Top 105 cve open source projects

Log4j Vulnerability Scanner for Windows

Check linux sources dump for known CVEs.

log4j2 remote code execution or IP leakage exploit (with examples)

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

No description or website provided.

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

Advisories and Proofs of Concept by BlackArrow

Public Disclosures

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

NVD/CVE as JSON files

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

漏洞研究

A simple framework for sending test payloads for known web CVEs.

Red Hat Dependency Analytics extension

Extensible framework for analyzing publicly available information about vulnerabilities

Modified Nuclei Templates Version to FUZZ Host Header

Apache HTTP Server 2.4.49, 2.4.50 - Path Traversal & RCE

A collection of my public security advisories.

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).

Some personal exploits/pocs

一些漏洞分析

Vulnerability database and package search for sources such as OSV, NVD, GitHub and npm.

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or Exp from Github by CVE ID.

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

Exploit for Pulse Connect Secure SSL VPN arbitrary file read vulnerability (CVE-2019-11510)

The knife of the Admin & Security auditor

👮 Security advisories of Nextcloud

Open-Source Vulnerability Intelligence Center - Unified source of vulnerability, exploit and threat Intelligence feeds

REST API backend for Reconmap

CVE-2021-27928 MariaDB/MySQL-'wsrep provider' 命令注入漏洞

radare2 IO plugin for Linux and Android. Modifies files owned by other users via dirtycow Copy-On-Write cache vulnerability

Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam

Multi source CVE/exploit parser.

汽车/安卓/固件/代码安全测试工具集

Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities...

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

威胁情报播报（停止运营）

Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!

A simple Java command-line utility to mirror the entire contents of VulnDB.

Hourly updated database of exploit and exploitation reports

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.

Extraction of iMessage Data via XSS