A friendly vulnerability tracking system for those interested in cybersecurity.
Search, manage, and analyze Common Vulnerabilities and Exposures (CVE) with a modern, dark-themed web interface.
Features β’ Quick Start β’ Documentation β’ Demo
Search, filter, and manage CVEs with color-coded severity indicators
Key Features Shown:
- π Advanced search with product/vendor filtering
- π CVSS score sorting (ascending/descending)
- π― Critical-only filter (CVSS β₯ 9.0)
- π¨ Color-coded severity badges (Red: Critical, Orange: High, Yellow: Medium, Green: Low)
- β Create new CVE records
- π₯ Export to CSV with column selection
- πΎ 6 sample CVEs included (vsftpd, OpenSSH, Apache, sudo, WordPress, nginx)
- Multi-mode search: CVE ID, product/vendor name, or keywords
- Smart filtering: Show only critical vulnerabilities (CVSS β₯ 9.0)
- Flexible sorting: By CVSS score or CVE ID (ascending/descending)
- Real-time results: Instant search with color-coded severity indicators
- Full CRUD operations: Create, read, update, and delete CVE records
- Reference link management: Add, edit, and remove reference URLs dynamically
- Detailed view: Complete vulnerability information at a glance
- CVSS color coding: Visual severity indicators (Critical, High, Medium, Low)
- Automated import: Fetch CVEs directly from NVD (National Vulnerability Database)
- Smart caching: Local JSON caching for improved performance
- Idempotent updates: Safe to run imports multiple times
- CSV export: Export search results with customizable column selection
- Cybersteps-themed design: Clean dark theme with cyan accents
- Responsive layout: Works on desktop, tablet, and mobile
- Intuitive UI: Clean, modern interface built with React
- Interactive modals: Smooth forms for creating and editing CVEs
- Python 3.8+
- Node.js 16+ and npm
Check your setup:
python --version
node --versionPrerequisites:
1. Clone the repository
git clone https://github.com/ZakariaHn/cve-tracker.git
cd cve-tracker2. Start the application
# Windows
.\scripts\start.ps1The startup script automatically:
- β Creates Python virtual environment
- β Installs all dependencies
- β Seeds database with sample data
- β Starts backend server (port 8000)
- β Starts frontend dev server (port 5173)
3. Open in browser
Navigate to http://localhost:5173
| Document | Description |
|---|---|
| docs/QUICK_START.md | Complete setup guide (5 minutes) |
| docs/IMPORT_GUIDE.md | Import real CVE data from NVD |
| docs/ADVANCED_FEATURES.md | CRUD operations, export, filtering |
| docs/AI_ASSISTED_DEVELOPMENT.md | AI-assisted development process |
| docs/STRUCTURE.md | Project structure reference |
By Product/Vendor:
vsftpd 3.0.3
Apache HTTP Server
OpenSSH
By CVE ID:
CVE-2023-1234
CVE-2024-5678
# Activate virtual environment
.\venv\Scripts\Activate.ps1
# Import from NVD
python scripts/import_cves.py- Perform a search
- Apply filters (optional)
- Click "Export CSV"
- Select columns to include
- Download the file
cve-tracker/
βββ app/ # Backend (FastAPI)
βββ frontend/ # Frontend (React + Vite)
βββ scripts/ # Utility scripts
βββ docs/ # Documentation
βββ data/ # Data directory
π Detailed Structure: See docs/STRUCTURE.md for complete visual tree.
- FastAPI - Modern Python web framework
- SQLAlchemy - SQL toolkit and ORM
- Pydantic - Data validation
- Uvicorn - ASGI server
- SQLite - Lightweight database
- NVD API - National Vulnerability Database
| Method | Endpoint | Description |
|---|---|---|
GET |
/search |
Search CVEs with filters and sorting |
GET |
/cves/{cve_id} |
Get detailed CVE information |
POST |
/cves |
Create a new CVE record |
PUT |
/cves/{cve_id} |
Update an existing CVE |
DELETE |
/cves/{cve_id} |
Delete a CVE |
GET |
/export.csv |
Export CVEs to CSV |
Interactive API Docs: http://localhost:8000/docs (when running)
CREATE TABLE cves (
id INTEGER PRIMARY KEY AUTOINCREMENT,
cve_id VARCHAR UNIQUE NOT NULL,
description TEXT NOT NULL,
cvss_score REAL NOT NULL,
product_vendor VARCHAR NOT NULL
);CREATE TABLE reference_links (
id INTEGER PRIMARY KEY AUTOINCREMENT,
cve_id VARCHAR NOT NULL,
url VARCHAR NOT NULL,
FOREIGN KEY (cve_id) REFERENCES cves(cve_id) ON DELETE CASCADE
);| Range | Severity | Color |
|---|---|---|
| 9.0 - 10.0 | Critical | π΄ Red |
| 7.0 - 8.9 | High | π Orange |
| 4.0 - 6.9 | Medium | π‘ Yellow |
| 0.1 - 3.9 | Low | π’ Green |
# Activate virtual environment
.\venv\Scripts\Activate.ps1 # Windows
# Simple table view
python scripts/view_database.py
# Or use Python one-liner for custom queries
python -c "import sqlite3; conn = sqlite3.connect('cve_tracker.db'); cursor = conn.cursor(); cursor.execute('SELECT cve_id, product_vendor, cvss_score FROM cves ORDER BY cvss_score DESC'); [print(f'{row[0]} | {row[1]} | CVSS: {row[2]}') for row in cursor.fetchall()]; conn.close()"- Windows: Reinstall and check "Add to PATH"
# Windows
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser# Find process using port 8000
netstat -ano | findstr :8000
# Kill the process
taskkill /PID <number> /F# Reset database
Remove-Item cve_tracker.db
python scripts/seed_data.pyMore help: See troubleshooting section in docs/QUICK_START.md
This is a learning project built to demonstrate:
- Full-stack development with Python (FastAPI) and React
- Working with external APIs (NVD)
- Database design and ORM usage
- Modern web application architecture
- CVE tracking and cybersecurity concepts
Feel free to use this as a reference or learning resource! π
This project is licensed under the MIT License - see the LICENSE file for details.
- NVD (National Vulnerability Database) for providing CVE data
- CVE Program for maintaining the CVE system
- Cybersteps for project inspiration and training
Guided by intent π§ , planned with care πβοΈ, brought to life through careful automation π€
See AI-Assisted Development Process for transparency about the development methodology.