Repositories list

• Vultron

  Public
  Vultron is a protocol for Coordinated Vulnerability Disclosure

  prototypeprotocolvulnerability+ 8activitypubcvdvulnerability-reportsactivitystreams-vocabularyvulnerability-disclosurevulnerability-responsevulnerability-disclosure-policies+ 1

  Python

  •

  Other

  •5•17•13•2•Updated Feb 20, 2026Feb 20, 2026

• metasploit-framework

  Public
  CERT/CC's fork of Metasploit Framework in which we are tagging commits that include vulnerability IDs. The first commit for an ID we recognize gets the tag for…

  cvevulnerability-identificationcve-searchsploit+ 3cve-searchcvesvulnerability-intelligence

  Ruby

  •

  Other

  •15k•3•0•0•Updated Feb 19, 2026Feb 19, 2026

• SSVC

  Public
  Stakeholder-Specific Vulnerability Categorization

  vulnerabilityvulnerabilitiesdecision-trees+ 3vulnerability-managementdecision-supportprioritization

  Python

  •

  Other

  •42•173•109•6•Updated Feb 16, 2026Feb 16, 2026

• exploitdb

  Public
  CERT/CC's fork of the official Exploit Database repository in which we are tagging commits that include vulnerability IDs. The first commit for an ID we recogn…

  cvevulnerability-identificationcve-searchsploit+ 3cve-searchcvesvulnerability-intelligence

  C

  •

  GNU General Public License v2.0

  •1.9k•11•0•0•Updated Feb 12, 2026Feb 12, 2026

• kaiju

  Public
  CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite. This repository is the primary, canonical repository for …

  reverse-engineeringbinary-analysisghidra

  Java

  •

  Other

  •39•313•7•0•Updated Feb 11, 2026Feb 11, 2026

• VINCE

  Public
  VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordinated vulnerability disc…

  pythonapidjango+ 7coordinationcertcsirtvulnerabilityvulnerability-managementvulnerability-identificationpsirt

  Python

  •

  Other

  •28•89•29•4•Updated Feb 3, 2026Feb 3, 2026

• CERT-Guide-to-CVD

  Public
  Content for the CERT Guide to Coordinated Vulnerability Disclosure

  vulnerabilityvulnerability-managementvulnerability-analysis+ 6cvdvulnerability-reportsvulnerability-disclosurevulnerability-responsevulnerability-disclosure-policiesvulnerability-disclosure-program

  HTML

  •

  Other

  •11•12•16•1•Updated Feb 2, 2026Feb 2, 2026

• harbor

  Public
  An open source trusted cloud native registry project that stores, signs, and scans content.

  Go

  •

  Apache License 2.0

  •5.1k•0•0•1•Updated Jan 22, 2026Jan 22, 2026

• cert-uefi-parser

  Public
  CERT UEFI Parser for pypi

  Python

  •

  Other

  •2•0•0•0•Updated Jan 8, 2026Jan 8, 2026

• cert-uefi-support

  Public
  CERT/CC Fork of UEFI Support for release and lifecycle

  C

  •

  Other

  •1•0•0•0•Updated Dec 23, 2025Dec 23, 2025

• pharos

  Public
  Automated static analysis tools for binary programs. This is a "mirror"; please file tickets, bug reports, or pull requests at the upstream home in @cmu-sei: ht…

  C++

  •

  Other

  •209•7•0•1•Updated Dec 18, 2025Dec 18, 2025

• certfuzz

  Public archive
  This project contains the source code for the CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).

  certfuzzingfuzz-testing+ 2foebff

  Python

  •

  Other

  •55•272•0•0•Updated Jul 30, 2025Jul 30, 2025

• cveClient

  Public
  A client and library to cve-services 2.x to provide CVE management for CNA and CERTs

  JavaScript

  •

  Other

  •9•28•0•1•Updated Jul 30, 2025Jul 30, 2025

• .github

  Public
  0•0•0•0•Updated Jun 13, 2025Jun 13, 2025

• labyrinth

  Public
  Come inside, and have a nice cup of tea.

  Other

  •41•109•13•1•Updated May 13, 2025May 13, 2025

• git_vul_driller

  Public
  Drills through git commit histories to find vulnerability IDs in change logs.

