What is the difference beween the OpenVAS default scanner and the CVE scanner


I’d like to understand the importance of choosing the OpenVAS default scanner versus the CVE scanner.
If I run the two scanners agains the same target, I see three significant differences:

  1. CVE scanner runs for just a second or so.
  2. The CVE report document contains just a table indicating the hits, but the report is otherwise empty. (Navigating to the reports, there I can find the referenced CVE hits, but they don’t appear in the document.)
  3. The CVE hits are of higher severity than the most severe one in the OpenVAS default scan.

Could you please advise on these items? Thank you.

You can find the documentation around the CVE Scanner as a part of the following documentation:



The CVE Scanner doesn’t replace the OpenVAS default scanner and works on top of that and also depends on the latter. Basically the CVE Scanner allows to do some “Prognosis” scans based on a previously done “full” scan by the OpenVAS default scanner and on the data (namely application CPEs) collected by that scan.

If you are e.g. only able / allowed to scan a specific network range only weekly or monthly you can still use the CVE Scanner in between as it doesn’t do any “live” scan but just uses previously collected data and is giving you a rough overview if possible new vulnerabilities have been found on the target systems.

1 Like

Thank you for this explanation and for the reference, it is really helpful!

Kindest regards,


1 Like