

  • HTML and PDF: For readability and easy sharing within your organisation.
  • CSAF (Common Security Advisory Framework): We provide machine-readable data in CSAF format. This enables organisations to automate the retrieval and processing of advisories and integrate them directly into their security processes.

For NIS2 organisations and central government

Organisations that fall under the Cybersecurity Act (NIS2 Directive) or are part of central government have access to additional distribution channels:

  • MijnNCSC: A secure MijnNCSC portal for viewing Security Advisories and threat intelligence.
  • API: Via api.ncsc.nl, these organisations can securely and automatically retrieve Security Advisories.

From reactive to being in control

The number of vulnerabilities discovered worldwide is vast, and NCSC advisories cover only a fraction of them. Our vision therefore focuses on increasing organisations’ self-reliance.

Use the advisory as an additional trigger

We advise organisations not to rely exclusively on NCSC Security Advisories. A mature vulnerability management process requires your own insight:

  • Conduct your own filtering: Use general vulnerability sources (such as vulnerabilities.ncsc.nl) to build a view of all relevant threats.
  • Filter for relevance: Determine what matters to you based on your own infrastructure and risk profile.
  • Supplement: Treat NCSC Security Advisories as an essential supplement and validation for issues that pose a high risk nationally or across a sector (the “highlighted issues”).

This way, you stay in control and draw on NCSC expertise where it is most needed.

View the Security Advisories
Form
Did you find this page helpful?