  Jupyter Notebook

  •

  MIT License

  •3•5•1•0•Updated Apr 16, 2025Apr 16, 2025

• PKfail

  Public
  Mitigations & detection tools for VU#455367

  uefivulnerability

  PowerShell

  •

  BSD 2-Clause "Simplified" License

  •0•4•1•0•Updated Dec 20, 2024Dec 20, 2024

• PoC-Exploits

  Public archive
  Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.

  exploitspocvulnerabilities

  Python

  •

  BSD 3-Clause "New" or "Revised" License

  •48•192•0•0•Updated May 15, 2024May 15, 2024

• tapioca

  Public archive
  CERT Tapioca for MITM network analysis

  mitmhttp-proxytapioca+ 5wiresharkmitmproxytransparent-proxyssl-inspectionssl-interception

  Python

  •

  Other

  •25•185•0•0•Updated May 15, 2024May 15, 2024

• metasploit_json_parser

  Public archive
  Parser for the JSON database included in metasploit-framework that emits a CSV file of modules keyed by vulnerability IDs and references. NOTE: Superseded by gi…

  metadatathreatintelmetasploit-framework+ 6vulnerability-assessmentmetasploitthreat-intelligencemetasploit-framework-databasevulnerability-researchmetasploit-automation

  Python

  •

  MIT License

  •0•2•0•2•Updated May 15, 2024May 15, 2024

• Vulnerability-Data-Archive-Tools

  Public archive
  Tools for working with the CERT Vulnerability Data Archive. See also https://github.com/CERTCC/Vulnerability-Data-Archive

  pythonvulnerability-data

  Python

  •

  Other

  •12•21•0•0•Updated May 14, 2024May 14, 2024

• Vulnerability-Data-Archive

  Public archive
  With the hope that someone finds the data useful, we used to periodically publish an archive of almost all of the non-sensitive vulnerability information in our…

  threatcertvulnerability+ 7threatintelcvethreat-analysisthreat-intelligencevulnerability-reportvulnerability-datavulnerability-notes

  Other

  •21•96•0•0•Updated May 14, 2024May 14, 2024

• vulnerability_disclosure_policy_templates

  Public archive
  A collection of templates for generating vulnerability disclosure policies. (NOTE: As of 2024, these templates are now part of the CERT Guide to Coordinated Vul…

  vulnerabilitydisclosurecvd-policy+ 3vulnerability-disclosuredisclosure-policyvulnerability-disclosure-policies

  MIT License

  •3•9•0•0•Updated Apr 25, 2024Apr 25, 2024

• SBOM

  Public
  Examples and proof-of-concept for Software Bill of Materials (SBOM) code & data

  bill-of-materialssbomsbom-generator

  JavaScript

  •

  MIT License

  •18•66•2•0•Updated Apr 8, 2024Apr 8, 2024

• keyfinder

  Public archive
  A tool for finding and analyzing private (and public) key files, including support for Android APK files.

  Python

  •49•276•0•0•Updated Nov 7, 2022Nov 7, 2022

• CVE-2021-44228_scanner

  Public archive
  Scanners for Jar files that may be vulnerable to CVE-2021-44228

  PowerShell

  •

  BSD 2-Clause "Simplified" License

  •86•350•0•0•Updated Mar 23, 2022Mar 23, 2022

• Linux-Kernel-Analysis-Environment

  Public archive
  Container-based environment for debugging and analyzing Linux kernels using QEMU and GDB

  Shell

  •

  MIT License

  •3•5•0•0•Updated Nov 4, 2021Nov 4, 2021

• Syzbot-Repro-Runner

  Public archive
  Automatically build and run a custom kernel and crasher from a syzbot report

  Python

  •

  MIT License

  •1•1•0•0•Updated Nov 4, 2021Nov 4, 2021

• UEFI-Analysis-Resources

  Public archive
  Documentation, examples, and other resources regarding analyzing EDK2 based UEFI firmware

  PHP

  •

  MIT License

  •1•6•0•0•Updated Nov 4, 2021Nov 4, 2021

• autocats

  Public
  AUTOCATS is the automated code analysis testing suite, used by projects like CERT Kaiju.

  C++

  •4•1•0•0•Updated Oct 19, 2021Oct 19, 2021