Open-source projects categorized as Cve | Edit details

Top 23 Cve Open-Source Projects

  • faraday

    Collaborative Penetration Test and Vulnerability Management Platform (by infobyte)

    Project mention: Recommendation for Vulnerability Management Solution | | 2022-04-08


  • cve

    Gather and update all available and newest CVEs with their PoC.

    Project mention: PoC available for CVE's | | 2022-03-31 this repo might have what you want

  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.


    A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

  • opencve

    CVE Alerting Platform

    Project mention: Is there an open source project for the firewalls advisories | | 2022-05-09
  • CVE-2021-4034

    PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034) (by arthepsy)

    Project mention: pkexec (CVE-2021-4034) - local privilege escalation on all versions on Linux | | 2022-01-28
  • CVE-2021-44228-PoC-log4j-bypass-words

    🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

    Project mention: Log4Shell Update: Severity Upgraded 3.7 -> 9.0 for Second log4j Vulnerability (CVE-2021-45046) | LunaSec - v2.15 of Log4j has an RCE | | 2021-12-17

    WAF is also playing whackamole given all the ways to bypass simple rules

  • WebMap

    WebMap-Nmap Web Dashboard and Reporting

    Project mention: nmap xsl stylesheet ... but pretty? | | 2022-04-13

    What kind of info do you need to display? Zenmap can import Nmap scan results and shows the results in several different tabular formats. There are lots of programming language libraries and plugins for loading and processing Nmap results. Ndiff is one for Python 2, but you can usually find one in any language you are comfortable with. Loading the results into a database might be better if you want to be able to produce reports based on the results. Tools like Dradis and WebMap can do this automatically.

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • PocOrExp_in_Github

    聚合Github上已有的Poc或者Exp,CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

    Project mention: List of public collections of PoCs on github to learn from 🍻🇺🇸❤ | | 2021-12-16
  • sarenka

    OSINT tool - gets data from services like shodan, censys etc. in one app

    Project mention: SARENKA - an OSINT tool that gets data from services like Shodan, censys, etc. in one app | | 2022-05-15 There you go Karen

  • vulnerablecode

    A work-in-progress towards a free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet for Chat at Docs at

  • CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera

    🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337

    Project mention: CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera: 🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337 | | 2022-03-28
  • vulnix

    Vulnerability (CVE) scanner for Nix/NixOS.

    Project mention: What Are Your Most Used Self Hosted Applications? | | 2022-05-04

    Initially I spent a lot of time as I used it as an opportunity to learn Nix/NixOS. I used Nix intentionally as it's a rolling release and also it's declarative and intended for reproducible deployments, so I don't need to deal with an OS like Ubuntu that slowly gets crufty and out of date and needs a clean-up or upgrade or complete re-install. And if I do need to re-install, it should be mostly a one-liner.

    For security there are these scanners:

    I also run all services in docker and my network uses VLANs behind an OPNSense firewall. I use Wireguard as a pinch point into my network to access most services. So I'm not too worried about the security aspect.

    Upgrading on Nix is pretty easy - just bump your lock file and it will get the latest packages, assuming you are on the unstable channel. But unstable does break on occasion. You an also use the latest stable release of Nix and selectively choose unstable packages, which is probably the way to go. I rarely need to fix anything - it's pretty stable. It only starts eating time when I want to add or upgrade some element to the system, but I always make sure to never do any action that isn't captured in Nix config and backed up, so that I don't have to come back and figure out what exactly I did or how something works again. It's been fine. Nix has a pretty steep learning curve, but considering its power, I think it's absolutely worth it.

  • sbt-dependency-check

    SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:

    Project mention: Security Vulnerability Scanning for Scala | | 2021-05-23
  • cve_searchsploit

    Search an exploit in the local exploitdb database by its CVE

    Project mention: How to find information about any type of CVE and use it to exploit against other machines? | | 2022-03-17
  • web-cve-tests

    A simple framework for sending test payloads for known web CVEs.

  • arch-security-tracker

    Arch Linux Security Tracker

    Project mention: No arch-security emails for 3 months | | 2022-04-10

    The project is on github.

  • SpringShell

    Spring4Shell - Spring Core RCE - CVE-2022-22965

    Project mention: Spring Core on JDK9 is vulnerable to remote code execution | | 2022-03-30

    I'll ask my engineers to post the one he wrote. He did put more details into the article, so go check that. Here is a repo with a POC though:

  • cvehound

    Check linux sources dump for known CVEs.

    Project mention: Kubernetes Security Checklist 2021 | | 2021-10-18

    It is recommended to regularly update the OS kernel version (CVEhound)

  • BotPEASS

    Use this bot to monitor new CVEs containing defined keywords and send alerts to Slack and/or Telegram.

    Project mention: Best way to be informed of latest CVE/vulnerabilities ? | | 2021-06-09

    You could also use this gentleman's amazing work

  • security

    Collection of CVEs from Sick Codes, or collaborations on security research & advisories. (by sickcodes)

  • freshermeat

    An open source software directory and release tracker.

    Project mention:, 1997-2014 | | 2022-03-07

    Freshmeat was really great. I was a consumer and producer of data. I remember well the announcement of the death of Freshmeat.

    This is partly why I did Freshermeat [1]. I am operating an instance dedicated to security projects [2] where you can submit projects.


  • debcvescan

    Debian CVE Scanner is self-contained CVE scanner for DEBIAN distributions written in golang.

    Project mention: Debian/Ubuntu changelog?? | | 2022-01-13

    So I wrote a thorough checkmk local check script to report on patch state, and we were able to then pull reports straight out of our monitoring system. You can see a lobotomised version of said script here. When it came time for me to apply the same work to Debian/Ubuntu, I found that ecosystem to be somewhat brutally lacking compared to the RHEL world. You can see in that script that I mention debsecan, and for Ubuntu you'd need to pair it with ust2dsa. What I don't clearly mention in that script, though I hinted at it, is that I was exploring a way to parse Ubuntu's security JSON feeds... and it looks like Canonical started doing that themselves with their in-house cvescan tool. There's also the debcvescan tool for the Debian world.

  • BSOD-Windows-10-Proof-of-Concept-

    A bug in Windows 10 causes the operating system to crash with a Blue Screen of Death simply by opening a certain path in a browser's address bar or using other Windows commands

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-05-15.

Cve related posts


What are some of the best open-source Cve projects? This list will help you:

Project Stars
1 faraday 3,327
2 cve 2,750
4 opencve 1,056
5 CVE-2021-4034 853
6 CVE-2021-44228-PoC-log4j-bypass-words 759
7 WebMap 531
8 PocOrExp_in_Github 403
9 sarenka 399
10 vulnerablecode 261
11 CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera 251
12 vulnix 225
13 sbt-dependency-check 225
14 cve_searchsploit 124
15 web-cve-tests 116
16 arch-security-tracker 104
17 SpringShell 92
18 cvehound 78
19 BotPEASS 57
20 security 44
21 freshermeat 14
22 debcvescan 6
23 BSOD-Windows-10-Proof-of-Concept- 3
Find remote jobs at our new job board There are 7 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives