Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time threat information, gain a competitive advantage, and stay informed about the latest trends.

Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.

A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.

🛡️ VIPER: Stay ahead of threats with AI-driven vulnerability intelligence. Prioritize CVEs effectively using NVD, EPSS, CISA KEV, and Google Gemini insights, all on an interactive dashboard

Build a CVE library with aggregated CISA, EPSS and CVSS data

KEV EPSS Data

An automated repo to track Nuclei template scanning capabilities against the CISA KEV.

Scraper for daily renewal of the Known Exploited Vulnerabilities Catalog by CISA

Exposure Likelihood Framework (ELF): A Python library for integrating and analyzing vulnerability data to improve management and prioritization.

Be notified whenever CISA updates their Known Exploited Vulnerabilities Catalog

Checks for vulnerabilities in NPM packages and report EPSS Scores for CVEs

batCAVE Security Data Lake daily reporting automation

A single JSON file with all CERT-FR ALE entries and their CVE data

U.S. CISA Known Exploited Vulnerabilities (KEV) catalog

Check CVSS v3.1 and EPSS scores for a given CVE ID and whether its in CISA KEV catalog

Portfolio showcase — static KEV/NVD dashboard. No issues or pull requests accepted. Download & run locally; baseline data included.

RAG chat API using open source cybersecurity data

VulnEye is an open-source tool that automatically fetches CVE data from NVD and CISA KEV feeds, matches vulnerabilities against a local asset inventory, and generates human-readable HTML reports. Ideal for vulnerability management practice, blue team projects, and security awareness demos.

PatchHound is an open source SBOM vulnerability scanner and report generator with image signing, verification, and automated alerts for secure software supply chains.

A React application for visualizing and managing software vulnerabilities. It features a modular component structure, custom hooks for fetching vulnerability data, and a dynamic table for displaying scan results.