Vulnerability database data sources use semi-structured and unstructured data expression, which can provide convenience for researchers in vulnerability analysis and systematic study of vulnerability mechanism and vulnerability content. However, the traditional vulnerability database has some problems, such as weak correlation attribute, redundant data format and low visualization degree, which are difficult to be understood and analysed by machines. This paper proposes a CVE vulnerability intelligent association based on chain reasoning. By analysing the vulnerability description and the relationship between different vulnerability databases, investigating the software and systems affected by each vulnerability, linking relevant knowledge, inferring the hidden relationship of each vulnerability, building the relationship between the entity nodes of the vulnerability knowledge graph, and finally importing the data into the neo4j diagram database to build the vulnerability knowledge graph. By calculating the number of software associated with vulnerabilities, the CWE chain relationship is deduced, and the vulnerability knowledge graph constructed is used to conduct preliminary inference on the vulnerability scanning results, so as to obtain the hidden relationship between vulnerabilities and optimize the vulnerability scanning results.