cve
CVE is an automated repository that aggregates publicly available CVE proof-of-concepts (PoCs) from multiple sources, organized by year. It uses workflows to gather CVE details, search for PoC references, and filter results into searchable markdown files.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | trickest/cve |
| Owner | trickest |
| Primary language | HTML |
| License | MIT — OSI-approved |
| Stars | 7.9k |
| Forks | 976 |
| Open issues | 20 |
| Latest release | Unknown |
| Last updated | 2026-07-08 |
| Source | https://github.com/trickest/cve |
What cve is
The project automatically collects CVE data from CVEProject/cvelist, searches GitHub and references for PoCs using ffuf and keyword matching, and generates year-organized markdown documentation with version badges via shields.io. Results are deduplicated and filtered against a blacklist to reduce false positives.
Get the cve source
Clone the repository and explore it locally.
git clone https://github.com/trickest/cve.gitcd cve# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- The repository contains links and references to external PoCs; accessing and executing them carries inherent risk and legal liability—ensure proper authorization and legal review before use.
- Data quality depends on the accuracy of the automated workflow (ffuf regex matching, GitHub searches, blacklist filtering). Manual spot-checks recommended before relying on findings.
- Last push timestamp shows active maintenance, but no formal release versioning exists; treat updates as continuous with no stability guarantees.
- Primary language is HTML; the markdown files are human-readable but custom tooling or scripts are needed for programmatic access and filtering.
- Blacklist-based false positive filtering is present but not transparent; misclassification risk remains, particularly for edge-case CVE descriptions.
When to avoid it — and what to weigh
- Requiring Proprietary or Premium Exploit Data — This repository contains only publicly available PoCs. If you need zero-day exploits or commercial-grade vulnerability intelligence with validation guarantees, this is insufficient.
- Expecting Verified or Tested Exploits — The workflow is automated and results are filtered but not manually verified for functionality. PoCs may be outdated, broken, or incomplete; each must be independently validated before use.
- Needing Integration into a Centralized Platform — This is a static repository of markdown files with no API, database, or integration framework. Pulling data requires parsing markdown or using custom scripts.
- Using in Restricted or Regulated Environments — Organizations in strict compliance regimes may face policy restrictions around hosting or using publicly available exploit collections without formal security assessment.
License & commercial use
Licensed under MIT (Massachusetts Institute of Technology License), a permissive open-source license.
MIT is a permissive OSI-approved license that permits commercial use, modification, and distribution with minimal restrictions. However, the repository contains references to and links toward third-party PoC code; commercial users must ensure compliance with the licenses of those external resources. No indemnification or liability protection is provided by the MIT license itself.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Possible |
| Assessment confidence | High |
This repository indexes publicly available exploits and attack vectors. Use carries inherent risk: PoCs may be malicious, outdated, or environment-dependent. Executing any PoC without proper isolation, authorization, and legal review poses security and legal exposure. No attestation of PoC accuracy or safety is provided. Organizations should treat this as a research reference, not a production tool, and implement strict access controls and code review before any use.
Alternatives to consider
ExploitDB (Offensive Security)
Curated, manually reviewed exploit collection with filtering by platform, type, and date; higher confidence in quality but requires subscription for full access.
National Vulnerability Database (NVD) + Custom Crawling
Authoritative CVE source with structured data and reference tracking; no integrated PoC collection, but enables building a custom aggregation with more control over data validation.
Metasploit Framework
Comprehensive exploit framework with built-in modules, testing infrastructure, and professional support; more heavyweight but provides execution and validation environment.
Build on cve with DEV.co software developers
This repository is best suited as a research reference for penetration testing and red team operations. For production vulnerability management, audit third-party PoC licenses and implement rigorous code review. Contact our team to discuss integration into a secure development or security operations platform.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
cve FAQ
Can I use this repository in a production security tool or product?
How current is the CVE data?
What if I find a broken or malicious PoC link?
Can I download all CVE data and host it offline?
Work with a software development agency
Need help beyond evaluating cve? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source security integrations — and maintain them long-term.
Evaluate CVE PoC for Your Security Workflow
This repository is best suited as a research reference for penetration testing and red team operations. For production vulnerability management, audit third-party PoC licenses and implement rigorous code review. Contact our team to discuss integration into a secure development or security operations platform.