Ongoing project
Security Tooling · Python / Flask

Vulnerability Triage System

A self-hosted platform for triaging and reporting on vulnerabilities pulled from the National Vulnerability Database — augmented with CISA KEV, EPSS exploit-probability scores, and GitHub Security Advisories.

What it does

Overview

TypeSecurity tooling
StackPython · Flask
DataNVD · KEV · EPSS · GHSA
StorageSQLite · WAL
LiveServer-Sent Events
StatusOngoing

Built for analysts who run vulnerability assessments across multiple scopes (clients, environments, projects), it pulls CVEs from NVD, scores them by exploitability and impact, and produces focused, evidence-rich reports — without the noise of generic CVE feeds.

A separate Threat Landscape view aggregates ransomware activity, vendor advisories, security news and community chatter, while an optional background poller re-runs triage on a schedule and alerts you the moment something high-priority lands.

Screens

Screenshots

click any image to enlarge

Dashboard — live scan & KPIs01
Dashboard — live scan and KPI insights
Results + CVE detail drawer02
Results list with CVE detail drawer
Threat briefing — overview03
Threat briefing — landscape overview
Recently exploited — KEV & trending04
Recently exploited — KEV and trending CVEs
Vendor advisories — PSIRT feeds05
Vendor PSIRT advisories
Security newsroom — RSS06
Security newsroom RSS
Ransomware victim watch07
Ransomware victim watch
Features

Key features

  • Composite triage scoring — a priority score from four signals: CVSS base score, CISA KEV membership, EPSS probability, and RCE/exploit description heuristics.
  • Flexible filtering — severity band, CVSS & EPSS range, KEV-only mode, CVE-ID range, and profile-defined product targets.
  • Live SSE streaming — results populate the dashboard mid-scan as each NVD page is fetched and triaged.
  • Gap-aware SQLite cache — overlapping scans only request the missing window; the trailing 30 minutes is always refreshed.
  • GHSA augmentation — GitHub advisories are normalized into the NVD shape, deduped by CVE ID, and surfaced only where NVD missed them.
  • Insights & charts — six KPI cards over six Chart.js visualisations, including a CVSS × EPSS risk matrix with KEV highlighted.
  • Per-CVE triage state — Open / Investigating / Patched / False-positive, persisted locally across sessions.
  • Report scoping via profiles — named scopes whose metadata is baked into the CSV export header.
  • Threat Landscape — ransomware groups & victims, vendor PSIRT advisories, security-press RSS, Reddit chatter, recent KEV, and trending CVEs.
  • Background poller — re-runs triage on a schedule and fires a native macOS notification when a new finding crosses your threshold.
  • Hardened by default — stdlib-only OWASP-aligned controls: rate limiting, CSRF tokens, strict input validation, hardening headers, server-side secrets.
Stack

Tech & data sources

Backend
PythonFlask · 4 modules stdlib-only securityrequests
Frontend
Jinja partialsModular CSS/JS No build stepServer-Sent Events Chart.js
Persistence
SQLite · WALGap-aware cache Browser localStorage
Data sources
NVD CVE 2.0EPSS · FIRST.org CISA KEVGitHub Advisories
Back to portfolio Next project: Meridian