One of the websites I use frequently for penetration testing is CVE details (https://www.cvedetails.com) because of the cleanly displayed output and its easy search functionality. For example, a quick search engine search for glibc 2.23 vulnerabilities displays CVE detail's website and provides a quick URL to get exactly the information I'm looking for: https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-767/version_id-195303/GNU-Glibc-2.23.html. Once on the site, I can see whether there are any related publicly available exploits, or I can gather further information for more targeted searches for well-vetted exploits.

As far as analysis goes, you may or may not need to prove a vulnerability actually exists, so developing a Proof of Concept (PoC) may be a necessary part of our analysis.