Threat and vulnerability catalogues are necessary inputs for the engineering of security critical systems. In addition, maintained threat catalogues are necessary to monitor the security of systems in the field. While open vulnerability databases exist, for domains in which security is a new challenge like automotive, industrial or railways such catalogues are missing. The Dependable Systems Engineering group builds and maintains such catalogues, also making sure they are usable for the engineering and work with model-based system engineering approaches to allow for automated analysis.