Victims is a software vulnerability scanner which links file hashes to Common Vulnerability Enumerations (CVE). The scanner has been in use since 2013, with many vulnerability reports stored in the database.
The scanner is used by Red Hat for detecting the use of known vulnerable libraries in their software. Red Hat are large contributors to the database, but there are also contributors. Check out the contributors here.
Look out for future blog post for more information on how to use victims in a OpenSCAP scan, or during a Maven build.