opencve/opencve
OpenCVE is an open-source Vulnerability Intelligence Platform designed to help security teams monitor, filter, and manage CVEs efficiently. It aggregates vulnerability data from multiple authoritative sources including MITRE, NVD, RedHat, and Vulnrichment, providing a centralized hub for tracking security threats across your entire software stack. The platform allows you to subscribe to specific vendors and products, organizing your monitoring through projects and organizations. You can filter CVEs by vendor, product, CVSS score, KEV status, EPSS rating, CWE classification, publication date, and more. Complex filter combinations can be saved as reusable Views for quick access. OpenCVE supports custom tagging, user assignment, and status tracking so teams can collaboratively manage vulnerability triage workflows โ marking CVEs as under analysis, risk accepted, or assigned to specific developers. Alerts are delivered via email or webhook, with Slack and Teams integration planned. The platform generates daily reports per project and offers AI-powered report summaries highlighting priorities and immediate actions. Customizable dashboards with drag-and-resize widgets let you visualize CVE metrics per project, recent reports, and more. OpenCVE also features in-house AI enrichment that extracts associated vendors and products from CVE descriptions, ensuring comprehensive coverage even when authors omit explicit references. Available as a SaaS at opencve.io or self-hosted via Docker.
git clone https://github.com/opencve/opencve.git
Quick Start Example
# Clone and start OpenCVE with Docker
git clone https://github.com/opencve/opencve.git
cd opencve
# Copy and configure environment
cp .env.example .env
# Edit .env with your settings
# Start all services
docker compose up -d
# Create an admin user
docker compose exec web python manage.py createsuperuser
# Access the web interface
# Open http://localhost:8000 in your browser
# Import initial CVE data
docker compose exec web python manage.py import_cves