Cyber attackers employ a variety of tactics and techniques to breach organisations’ security. To defend against these attacks, it’s important to understand how attackers exploit the vulnerabilities of a system. One way is to leverage the information contained in public repositories like the MITRE family. Recent literature on security uses natural language processing to link known vulnerabilities to attacks by their descriptions provided in these public repositories. It is still an open problem though which vulnerabilities expose the system to a known attack. This paper proposes a novel approach and a tool called VULDAT based on a sentence transformer (MiniLM) to recommend vulnerabilities from attack descriptions. To illustrate our approach and evaluate the tool’s performance, we have applied VULDAT to the information in the MITRE repositories. In particular, we have investigated which information on an attack predicts vulnerabilities with more accuracy and whether VULDAT is able to discover new links from attacks to vulnerabilities. Our results show that VULDAT performs best when it uses the information about an attack’s technique, reaching an F1 score of about 0.70. Adding further information on an attack (e.g., procedure) does not improve or even reduce its performance. After a manual inspection of the results, VULDAT discovered 275 links between attacks and vulnerabilities do not present in the MITRE web pages. We have finally discussed the implications of these results and suggested future work directions.