GRC enrichment engine — maps CVEs to 74 compliance frameworks (EU CRA, NIS2, ISO 27001, GDPR, FedRAMP, etc.) via CWE/CPE matching. 67 frameworks, Go library + CLI. AGPL-3.0 licensed.

Client-side navigator that maps relationships across CVE, CWE, CAPEC, ATT&CK and D3FEND. Enter any security framework ID and instantly traverse the full chain: from vulnerability to weakness to attack pattern to technique to defense.

MITRE CWE as a Markdown graph

An explorer that allows you to see the multiple relationships of a CWE (and their details)

Payload collection for web application security testing

An AI-powered code vulnerability scanner in Python. It can scan code locally using Ollama or use cloud-based AI models via API. Built as an experiment in combining local and remote AI for security analysis.

A webapp showing current cybersecurity vulnerabilities and making them understandable for non-technical users.

A tiny crate to access a strongly typed common weakness enumeration (cwe) object. Everything is ready to use at compile time, no further setup or network calls at runtime are required.

OWASP Top 10 + CWE Top 25 security audit for Claude Code

Turn established vulnerability and weakness taxonomies into a Ghostwriter bulk-upload CSV.

This project provides a Python-based interface for accessing and interacting with the National Vulnerability Database (NVD) CVE data

Delta is an Exploit Discovery Tool designed to search for vulnerabilities based on CVE (Common Vulnerabilities and Exposures) or CWE (Common Weakness Enumeration)

AXIS-26 v0.0.1: risk-gated spec-driven development for AI coding agents. Includes the AXIS specification, Claude Code/Codex plugin, portable commands, lifecycle gates, EARS requirements, CWE checks, evals, and adapters for Cursor, Gemini CLI, and Aider.

Security audit & vulnerability analysis of a retail interactive kiosk system. Educational case study — CWE-798, CWE-312, CWE-200, CWE-78, CWE-276.

TypeScript client for the MITRE CWE API with a clean, chainable API. Supports weakness lookup, categories, views, and hierarchy navigation. Isomorphic (Node.js + browser), fully typed, and zero dependencies.

A reusable GitLab CI/CD template for automated security scanning, including secrets detection (Gitleaks, Trufflehog), dependency vulnerabilities (Trivy), SAST (Semgrep, SonarQube), DAST (OWASP ZAP), and a consolidated security dashboard. Include this in your gitlab-ci.yml for DevSecOps.

The Cybersecurity and Infrastructure Security Agency (CISA) is the United States federal civilian cybersecurity agency, part of the Department of Homeland Security.

Mirror of MITRE CWE

Just place of Template Yaml based on CWE

Solo red team web app pentest against OWASP Juice Shop (BeCode Mission 00, May 2026). 15 vulnerabilities documented (3 CRITICAL, 3 HIGH, 5 MEDIUM, 4 LOW) across 7/10 OWASP Top 10 categories. Manual exploitation, CVSS v3.1 + MITRE ATT&CK mapped, 47-page PDF + structured findings index.