A utility to help security practitioners explore publicly known information about vulnerabilities. Born out of a curiousity to understand the relationship between CVEs, CWEs, CVSS, and EPSS, this tool aims to explain related info and aid when investigating vulnerabilities.
This will start the client and support Node.js API routes.
npm install
npm run devMight need to select npm version with nvm first:
nvm use --ltsStart the API (Windows)
cd api
python -m venv .
.\Scripts\Activate
pip install -r requirements.txt
uvicorn main:app --reloadIf you encounter [WinError 10013] An attempt was made to access a socket in a way forbidden by its access permissions, then you likely
already have something running on default port 8000.
uvicorn main:app --reload --port 9000Start the API (Linux/MacOS)
cd api
fastapi run main.py(Coming soon...)
Explain, what is:
- CVE
- CVSS
- CWE
- EPSS
Good place to start -> https://www.balbix.com/insights/whats-the-difference-between-cve-and-cvss/
Data comes from the OpenCVE API: https://docs.opencve.io/api/cve/#get-cvestringid
Ref: https://www.first.org/cvss/v3.1/specification-document
- Base Metric Group
- Temporal Metric Group
- Environmental Metric Group
EPSS API
NVD APIs
- CVE, CPE API announcement: https://nvd.nist.gov/general/News/New-NVD-CVE-CPE-API-and-SOAP-Retirement
- NIST CVE API: https://nvd.nist.gov/developers/vulnerabilities