Latest CVEs with their Proof of Concept exploits.
AI Analysis
This repository curates and tracks the latest publicly disclosed CVE vulnerabilities along with their proof-of-concept exploits, serving as a centralized reference for security researchers, penetration testers, and incident responders. It is best used as a real-time vulnerability aggregator for understanding current threat landscapes and testing defensive measures in controlled environments. This tool is primarily for security professionals and organizations conducting vulnerability assessmen...
Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.
AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.
Curated index of recent CVE exploits and PoCs from GitHub repositories
This project automatically indexes publicly disclosed Proof-of-Concept exploits for recently published CVEs by aggregating links to GitHub repositories. It serves as a rapid-discovery aggregator for security researchers, incident responders, and penetration testers who need to quickly locate working exploit code for newly announced vulnerabilities. The project functions as a metasearch layer rather than a novel exploit repository — its value lies in curation and freshness, not original tooling.
Created May 2024, the project emerged during an era of accelerated exploit publication on GitHub. It capitalizes on the pattern that legitimate exploit code is increasingly published openly by security researchers, commercial firms, and CTF participants within hours of CVE disclosure.
Modest but consistent growth (1,333 stars, 164 forks) with 12 stars in the last 7 days suggests stable, low-momentum adoption. The project was last pushed today (2026-07-04), indicating active maintenance. Growth appears driven by demand from the security community for a centralized index rather than continuous feature innovation.
Adoption not verified through explicit case studies or organizational testimonials. However, the consistent star accumulation, existence of similar high-star competitors (trickest/cve with 7,912 stars, nomi-sec/PoC-in-GitHub with 7,876 stars), and the project's basic utility suggest it likely has organic use among security practitioners. The lower star count relative to competitors may reflect timing (created later) or differentiation rather than lack of adoption. No evidence of institutional or commercial deployment.
Based on README, the project appears to be a Python-based table-generation tool that periodically scrapes GitHub for repositories matching CVE patterns and formats them as markdown tables sorted by recency and star count. Likely uses GitHub API to fetch repository metadata. The 2026 and 2025 sections suggest automated refresh cycles that capture recently updated repositories.
Not documented in README.
Last push 2026-07-04 10:22:28 (same day as analysis date) indicates active, recent maintenance. Repository is 14+ months old and remains actively maintained. No evidence of stalled development. The consistent presence of 2026 CVE entries in the README suggests the automation is functioning and being refreshed regularly.
ADOPT IF: you need rapid discovery of recently published CVE exploits on GitHub and prefer a human-readable markdown format over structured data; you are a security researcher or incident responder who values freshness and simplicity over comprehensiveness. AVOID IF: you require guaranteed accuracy, historical depth, or structured machine-readable CVE metadata — existing competitors like nomi-sec/PoC-in-GitHub and trickest/cve are larger and likely more mature. MONITOR IF: you use it for threat hunting and need to verify it remains actively updated — its maintenance depends on continued automation and GitHub API availability; no explicit SLA or reliability promise is documented.
Independent dimensions
Mainstream potential
3/10
Technical importance
4/10
Adoption evidence
4/10
- No explicit statement of update frequency or SLA — reliance on automation without documented refresh guarantees may create blind spots in critical environments.
- No verification mechanism for exploit validity or safety — indexing does not imply tested, non-malicious, or functional code; users must audit each PoC independently.
- Competitive market with substantially larger projects (7,800+ stars) offering similar functionality — may struggle to differentiate or sustain differentiation over time.
- GitHub API rate limits and policy changes could impact data freshness or availability without advance notice.
- No documented curation standards, inclusion/exclusion criteria, or quality gates — unclear what prevents spam or typosquatting repositories from being indexed.
Likely to remain a viable but non-dominant niche tool serving researchers who prefer this format and curation approach. Unlikely to displace established competitors without clear differentiation (e.g., additional metadata, verification, cross-source aggregation). May consolidate or be absorbed by a broader security platform.
Newsletter
Get analyses like this every Monday
Free weekly digest of the most interesting open-source discoveries.
Languages
Information
- Website
- https://cve.codepwn.win/
- Language
- Python
- License
- MIT
- Last updated
- 12h ago
- Created
- 26mo ago
- Analyzed with
- anthropic/claude-haiku-4-5
Stars over time
Contributors over time
Top 100 contributors only — repos with more will plateau at 100.
Open issues
No open issues — clean slate.
Open pull requests
No open pull requests.
Top contributors
Recent releases
No releases published yet.
Similar repos
ycdxsb/PocOrExp_in_Github
This project automatically aggregates proof-of-concept (POC) and exploit (EXP)...
nomi-sec/PoC-in-GitHub
PoC-in-GitHub is an automated collection tool that gathers proof-of-concept...
| Repository | Stars | Week Δ | Language | Score | Updated |
|---|---|---|---|---|---|
|
|
1.3k | +8 | Python | 6/10 | 12h ago |
|
|
7.9k | — | HTML | 7/10 | 1d ago |
|
|
3.8k | — | Python | 6/10 | 6d ago |
|
|
2.8k | — | Python | 8/10 | 2d ago |
|
|
1.2k | — | Python | 7/10 | 11h ago |
|
|
7.9k | — | — | 6/10 | 13h ago |
Substantially larger, likely covers broader CVE range and historical depth. This project appears to emphasize recency and is ~2 years newer; serves similar niche but with less established network effect.
Larger competitor with different format. Trickest also indexes CVE exploits but may have additional features or better SEO visibility. This project's Python base and markdown tables represent a stylistic alternative.
Broader CVE database with structured data; this project is narrower (PoC-only focus) and more recent. OpenCVE is likely more comprehensive but less real-time exploit-focused.
Another exploit aggregator; similar niche. This project's recency focus and lower star count suggest it may be a newer market entrant or serve a slightly different segment (e.g., recent vs. comprehensive).
Closest comparable project in size and scope. Both appear to index CVE PoCs from GitHub; differentiation unclear from README alone. May indicate this is a saturated niche with room for minor variants.