0xMarcio

0xMarcio/cve

Python MIT Security

Latest CVEs with their Proof of Concept exploits.

1.3k stars
165 forks
active
GitHub +8 / week

1.3k

Stars

165

Forks

0

Open issues

1

Contributors

AI Analysis

This repository curates and tracks the latest publicly disclosed CVE vulnerabilities along with their proof-of-concept exploits, serving as a centralized reference for security researchers, penetration testers, and incident responders. It is best used as a real-time vulnerability aggregator for understanding current threat landscapes and testing defensive measures in controlled environments. This tool is primarily for security professionals and organizations conducting vulnerability assessmen...

Security Security Tool Discovery value: 3/10
Documentation 5/10
Activity 10/10
Community 8/10
Code quality 5/10

Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.

Overall score 6/10

AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.

vulnerability-tracking security-research exploit-database cve-aggregation proof-of-concept
Actively maintained MIT licensed Niche/specialized use case Popular
Deep Analysis · Based on README and public signals
6d ago

Curated index of recent CVE exploits and PoCs from GitHub repositories

This project automatically indexes publicly disclosed Proof-of-Concept exploits for recently published CVEs by aggregating links to GitHub repositories. It serves as a rapid-discovery aggregator for security researchers, incident responders, and penetration testers who need to quickly locate working exploit code for newly announced vulnerabilities. The project functions as a metasearch layer rather than a novel exploit repository — its value lies in curation and freshness, not original tooling.

Origin

Created May 2024, the project emerged during an era of accelerated exploit publication on GitHub. It capitalizes on the pattern that legitimate exploit code is increasingly published openly by security researchers, commercial firms, and CTF participants within hours of CVE disclosure.

Growth

Modest but consistent growth (1,333 stars, 164 forks) with 12 stars in the last 7 days suggests stable, low-momentum adoption. The project was last pushed today (2026-07-04), indicating active maintenance. Growth appears driven by demand from the security community for a centralized index rather than continuous feature innovation.

In production

Adoption not verified through explicit case studies or organizational testimonials. However, the consistent star accumulation, existence of similar high-star competitors (trickest/cve with 7,912 stars, nomi-sec/PoC-in-GitHub with 7,876 stars), and the project's basic utility suggest it likely has organic use among security practitioners. The lower star count relative to competitors may reflect timing (created later) or differentiation rather than lack of adoption. No evidence of institutional or commercial deployment.

Code analysis
Architecture

Based on README, the project appears to be a Python-based table-generation tool that periodically scrapes GitHub for repositories matching CVE patterns and formats them as markdown tables sorted by recency and star count. Likely uses GitHub API to fetch repository metadata. The 2026 and 2025 sections suggest automated refresh cycles that capture recently updated repositories.

Tests

Not documented in README.

Maintenance

Last push 2026-07-04 10:22:28 (same day as analysis date) indicates active, recent maintenance. Repository is 14+ months old and remains actively maintained. No evidence of stalled development. The consistent presence of 2026 CVE entries in the README suggests the automation is functioning and being refreshed regularly.

Honest verdict

ADOPT IF: you need rapid discovery of recently published CVE exploits on GitHub and prefer a human-readable markdown format over structured data; you are a security researcher or incident responder who values freshness and simplicity over comprehensiveness. AVOID IF: you require guaranteed accuracy, historical depth, or structured machine-readable CVE metadata — existing competitors like nomi-sec/PoC-in-GitHub and trickest/cve are larger and likely more mature. MONITOR IF: you use it for threat hunting and need to verify it remains actively updated — its maintenance depends on continued automation and GitHub API availability; no explicit SLA or reliability promise is documented.

Independent dimensions

Mainstream potential

3/10

Technical importance

4/10

Adoption evidence

4/10

Risks
  • No explicit statement of update frequency or SLA — reliance on automation without documented refresh guarantees may create blind spots in critical environments.
  • No verification mechanism for exploit validity or safety — indexing does not imply tested, non-malicious, or functional code; users must audit each PoC independently.
  • Competitive market with substantially larger projects (7,800+ stars) offering similar functionality — may struggle to differentiate or sustain differentiation over time.
  • GitHub API rate limits and policy changes could impact data freshness or availability without advance notice.
  • No documented curation standards, inclusion/exclusion criteria, or quality gates — unclear what prevents spam or typosquatting repositories from being indexed.
Prediction

Likely to remain a viable but non-dominant niche tool serving researchers who prefer this format and curation approach. Unlikely to displace established competitors without clear differentiation (e.g., additional metadata, verification, cross-source aggregation). May consolidate or be absorbed by a broader security platform.

0 found this helpful

Newsletter

Get analyses like this every Monday

Free weekly digest of the most interesting open-source discoveries.

Languages

Python
97.6%
HTML
2.4%

Information

Language
Python
License
MIT
Last updated
12h ago
Created
26mo ago
Analyzed with
anthropic/claude-haiku-4-5

Stars over time

Loading…

Contributors over time

Top 100 contributors only — repos with more will plateau at 100.

Loading…

Open issues

No open issues — clean slate.

Open pull requests

No open pull requests.

Top contributors

Recent releases

No releases published yet.

Similar repos

trickest

trickest/cve

CVE PoC is an automated aggregation repository that collects and organizes...

7.9k HTML Security
bikini

bikini/exploitarium

Exploitarium is a curated archive of public exploit proof-of-concepts and...

3.8k Python Security
opencve

opencve/opencve

OpenCVE is a vulnerability intelligence platform that aggregates CVE data from...

2.8k Python Security
ycdxsb

ycdxsb/PocOrExp_in_Github

This project automatically aggregates proof-of-concept (POC) and exploit (EXP)...

1.2k Python Security
nomi-sec

nomi-sec/PoC-in-GitHub

PoC-in-GitHub is an automated collection tool that gathers proof-of-concept...

vs. alternatives
nomi-sec/PoC-in-GitHub (7,876 stars)

Substantially larger, likely covers broader CVE range and historical depth. This project appears to emphasize recency and is ~2 years newer; serves similar niche but with less established network effect.

trickest/cve (7,912 stars, HTML-based)

Larger competitor with different format. Trickest also indexes CVE exploits but may have additional features or better SEO visibility. This project's Python base and markdown tables represent a stylistic alternative.

opencve/opencve (2,767 stars)

Broader CVE database with structured data; this project is narrower (PoC-only focus) and more recent. OpenCVE is likely more comprehensive but less real-time exploit-focused.

bikini/exploitarium (3,629 stars)

Another exploit aggregator; similar niche. This project's recency focus and lower star count suggest it may be a newer market entrant or serve a slightly different segment (e.g., recent vs. comprehensive).

ycdxsb/PocOrExp_in_Github (1,175 stars)

Closest comparable project in size and scope. Both appear to index CVE PoCs from GitHub; differentiation unclear from README alone. May indicate this is a saturated niche with room for minor variants.