AboutCvekit

Cvekit aggregates CVE intelligence from 19+ public sources and normalises it into a single CTI-grade dataset with full per-field provenance.

This UI is a public, read-only dashboard. There is no user login — everything you see is aggregated from publicly available threat intelligence feeds. All backend calls are proxied through a server-side BFF; the API token never reaches your browser.

For programmatic access, see the FastAPI backend at /openapi.json (admin-token authenticated).

Upstream data sources19

Authoritative2 sources

NVD (NIST)Public domain cve.org JSON v5CC0 1.0

Enrichment4 sources

EPSS (FIRST.org)Public domain CISA KEVPublic domain OSV.dev (Google)CC-BY 4.0 GitHub Security AdvisoriesGHSA terms

Exploit intel3 sources

ExploitDBGPL-2.0 Metasploit FrameworkBSD-3-Clause nomi-sec PoC-in-GitHubCommunity

Vendor advisories5 sources

Red Hat CSAF 2.0Red Hat terms Microsoft MSRC CVRFMicrosoft terms Cisco PSIRT openVulnCisco terms Siemens ProductCERT CSAFSiemens terms Oracle CPU CSAFOracle terms

Threat intel4 sources

MITRE CWEPublic MITRE ATT&CKMITRE terms MISP Galaxy threat-actorCC-BY-SA CTID attack_to_cveApache 2.0

Regional1 source

ENISA EUVDEU public