Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds

Generate MITRE ATT&CK and D3FEND from a list of CVEs. Database with CVE, CWE, CAPEC, MITRE ATT&CK and D3FEND Techniques data is updated daily. Showcased at BlackHat Europe 2025 Arsenal.

Daily archiver & triage issue creator for new releases of CISA's Known Exploited Vulnerabilities list

Replace 7+ tools with a single AST-powered scanner that finds 55+ vulns, enforces 150+ quality rules, applies 179+ auto-fixes, and ships SARIF for GitHub Code Scanning—100% local, zero telemetry.

"Linking Threat Tactics, Techniques, and Patterns with Defensive Weaknesses, Vulnerabilities and Affected Platform Configurations for Cyber Hunting" by Erik Hemberg, Jonathan Kelly, Michal Shlapentokh-Rothman, Bryn Reinstadler, Katherine Xu, Nick Rutar, Una-May O'Reilly

Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.

Vulnogram is the tool for reserving, managing, and publishing CVEs. Get started at vulnogram.org or deploy Docker edition for full enterprise features.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

A small python script that enriches Vulnerability STIX Objects with other intel

BRS-KB is an open XSS knowledge base with context-aware vulnerability writeups, attack examples, defenses, and SIEM-ready metadata. Ideal for enriching scanners, reports, and training pipelines.

A tiny crate to access a strongly typed common weakness enumeration (cwe) object. Everything is ready to use at compile time, no further setup or network calls at runtime are required.

A tool to fetch CVE and CPE data (including match criteria) from NIST's NVD API, along with CWE data from MITRE.

DetectiveAttacks aims to simplify the process of mitigating cyber attacks directed toward digital infrastructure.

A teaching repository showcasing common security vulnerabilities (CVEs) and their mitigations. Features real-world examples from TypeScript, Python, Java, etc with CWE/OWASP mappings. All code is intentionally inert for safe learning.

A small script that creates relationships between common CTI knowledge-bases in STIX 2.1 format.

AI-powered browser-based vulnerability scanner using UniXcoder embeddings and RAG with LLM to detect security flaws across 9 languages.

Continuously secure an application across the entire lifecycle using DevSecOps principles.

National Vulnerability Database (NVD) implemented by rust

Python API for vFeed Vulnerability & Threat Intelligence Database Enterprise & Pro Editions